Architecture of Office Server Extensions

Using Office Server Extensions on Windows NT or Windows 2000

Microsoft Office Server Extensions (OSE) requires either Microsoft Windows NT Server running Internet Information Server (IIS) or Windows NT Workstation running Personal Web Server.

Using IIS on Windows NT Server or Windows 2000 Server

With Windows NT Server, OSE uses the following IIS elements:

• HTTP Web service
• Logon authentication
• IIS Metabase
• Web site space configuration (through the IIS Metabase)
• Virtual directory space configuration (through the IIS Metabase)
• Administration tools (Microsoft Management Console [MMC] or Web-based)
• Simple Mail Transfer Protocol (SMTP) mail service (optional)

HTTP Web service

HTTP is a simple and fast way to send data to and retrieve data from a Web server. The HTTP Web service is the primary component of IIS, and it runs as a Windows NT service. The service gives users access to a server through HTTP, which is the protocol that Web browsers and Office 2000 use so that users can view and publish documents.

To use the HTTP Web service, you must enable the TCP/IP network protocol on the Windows NT Server computer and all client computers. To connect to a server, the client application specifies a server and a port. The server is typically specified in a Uniform Resource Locator (URL), which contains the textual name of the server. The Internet Protocol (IP) address identifies the server location on the network. A Domain Name System (DNS) server maps the textual name to the IP address.

Note   With IIS and HTTP, users can connect simultaneously to multiple, uniquely numbered ports. However, to use OSE features, your Web sites must be configured to use port 80 only.

Logon authentication

When a client connects to your server to use a service such as HTTP, the server must authenticate the client. You use IIS to configure authentication on your server. Except when using anonymous authentication, each user must have a Windows NT account to log on to a server and to use IIS services.

To authenticate users, you must configure at least one Windows NT Server computer as the Primary Domain Controller (PDC) on your network. The PDC computer maintains the Security Accounts Management (SAM) database that contains the user Windows NT accounts, passwords, and permissions for network resources. User Manager for Domains is an application that runs on the Windows NT computer, and manages the SAM database.

During installation, IIS automatically creates an anonymous account. An anonymous account is a local computer account with the name IUSR_computer_name, where computer_name is the name of the computer running Windows NT Server. Anonymous users do not need an account to use IIS services.

The anonymous account is one Windows NT account that represents all users who log on to your server anonymously. The permissions you give to the anonymous account are given to anonymous users.

Important   Anonymous authentication allows users to log on without a Windows NT account. However, this openness makes your server accessible to anyone on the network. If security is a priority, turn off anonymous authentication.

Web sites

In IIS, a Web site describes a self-contained area on the server that can be accessed by using either a unique IP address or server name, and port combination. You can configure the following properties for a Web site:

• IP address and port combination
• Operators (users who are allowed to configure Web site settings)
• Home directory
• Access permissions
• Authentication methods
• Number of allowable connections
• Logging format

During installation, IIS creates the Default Web Site. Users can access this Web site through port 80 by using the local IP addresses that you configure your server with. The Default Web Site home directory defaults to the path inetpub\wwwroot on the drive where you install IIS.

When you first establish an intranet for your organization or add a Web server to your department, it is easiest to keep the default configuration of a single Web site. As your needs expand and more users connect to your Web server, you can separate content and add more Web sites to the server for more flexible security and administration.

Virtual directories

Virtual directories allow you to hide the directory structure on your Web server and to reconfigure the structure while maintaining the same access addresses for users.

IIS implements virtual directories as a layer of indirection between the addresses users use and the physical directory structure of a Web site. Each virtual directory has an alias and a physical mapping. Users type in the alias when they connect to the server. The physical mapping identifies where IIS retrieves content when clients request the alias. The physical mapping is a local directory path, a network directory path, or a URL to which the client is redirected.

Each virtual directory belongs to a single Web site. The access permissions, authentication methods, and other settings from the Web site become the default settings for the virtual directory. However, you can configure permissions, authentication, and the other settings to override the default settings.

Each time you create a new Web site, you must run the OSE Configuration Wizard to add Microsoft FrontPage Server Extensions and an OSE-specific virtual directory to the new Web site. The wizard creates a virtual directory named MSOffice. The directory contains the Active Server Pages (ASP) pages and supporting files for Web Discussions, Web Subscriptions, OSE Directory Browsing and the OSE Start Page. The physical path for MSOffice is office_install_root\ScriptsN\LCID, where ScriptsN is the Web site instance number and LCID is the OSE language code. For example, the U.S. English OSE installation on the default Web site has N = 1 and LCID = 1033.

By default, the wizard turns on Basic authentication on the MSOffice virtual directory to allow the widest possible access to the OSE features. The wizard also creates two subfolders under MSOffice called Help and MSOAdmin. The Help folder contains the OSE Web-based Help pages and is accessible to all OSE users. The MSOAdmin folder contains the ASP pages, and supporting files for administering Web Discussions and Web Subscriptions. The MSOAdmin folder is accessible only to the Windows NT Administrators for the local computer, the Admins group the wizard optionally creates, and the System account. The Windows NT Administrators, the Admins group, and the System account likewise have Full Control access to MSOffice and its subfolders. Other users (collaborators and authors) have Read/Execute access to MSOffice and Help.

Metabase

The metabase is a database that stores metadata in a compressed format. IIS stores and maintains the Web site and virtual directory properties in the metabase. Metadata is data that describes other data. The metabase is similar to the Windows registry, but only IIS services use the metabase.

Note   Although the metabase can be modified programmatically, the primary means of browsing through and modifying the metabase is through performing IIS administration.

IIS administration

By using Internet Service Manager (ISM) and HTML-based forms, you can administer Web sites, virtual directories, and other IIS elements.

ISM is a snap-in extension to Microsoft Management Console.

To launch ISM after you install IIS

1. Point to Programs on the Start menu.
2. Point to Windows NT 4.0 Option Pack.
3. Point to Microsoft Internet Information Server.
4. Click Internet Service Manager.

You access HTML-based forms through a Web browser.

To load the home page of the HTML-based forms

In the Address bar of your Web browser, type http://computer_name/iisadmin (where computer_name is the name of the IIS server).

Tip   You can use the IIS administration HTML forms on your server to administer a remote IIS server.

IIS SMTP mail service

The Web Subscriptions feature of OSE sends e-mail notifications to users who subscribe to documents or folders on the OSE-extended web. You specify the mail server for the OSE-extended web, and the SMTP mail server sends the e-mail notification.

If the SMTP service was not installed on your server when you installed IIS, rerun Windows NT Option Pack Setup to install the SMTP service. To configure the SMTP service, use either the Internet Service Manager application or the SMTP service’s HTML-based administration forms.

Top

Using Personal Web Server on Windows NT Workstation or Windows 2000 Professional

If your server runs Windows NT Workstation, you must run Personal Web Server (PWS) as your Web server software.

PWS is included with the Windows NT 4.0 Option Pack and is a scaled down version of IIS. Although PWS offers the same features as IIS, PWS supports only one Web site. PWS includes Personal Web Manager to simplify administration tasks, but you can also install and use Internet Service Manager with PWS.

OSE features and administration work identically with IIS and PWS.

Top

Implementing advanced security with the NTFS file system

NTFS is a file system that you can use to format Windows NT Server and Windows NT Workstation hard disks. Windows 95 supports only the file allocation table (FAT) file system, and Windows 98 supports the FAT and FAT32 file systems.

NTFS offers several advantages over FAT and FAT32, including:

• Fault tolerance
• More efficient use of available disk space
• Advanced security capabilities, including access control and auditing

The advanced security features of NTFS allow you to set permissions on a per-file and per-folder basis. This access control is extremely useful in a Web server environment. OSE uses the file and folder permission feature to control access, browsing, and authoring on your Web site.

With the Windows 95 and Windows 98 FAT and FAT32 file systems, you cannot set permissions on individual files or folders. If you give a user access to a shared drive, that user can modify, rename, or delete any file or folder in the FAT or FAT32 volume. As a deterrent to users who might modify a file, you can set the file to read-only, but any user can change that setting.

You can use OSE without the NTFS file system, but the advanced security features are not available to you.