From the KnowledgeBase

Title:
Web publishing: How to publish departmental web pages on web.princeton.edu

Synopsis:
This document describes the use of the OIT Windows web server, web.princeton.edu.

Solution:
The following kinds of pages can be stored on the OIT Windows web server:

  • office, departmental, or research group pages
  • official University organization/committee pages

The initial quota for a web site folder on the OIT Windows web server is 250MB. To purchase additional quota, please use the quota increase request form -- click on the Purchase Additional OIT Web Server Quota link.

If you need to restrict access to any of your office or departmental pages, the OIT Windows web server allows netID controlled access.

To store pages on the OIT Windows web server, you need to

  • have a Princeton netID for your office or group
  • have your own netID with Princeton Windows domain access
  • ask Web Services to create a folder on the OIT Windows web server (web.princeton.edu/sites)
  • set permissions on your folder
  • create web page files with a web page editor or in HTML (if you want to create pages in the PU web page format, contact Web Services)
  • place your files in your folder on the Windows web server; note the special instructions for using a Mac to publish on the OIT Windows server

The URL for your web site will be http://web.princeton.edu/sites/yourfoldername .

Follow these steps to have your web pages stored on the OIT Windows web server:

Registering

To store files on web.princeton.edu, the shared OIT Windows web server, an office folder must first be created.

  1. Open a departmental account. Request Princeton Windows domain access for this account.
  2. Submit the OIT Windows web server request form with the following information:
    • the netID of the person requesting the folder
    • the name of the person requesting the folder
    • the name of the department
    • the folder name requested
    • the departmental netID
    • the netID of the site administrator (the person responsible for the site)
  3. Web Services will notify the site administrator when the office folder has been established.

Publishing to the OIT Windows web server from a Macintosh

You can publish web pages created on a Macintosh to the OIT Windows web server. Please see Solution 9534 for details.

Accessing your folder on the OIT Windows web server

To reach your folder on the OIT Windows web server, click Start/Run and enter \\web\sites. Scroll to your folder. Double click to open, or right click to set permissions.

Logging in to view a restricted page

If you restrict access to any of your web pages on the Windows web server, those who are authorized to view the pages will need to log in.

All netIDs that need access to a 'private' folder must have NT enabled. If they do not, they should contact the OIT Help Desk (e-mail helpdesk@princeton.edu, call 8-HELP).

When the login window is displayed, some browsers ask for Domain in addition to Username and Password. The Domain is princeton.

Those logging in from XP systems may need to enter princeton\netID in the Username field.

The pages will be accessible only with a 128-bit SSL-enabled browser. Current versions of browsers are 128-bit SSL-enabled, but older versions may need to upgrade to a 128-bit edition.

If you need to set up a 'private' web site that must be accessed by people outside Princeton (for a research project, for example), you can establish NT-only netIDs for such people. Those who have such netIDs would be able to log in to view pages on the secure web site but would not have any other privileges on Princeton systems.

Storing web documents on the server

First, map a network drive to the web\sites directory.

  1. In Windows Explorer, under the Tools menu, click Map Network Drive... .
  2. In the Folder: command line, type the path to web\sites using backslashes:

    Check the Reconnect at logon box.

A drive letter, such as L:, is now assigned to the web\sites directory. It will appear in the directory list under Windows Explorer.

To save files on the mapped drive

If you use FrontPage 2000/02 to create a FrontPage web, the web site can be previewed on the local computer and then published to the office site folder. Use FrontPage's 'Publish Web' feature. Other web editing programs may have similar features.

If you use FrontPage or other web page editing programs to create web documents, your individual HTML files, image files, and other associated files can be saved directly to the office folder on the mapped drive with the File/Save As command.

For example, to save a file called safety.htm to the Mydept/Safety folder, navigate on the L: drive to the Safety folder:

Setting permissions for web access

The instructions below are for the Windows 2000 operating system, the University standard for office applications.

There are 4 types of access that can be assigned to the entire web site, to groups of documents, or to individual documents:

  • Type 1: Unrestricted access to the public
  • Type 2: Restricted access to a specified group of Princeton users or individuals
  • Type 3: Restricted access to all Princeton users, no authentication required
  • Type 4: Restricted access to all Princeton users, authentication required

Each of these cases will be discussed separately.

Type 1. Unrestricted public access

This is the default setting for all documents stored on the web server. No modification is needed to the folder or file permissions. The URL for the web site will look like: 

     http://web.princeton.edu/sites/departmentname

For example, if your department folder name Safety, the URL is: 

     http://web.princeton.edu/sites/Safety

Type 2. Restricted access to a specified group of Princeton users or individuals

As mentioned above, the default permissions on folders and documents on the server allow documents to be viewed by anyone in the world using a web browser such as Netscape. To restrict access to the entire site or to individual documents, set permissions on folders or files using NT security properties. If the entire site is to be restricted, change the security on the office site folder. If some documents are to be public and others private, a good idea is to create a private subfolder within the office site folder (the name private is arbitrary). For the Safety site, the folders would look like: 

      Safety - includes index.htm and other public documents
 
         private - contains documents restricted to individuals or groups

Setting Permissions

To set folder permissions on the private subfolder within the office folder Safety (and on every file within it):

  1. View the Private folder in Windows Explorer
  2. Right click on the folder
  3. Click Properties (the last item in the choice box)
  4. Click the Security tab.
  5. Groups and Users
    A list of groups along with the type of permission granted to each is displayed.
    1. Remove the groups FacStaff and Web Public from the list - highlight the names and click the Remove button.
    2. Leave the groups Web Services and Administrators as long as the staff may require help in setting permissions on the folders and files. After that, they can be removed.
  6. Web Services added one or more netIDs when creating the departmental site folder. Add additional netIDs of individuals who need to be able to view the documents in the private folder. To find a person's netID, check the Princeton Online Directory.
    1. Click the Add button in the Properties box shown above. This displays the Select Users, Computers, or Groups box shown below (this will take several seconds)
    2. In the Look in box, select Princeton if it is not already selected.

    To restrict access to an existing group, search for the group, highlight the group name, and click Add.

    To restrict access to one or more netIDs, search for each netID in the Name box. Once found, click Add. Each netID will appear in the lower box, preceded by the domain affiliation (PRINCETON\).

    1. After adding all groups and netIDs, click OK. The Properties box is now shown.

    For users to be able to add and update documents in the folder, give them Modify or Full Control.

In order to propagate these permission settings to all files stored within the private folder, click the Advanced button. In the dialog box below, check the box labeled Reset permissions on all child objects and enable propagation of inheritable permissions.
  1. The URL prefix for documents in the private subfolder is: 
     http://web.princeton.edu/sites/departmentname/private

    For example, for the restricted document called localpolicies.htm in the private subfolder on the Safety site, the URL would be: 

      http://web.princeton.edu/sites/Safety/private/localpolicies.htm

    When a user clicks on a link to a restricted document, or enters the URL in the browser Location box, he/she will be asked for a Username and Password; some browsers may also request a Domain. The Username is the Princeton netID. The Password is the user's NT password. The Domain is princeton. Those using XP systems may need to enter princeton\netID in the Username field. Only those users who were granted permission to access the folder will be able to view the documents - others will be denied access.

Type 3. Restricted access to all Princeton users, no authentication required

For this example, a subfolder called PrincetonOnly is used.

  1. Navigate to the PrincetonOnly folder using Windows Explorer
  2. Right click on the folder
  3. Click Properties (the last item in the choice box)
  4. Click the Security tab.

    The groups who currently can view the PrincetonOnly subfolder are listed.

  5. Remove the group FacStaff from the list - highlight the name and click the Remove button.
  6. Remove the group Web Public from the list - highlight the name and click the Remove button.
  7. Leave the groups Web Services and Web\Administrators as long as the staff may need help in setting permissions on the folders and files. After that, they can be removed.
  8. Click Add. The Select Users, Computers or Groups dialog box is shown, as above.
  9. Locate the group Web Princeton Only and click Add followed by OK.
  10. In order to propagate the permissions setting to all files in the folder, click the Advanced button.
  11. Click OK in the Properties box. This setting allows only those with a Princeton netID to view your folders and files.

The URL prefix for documents in the PrincetonOnly subfolder is: 

 http://web.princeton.edu/pusites/site folder/PrincetonOnly

Note the use of pusites rather than sites in the URL. With pusites, users will not be asked to authenticate since their netIDs are already recognized.

For example, if you have a restricted document called localpolicies.htm in the PrincetonOnly folder on the safety site, the URL would be: 

 http://web.princeton.edu/pusites/safety/PrincetonOnly/localpolicies.htm

When you insert a link to a document in the PrincetonOnly subfolder from another web page, even one in the same web site, use an absolute link.

Type 4. Restricted access to all Princeton users, authentication required

To restrict access to those with Princeton netIDs, and also require a prompt for username/password, configure your folder and access it as follows. For this example, a subfolder called PrincetonOnly is used.

  1. Navigate to the PrincetonOnly folder using Windows Explorer
  2. Right-click on the folder
  3. Click Properties (the last item in the choice box)
  4. Click the Security tab.
  5. The groups who currently can view the PrincetonOnly subfolder are listed.
  6. Remove the group FacStaff from the list - highlight the name and click the Remove button.
  7. Remove the group Web Public from the list - highlight the name and click the Remove button.
  8. Leave the groups Web Services and Web\Administrators as long as the staff may need help in setting permissions on the folders and files. After that, they can be removed.
  9. In order to propagate the permissions setting to all files in the folder, click the Advanced button.

The URL prefix for documents in the PrincetonOnly subfolder is: 

 https://web.princeton.edu/sites/site folder/PrincetonOnly

Note the use of sites rather than pusites in the URL. With pusites, users will not be asked to authenticate since their netIDs are already recognized, while the use of https://web.princeton.edu/sites will prompt for username and password.

For example, if you have a restricted document called localpolicies.htm in the PrincetonOnly folder on the safety site, the URL would be: 

 https://web.princeton.edu/sites/safety/PrincetonOnly/localpolicies.htm

When you insert a link to a document in the PrincetonOnly subfolder from another web page, even one in the same web site, use an absolute link.

Use the Secure Server for additional security

For additional security, use the secure server when establishing links to restricted documents. 

 https://web.princeton.edu/sites/safety/private/localpolicies.htm

When a password is sent over the network with the http protocol, it can be captured by someone listening in to the network. When using the https protocol, passwords are encrypted and are thus secure. Web Services can ensure that the documents in the private folder can be viewed only with the https protocol. When setting up your site folder, ask that this restriction be given to your private folder(s).

Setting permissions for folder access

If you want to give other people permission to edit web pages in your folder, use the Setting permissions for web access process described above to add users with a permission setting of Full Control. You can add such permissions on folders or files, to control who can edit which pages.

Related Links:

Last Updated:
September 11, 2006

Solution ID:
9685