Putting Security Features to Work

Index Server leverages the security system built into Windows NT to check whether users have permission to view query results. NTFS supports Access Control Lists (ACLs) on directories and files. Index Server will check these ACLs before returning a query result file by file. The four steps in the following test drive show you how these features work. After you work through the exercises, see the Security Summary for further explanation.

Note   This test drive assumes that the sample corpus resides on an NTFS volume. It also assumes you have some experience with IIS and Windows NT security features. Also, you must have administrative permissions for the local computer. Because this test drive asks you to make security changes on the server, you should use a test server rather than a production server.

Step 1: Create User Accounts

In step 1, you will create two new users on the server. One user, Sally, will have rights to view a sample document. The other user, Joe, will not have rights to view the document.

To create user accounts
  1. From the Taskbar, click Start , point to Programs, point to Administrative Tools, and click User Manager for Domains.
  2. From the User menu, click New User.
  3. Create two user accounts with the following information.
    4. PropertyUser 1 User 2
    UsernameSallyJoe
    Full Name(blank)(blank)
    Description(blank)(blank)
    Passwordsallyjoe
    User Must Change Password(Not selected) (Not selected)
  4. Close the Windows NT User Manager for Domains.

You have now created two new user accounts.

Step 2: Set an ACL

In step 2, You will set up an ACL to prevent the user Joe from gaining access to the file Ixserver.doc in any way.

To put an ACL on a file

  1. Start the Windows NT Explorer, and open the directory holding the sample corpus (Corpus by default).
  2. Click Ixserver.doc.
  3. Open the property sheet for Ixserver.doc by right-clicking it and selecting Properties from the menu.
  4. Click the Security property sheet, and click the Permissions button.
  5. Click the Add button.
  6. In the Add Users and Groups dialog box, click the Add Names field.
  7. From the list of users, click Joe, and click Add.

    8. The Add Names box shows server_name\joe where server_name is replaced by the name of the server. For example, if the server is named Tripoli, you would see Tripoli\joe in this box.

  8. In the Type of Access drop-down list, click No Access.
  9. Then click OK.

    10. You’ll return to the File Permissions dialog box. There should now be an entry for server_name\Joe that reads No Access.

  10. Click OK.
  11. Click OK again to close the File Permissions dialog box.
  12. Click OK to close the property sheet.

Step 3: Set Password Authentication

In Step 3, you will reconfigure security on your system to prepare for step 4. No part of this step actually involves Index Server.

To control password authentication

  1. On the Taskbar, click Start , point to Programs, point to Microsoft Internet Server, and click Internet Service Manager.
  2. Double-click the WWW Service for the local computer.
  3. On the Service property sheet, in the Password Authentication control group, make sure that only Basic (Clear Text) is selected. Allow Anonymous and Windows NT Challenge/Response should not be selected.
  4. If prompted with a warning about Basic (Clear Text) authentication, click Yes.
  5. Click OK to close the property sheet, and exit from Internet Service Manager.

Reconfiguring system security to Basic (clear text) authentication makes it easier for you to work through step 4.

Step 4: Configure Security for Index Server

With the type of authentication you set up in step 3, you can now open two browsers in the security context of the two users (Sally and Joe), without having to log off and log back on. When you have finished this test drive, you should reset authentication to Windows NT Challenge/Response for your normal, day-to-day operations.

To configure security

  1. Open a Web browser and point it to http://server_name/iissamples/issamples/Query.htm.

    2. Where server_name is the name of the computer running Index Server.

    The server will require you to log on to this page with a username and password.

  2. In the authentication dialog box, type the following information, and click OK.

    3. FieldEntryComment
    Username:server_name\Sallyfor example Tripoli\Sally
    Password:sallycase sensitive

    You should see the Simple Content Query Web page.

  3. In the content restriction field type "publish and consume" (including the quotation marks), and click Execute Query.

    4. The document Ixserver.doc should appear on the results page.

    Note   The quotation marks around the query tell Index Server to search for the phrase publish and consume, rather than for two separate words publish and consume.

  4. Close this browser.
  5. Open a new browser and point it to the same query page.

    6. You will need to be authenticated again.

  6. This time, type the following information, and click OK.

    7. FieldEntryComment
    Username:server_name\Joefor example, Tripoli\Joe
    Password:joecase sensitive

    A browser is opened in Joe’s security context.

  7. Enter the same query ("publish and consume", including the quotation marks), and click Execute Query.

    8. This time the query does not return Ixserver.doc because Joe does not have any access privileges to that file.

Security Summary

Note that the standard security system is used, so Windows NT Server and IIS must be configured properly for secure access. Also, the documents themselves must be protected correctly with ACLs.

Index Server checks ACLs before returning query results to the browser. A user must have Read privilege on a document for Index Server to return a hit. The query is first executed in the system security context so all hits are returned. Then documents the user cannot see are removed from the result set, and the remaining documents are returned to the user.

In this test drive, only one document matched the query and it was removed. Index Server has been optimized to check tens of thousands of files with little or no effect on performance. In fact, Index Server by default always checks security; therefore, all the queries done so far have been performed with ACL checking activated.

If a user is not allowed to read a document, Index Server gives that user no reference to the document—he or she does not even know the document exists. Many other systems will return a reference to the document and then prohibit actual access to the document. Removing prohibited documents from the result set is important because Index Server can generate document abstracts derived from the content of a document. To return a reference and abstract for a secure document would violate security because some of the contents would be displayed. Even if abstracts are not generated, returning hits to a prohibited document allows an intruder to find documents with sensitive words and phrases, and determine the location of these documents. This information could easily breach security.

Note   For the rest of the test drive, reset the authentication mechanism on the server to Allow Anonymous in the Internet Service Manager. This setting lets you search without having to be authenticated every time.

© 1997 by Microsoft Corporation. All rights reserved.