microsoft.com Home | |||
http://www.microsoft.com/office/ork |
You can use HTML Administration Forms to install and administer Microsoft FrontPage Server Extensions remotely with a Web browser. When you install FrontPage Server Extensions during Microsoft Office Server Extensions (OSE) Setup, the forms are copied to your Web server. When you install the forms on your Web server, your home page for the HTML Administration Forms is Fpadmin.htm.
The HTML Administration Forms are not active when they are first installed because remote administration of FrontPage Server Extensions is a potential security risk. Before you activate the forms, you can evaluate the security implications of remote administration, and then you can decide whether you want to use the HTML Administration Forms to administer FrontPage Server Extensions remotely.
Fpremadm is the utility that actually lets you administer FrontPage Server Extensions remotely. The Fpremadm utility interface is based on the administration utility Fpsrvadm.exe and performs all of the same commands. Fpremadm requires Microsoft Internet Explorer installed on the client computer.
Fpremadm uses Fpadmdll.dll, which is the same server-side ISAPI program as the HTML Administration Forms. Because of this, before you can use Fpremadm, you must install and activate the HTML Administration Forms on the server you want to administer.
Fpremadm uses the same command-line syntax as the Fpsrvadm utility. For example:
fpremadm.exe -adminusername UserAccount -adminpassword
-targetserver https://sample.microsoft.com:1439/fpadmin/scripts/fpadmdll.dll
-o upgrade -p 8234 -m sample.microsoft.com
Note the use of a secured connection and a nonstandard port.
Fpremadm also includes the following arguments that set up the connection to the remote server.
Argument | Description |
---|---|
-targetserver | URL of the server-side administration program, Fpadmdll.dll. |
-adminusername | User name to authenticate access to the administration program. Used to log on and access Fpadmdll.dll. (Not the same as the username argument.) |
-adminpassword | Password to authenticate access to the administration application. Used to log on and access Fpadmdll.dll. |
Note If you are using Windows NT Challenge/Response authentication, you can omit the adminusername and adminpassword arguments.
The HTML Administration Forms and Fpremadm use a similar architecture to perform remote FrontPage Server Extensions administration. Both communicate with Fpadmdll.dll on the server computer, and both in turn run the FrontPage Server Extensions administration utility Fpsrvadm.exe.
Client and server communicate through HTTP by using WinInet. Fpremadm passes its command line to Fpadmdll.dll. Fpadmdll.dll, in turn, passes the incoming command and arguments to the Fpsrvadm utility, which carries out the command.
You can use the HTML Administration Forms from a Web browser on any computer. On the Web server computer, Fpadmdll.dll acts as the form handler for FrontPage Server Extensions HTML Administration Forms. The form handler, Fpadmdll.dll, passes a command and arguments to the Fpsrvadm utility.
Administering remotely makes your Web server less secure than local administration because an unauthorized user can potentially access your Web server from the Internet and modify settings or delete webs. To prevent unauthorized access, use the following precautions:
When you require a secure connection, network eavesdroppers cannot read a user name and password.
When you require a nonstandard HTTP port, it is difficult for network eavesdroppers to identify the URL of the HTML Administration Forms, and the remote administration programs.
When you allow only specific IP addresses access, you prevent unauthorized computers from accessing your HTML Administration Forms or Fpadmdll.dll. Typically, only IP addresses that are associated with the owner of a FrontPage-extended web should have access.
When you use either the Fpremadm utility or the HTML Administration Forms to administer your Web server remotely over your network or the Internet, you need to activate the HTML Administration Forms because they make remote administration services available.
Also, you should run the HTML Administration Forms over a secure port, which requires that you install a security certificate on your server. Use the Key Manager application included with Microsoft Internet Information Server (IIS) to make a security certificate request, submit the request to a key authority, and then use the Key Manager application to install the certificate that the key authority returns.
After you install a security certificate, you should enable the HTML Administration Forms either as a separate Web site or as a virtual directory on an existing Web site. Using a separate Web site with a separate IP address makes the forms harder to discover and allows you to enable additional security settings, such as distinct nonstandard port numbers. However, using a separate Web site with its own IP address can be a disadvantage because the number of IP addresses available for you to use might be limited.
When the HTML Administration Forms are located on an NTFS-formatted drive, you can set permissions on the access control list (ACL) of the folder where the forms are located — to control access to the folders. Before you activate the HTML Administration Forms for remote use, determine which individual Microsoft Windows NT accounts that you want to access the HTML Administration Forms. Each individual account that you want to access the forms must be a member of the Administrators group for that computer. You can give access to individual accounts, or you can use the Windows NT User Manager to create a new group account. A group account for administrators allows you to add and remove users from the Administrators group instead of changing the ACL of the HTML Administration Forms folder.
To set or modify the access control list of the HTML Administration Forms folder
The default location is C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\Version 4.0\Admin.
Remove all users and groups that are not authorized. In particular, remove any groups, the IUSR_computer_name anonymous account, and any wide-access accounts such as EVERYONE.
This account is required to give IIS access to the file during the security validation process.
You can create a Web site that is used to access only the HTML Administration Forms.
To create a Web site for the HTML Administration Forms
When you create a Web site for the HTML Administration Forms, you can require SSL on connections to that Web site so that user name and password information are encrypted.
To require SSL on connections to the HTML Administration Forms Web site
After you set the ACL, create a Web site for the HTML Administration Forms and require SSL. You can use the HTML Administration Forms for remote administration through a URL such as:
https://computer_name:port_number/fpadmin.htm
where computer_name is mapped to the DNS entry for the IP address assigned to the HTML Administration Forms Web site and where port_number corresponds to the port number of the HTML Administration Forms Web site.
You can create a virtual directory to enable access to the HTML Administration Forms on an existing Web site — instead of creating a Web site dedicated to the forms.
To create a virtual directory on an existing Web site for the HTML Administration Forms
To configure authentication on the HTML Administration Forms virtual directory
To activate the forms for remote administration, use a URL such as https://computername/fpadmin/fpadmin.htm.
Fpremadm.exe uses parameters and commands that are almost identical to Fpsrvadm.exe. For a full description of all the commands available through Fpsrvadm.exe, see How to Use Fpsrvadm.exe.
There are four utilities you can use to perform administrative tasks on a FrontPage-extended web: the FrontPage MMC Snap-in, FrontPage HTML Administration Forms, Fpsrvadm, and Fpsrvrem. For information about which tool you can use to perform a specific task, see Using FrontPage Server Extensions Tools.
Topic Contents | Previous | Next | Top Friday, March 5, 1999 © 1999 Microsoft Corporation. All rights reserved. Terms of use. | ||
License
|