SharePoint 2003 products enable administrators to perform many more administrative tasks directly from the portal interface. There is also greater integration with other software components such as Active Directory, facilitating tasks such as managing user access. In SharePoint 2003, end users can be selectively provided with the ability to easily perform certain tasks that formerly only administrators could do. This section highlights some of the major new features of interest to administrators. Improvements in User and Group ManagementImprovements in the area of user and group management provide for more efficient management of these entities. A tight integration with Active Directory provides dynamic and flexible user management. Users can be added to the site using one of two modes: Domain Account or Active Directory Account Creation. The mode is determined when SharePoint Services is installed. When configured in Domain Account mode, SharePoint can access the domain Active Directory to obtain user profile information. This mode can save many hours of data entry and provide consistency between SharePoint and the domain. The alternative to obtaining user information from the domain Active Directory is to have SharePoint Portal create new user accounts when users are added to SharePoint. This mode of adding users is called Active Directory Account Creation and is used when outside users will be accessing the site, or when Internet service providers are hosting the site. After the information has been copied to SharePoint, the SharePoint profiles can be modified by portal administrators through the browser interface. Properties can also be added to the user profile, and portal users are now an entity that can be searched. As in SharePoint Portal 2001, site groups are used to grant and control access to SharePoint sites, and the data contained within them. A SharePoint site group can contain a Windows security group, which is a great way to minimize the management needed to control access to sites. When a new user is hired, she is added to a certain group in Active Directory, perhaps Research, and she then automatically gains access to SharePoint sites that allow this group access.The Administration pages can be used to create cross-site groups for use across all sites in a site collection. When users are members of a cross-site group, their rights are consistent across all sites in the collection, and the administrator only has to set them up once, at the group level, as opposed to setting up rights for each individual for each site. Improvements in Site ManagementWith SharePoint Portal Server 2003, site administrators can grant permission to users for creating their own sites, without having to give the users full administrative rights for the SharePoint site or site collection. SharePoint Portal Server 2003 has a new Sites Directory page for managing sites. Through the Sites Directory, links to sites can be added and managed. Users with the appropriate permissions can create SharePoint sites from the Sites Directory, indicate whether they want the new site listed in the directory, and decide whether the new site should be indexed. The Sites Directory can be viewed based on metadata, and Web Parts are available for viewing Sites I Added, Best Bets, and Newest Sites. Another improvement in site management is the ability of administrators to set a quota for the size of a site, thereby protecting the server from "runaway" sites that use up all the server storage. If the site exceeds the size specified, an automatic notification is sent to the site owner. Enhancements in SharePoint 2003 SecuritySharePoint 2003 provides a higher level of security than was possible with SharePoint Portal 2001. To begin with, SharePoint Portal Server 2001 required IIS 5.0 and Windows 2000 Server, both of which are less secure than the current Windows Server 2003 and IIS 6.0 products, which are required by Windows SharePoint Services and SharePoint Portal Server 2003. Many documents are available that provide extensive details of the security improvements available in Windows Server 2003 and IIS 6.0, but a quick summary of some key enhancements follows. Windows Server 2003 security enhancements include
In addition, Windows Server 2003 SP1 provides additional tools for securing the Windows Server 2003 server environment. IIS 6.0 security enhancements include
Security features added to SharePoint 2003 include the following:
New Installation and Administration FeaturesThere are many more new features of interest to administrators. These include features missing from the first version of SharePoint that were on wish lists, features that make it easier to migrate from SharePoint Portal 2001 to SharePoint 2003, and features to meet the expanding use of portal environments, including the following:
Introduction of Single Sign-On CapabilitiesSharePoint Portal Server supports Microsoft Single Sign-On Service (SSOSrv) for storing and mapping user credentials. This prevents users from having to sign on again to retrieve information when portal-based applications request data from business applications. An enterprise application definition is used for passing credentials securely through the portal to access applications. Two types of application definitions can be used:
Regardless of the method used, single sign-on can be a great benefit for users who will be accessing a number of applications through the portal. Additional New Administrative and Management FeaturesA number of other features have been added to facilitate administration and the processes involved in managing sites. One area of advancement is in backing up data. Administrators can use the following methods to back up SharePoint data:
Additional improvements include
|