You will encounter some strange security problems such as not being able to get to your sites without using the page name. Okay, let me slow down here, we've been testing our software on so many different SharePoint configurations these last few weeks, I've seen just about every stupid thing that can possible happen. The problem I encountered was when installing IIS on Windows 2003, the FrontPage option is selected. This sets up FrontPage Extensions on the Default Web Site, and maps some of the sub directories (vti_bin in my case) to application pools created by FrontPage Extensions. When you extend your Web Application to the Default Web Site, this virtual directory will not be changed.
Is it okay to just access the pages? In my opinion, the answer is no. This puts these directories into a potentially insecure of application pool and one subject to even possible deletion later on as administrators will eventually realize they are not necessary. Also, since application pools should be pre determined accounts with limited rights, you should put the entire SharePoint site under one application pool.
Here are some things you can do to prevent this from happening:
- The obvious one is not to install FrontPage Extensions.
- Delete the Default Web Site before extending it.
- Don't use the Default Web Site as a SharePoint site, but create a new one on a new port.
I hope this ends up helping someone at some point, and my apologies for the lack of detail, I'm writing this in a major hurry while it's on my mind.
Regards,
Chris
No comments:
Post a Comment