The new SharePoint products introduce the concept of multi-tiered administration, thus allowing for isolation of processes and separation of duties. This separation of duties enables the better use of expertise within your organization and can prevent accidental mishaps.
In a dramatic improvement over SharePoint Server 2003 and Windows SharePoint Services 2.0, SharePoint Server 2007 and Windows SharePoint Services 3.0 now have simple-to-navigate administration tools. All farm-specific tasks are located in Central Administration, and SSP administrative tasks are broken out from portal administration and are a standalone entity. The product team has also drastically improved the site administration interface, making it easier for you to perform tasks quickly.
Central Administration Central Administration is a site collection with a "special" site collection template applied. Its easy-to-navigate interface readily presents all administrative tasks at a glance. There are three main areas on installation: Home, Operations, and Application Management. Figure 1-7 shows an example of the Central Administration Operations screen. Home provides a shared space for the administrator to track tasks, Operations is where all farm-related tasks reside, and Application Management is the interface to manage Web applications, site collections, and Shared Services, among others. Central Administration can be restricted to a group of users who may not have access to any site collections or Shared Services Administration.
Shared Services Provider administration (SharePoint Server 2007 Only) The high-value, CPU-intensive applications of Shared Services Providers (SSP) allow the sharing and reuse of these applications throughout the server farm or shared with another server farm through Inter Farm Shared Services. In many organizations dedicated SSP administrators have limited access to all other areas of the farm. This feature allows you to target skill sets, such as search and indexing, to a specific audience without granting unneeded access and preserving "need-to-know" access to content. Figure 1-8 shows the Shared Services Administration interface.
Site collection administration In Windows SharePoint Services and SharePoint Server 2007 administrators do not have automatic access to site collections. To access a site that you are not a member of, you must take ownership and escalate your privileges from Central Administration. Although this requirement does not stop administrators from visiting unauthorized sites, it is a huge improvement to security because the action is logged and can be audited. Site collection administration represents the third tier in the administration of SharePoint technologies, which further enhances the ability to define and delegate tasks for administrators. Site collection administrators are often the data owners and can more reliably and quickly grant access for content requests. Properly training your site administrators and enabling them to manage their workspace will save you much time and energy.
Figure 1-7: Central Administration provides a single location to perform both Windows SharePoint Services and SharePoint Server tasks.
Figure 1-8: Shared Services is a separate and isolated administration interface.
In addition to the user interface administration tools, there is also a very powerful command-line tool, Stsadm.exe. Although many products have tens or hundreds of individual command-line tools, Microsoft has provided you a single tool with over 100 options. It resides in the 12 Hive\Bin directory and is referred to often in this book. Stsadm.exe is located at C:\Program Files\Common Files\Microsoft Shared\ web server extensions\12\Bin\.
As a SharePoint administrator you should begin early on to learn the basics of this tool. Stsadm.exe is used for many advanced administrative tasks, such as site collection backups, migrations, and catastrophic disaster recovery. Many actions cannot be done in the UI and must be done at the command prompt, such as a configuration database restoration. Because you will be using this tool quite often, it is convenient to insert the C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\Bin directory into your system path. Doing so prevents the need to change to this directory every time you need the tool. Some examples of using the Stsadm.exe tool follow.
stsadm.exe -o backup -url http://portal.contoso.msft/sites/teamsite1 -filename c:\filename.bak stsadm.exe -o renameweb -url http://portal.contoso.msft/sites/web1 -newname web2
An appendix in the back of the book provides a complete cross-reference for Stsadm.exe command-line options. As a starting point, you can get help by executing stsadm.exe -help <operation>. You can also see the property of almost any SharePoint Products and Technologies configuration setting by using
stsadm.exe -o getproperty <property name> [-url <url>]
The getproperty options are:
SharePoint cluster properties: avallowdownload avcleaningenabled avdownloadscanenabled avnumberofthreads avtimeout avuploadscanenabled command-line-upgrade-running database-command-timeout database-connection-timeout data-retrieval-services-enabled data-retrieval-services-oledb-providers data-retrieval-services-response-size data-retrieval-services-timeout data-retrieval-services-update data-source-controls-enabled dead-site-auto-delete dead-site-notify-after dead-site-num-notifications defaultcontentdb-password defaultcontentdb-server defaultcontentdb-user delete-web-send-email irmaddinsenabled irmrmscertserver irmrmsenabled irmrmsusead job-ceip-datacollection job-config-refresh job-database-statistics job-dead-site-delete job-usage-analysis job-watson-trigger large-file-chunk-size token-timeout workflow-cpu-throttle workflow-eventdelivery-batchsize workflow-eventdelivery-throttle workflow-eventdelivery-timeout workflow-timerjob-cpu-throttle workitem-eventdelivery-batchsize workitem-eventdelivery-throttle SharePoint virtual server properties: alerts-enabled alerts-limited alerts-maximum change-log-expiration-enabled change-log-retention-period data-retrieval-services-enabled data-retrieval-services-inherit data-retrieval-services-oledb-providers data-retrieval-services-response-size data-retrieval-services-timeout data-retrieval-services-update data-source-controls-enabled days-to-show-new-icon dead-site-auto-delete dead-site-notify-after dead-site-num-notifications defaultquotatemplate defaulttimezone delete-web-send-email job-change-log-expiration job-dead-site-delete job-diskquota-warning job-immediate-alerts job-recycle-bin-cleanup job-usage-analysis job-workflow job-workflow-autoclean job-workflow-failover max-file-post-size peoplepicker-activedirectorysearchtimeout peoplepicker-distributionlistsearchdomains peoplepicker-nowindowsaccountsfornonwindowsauthenticationmode peoplepicker-onlysearchwithinsitecollection peoplepicker-searchadcustomquery peoplepicker-searchadforests presenceenabled recycle-bin-cleanup-enabled recycle-bin-enabled recycle-bin-retention-period second-stage-recycle-bin-quota send-ad-email