Security Settings

By default, SharePoint Portal Server uses NTLM authentication (on the Default Web Site in IIS). To use SharePoint Portal Server on the extranet, you must modify the security settings on the new Web site to Basic authentication or Anonymous access.

Do not specify both Basic authentication and Anonymous access on the same Web site. If you want Basic authentication and Anonymous access, create two Web sites.

If you want to use Basic authentication and Anonymous access, configure the security settings as follows:

• For the Default Web Site in IIS, leave the default of NTLM authentication.
• Create a new Web Site in IIS and specify Basic authentication access.
• Create a second new Web Site in IIS and specify Anonymous access.

SharePoint Portal Server does not support both NTLM and Anonymous authentication on the same Web site. If you modify the security setting to Anonymous access, users cannot create subscriptions from the dashboard site.

Do not run the Windows 2000 Internet Server Security Tool after installing SharePoint Portal Server. Running this tool may disable the dashboard site.

To modify the security settings on the new Web site:

1. On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
2. Expand the node for the SharePoint Portal Server computer.
3. Right-click YourVirtualWeb, where YourVirtualWeb is the name of the new Web site you created, and then click Properties.
4. Click the Directory Security tab.
5. In Anonymous access and authentication control, click Edit.
6. In Authentication Methods, select the authentication method you want for the new Web site:
   • To enable Anonymous access, select the Anonymous access check box. Clear all other check boxes. Do not specify both Anonymous access and Basic authentication on the same Web site.
   • To enable Basic authentication, select the Basic authentication (password is sent in clear text) check box, and then click Yes when prompted. Clear all other check boxes. Do not specify both Basic authentication and Anonymous access on the same Web site.

   All information, including passwords, sent over the Internet is in a readable format. To secure your transmissions, use SSL. For more information about SSL, see the section Secure Sockets Layer later in this chapter.

7. Click OK.
8. To close the Properties page, click OK.

If you use Anonymous access, you must also assign the Internet Guest Access account to the reader role on each workspace for which you want Anonymous access. If you are configuring Basic authentication only, you do not need to assign the Internet Guest Access account to the reader role.

To assign the Internet Guest Access account to the reader role:

1. On the Start menu, point to Programs, point to Administrative Tools, and then click SharePoint Portal Server Administration.
2. In the console tree, click to expand the server, and then select the workspace.
3. On the Action menu, click Properties. You can also right-click the workspace name, and then click Properties on the shortcut menu.
4. Click the Security tab.
5. Click Add.
6. From Select Users or Groups, select the name of your server from Look in.
7. From the list of names, select the name IUSR_server_name, where server_name is the NetBIOS name of your server.
8. Click Add, and then click OK.
9. Click Apply. SharePoint Portal Server adds the account to the Reader role.

If you close the Properties page, open it, and then click the Security tab, SharePoint Portal Server lists the account you just entered as Internet Guest Account.

SharePoint Portal Server licensing requires that all devices accessing the server have a valid license. Nothing in this chapter waives or modifies any rights or requirements under the end user license agreement or other applicable license agreement for SharePoint Portal Server.