Prev Next |
To install a Sitecore instance:
- Choose a parent directory path for the project such as C:\InetPub and an identifier such as ProjectName
- Extract the .zip archive to create C:\InetPub\ProjectName\Website and C:\InetPub\ProjectName\Data; for Microsoft SQL Server 2005 Express Edition also extract C:\InetPub\ProjectName\Databases
- Set permissions on as described under Configuring Permissions
- Copy a valid license file to the Data folder (see Troubleshooting » License Issues)
- The document root may contain multiple web.config files with various extensions; duplicate web.config as web.config.default
- The database attribute of the /configuration/sitecore element in web.config controls the database technology used; the possible values “SQLite” and “SqlServer” activate configuration files in subdirectories under Website/App_Config
- Configure for SQLite, SQL Server 2005 Express Edition or SQL Server 2000/2005
- In web.config, set the value attribute of the /configuration/sitecore/sc.variable with name attribute dataFolder to the full path of the Data folder excluding the trailing slash:
<sc.variable name="dataFolder" value="C:\InetPub\ProjectName\Data" />
- Configure the WebSite directory as an IIS document root; ensure .NET 2.0 is selected on the ASP.NET tab
- Ensure hostname has been added to the IE6 trusted sites and access http://hostname and http://hostname/sitecore as admin user with a blank password.
1. Configuring Permissions
Certain types of browser requests (generally for directory lookups and static resources) are executed with the permissions of the internet impersonation as specified under “Authentication and access control” on the Directory Security tab in the IIS management console. The default name for this account is IUSR_* where the star represents the machine name.
Requests for ASP.NET resources are executed with the permissions of ASP.NET. The default ASP.NET account on Windows XP is a local user named ASPNET, which will also be used on Windows 2003 under specific conditions such as if “Run WWW service in IIS 5.0 isolation mode” is selected on the Services tab of the Web Sites container in the IIS management console. The default ASP.NET account on Windows 2003 is local user named NETWORK SERVICE.
In general, if permissions for OS users and roles are not specified in this document, they should not be defined on the file system, although certain use cases will require expanded permissions.
The IUSR_* user should have Read and Execute access to the WebSite folder and all descendants.
It’s generally easiest to grant the ASP.NET user Full Control of the WebSite and Data folders as well as all descandants but it’s also possible to further restrict permissions. The ASP.NET user must have Read and Write access to the following resources under the specified circumstances:
Directory: | Situations in which ASP.NET and/or IUSR_* user requires Read and Write Control: |
/data | All Sitecore environments in which this folder is used. |
/indexes | All Sitecore environments. Important Note: ASP.NET and IUSR_* users require the modify access rights to this folder in order to maintain the search indexes. |
/layouts | If |
/sitecore/shell/Applications/debug | All Sitecore environments against which CMS users authenticate (generally everything except content delivery/runtime servers); create this directory if it does not exist. |
/sitecore/shell/Controls/debug | All Sitecore environments against which CMS users authenticate (generally everything except content delivery/runtime servers); create this directory if it does not exist. |
/temp | All Sitecore environments. |
/upload | Sitecore environments to which users interactively upload media. |
/xsl | If |
/App_Data | All Sitecore environments in which this folder is used. Note: IUSR_* user requires Read and Write permissions to this folder as well. |
/audit /logs /viewstate /mediacache /diagnostics |
Both ASP.NET and IUSR_* users require Read and Write permissions to these folders. |
For custom XML controls, all directories specified in the ControlSources section of web.config must contain a debug folder with Read/Write access by the ASP.NET user.
The ASP.NET user must have rights to List Folder Contents on all directories above WebSite; for instance for C:\InetPub\ProjectName permissions may need to be opened on C:\InetPub and any other folders above ProjectName. If anonymous access to the site has been allowed in IIS (under “Authentication and access control” on the Directory Security tab in the properties of the web site in the IIS management console) and the impersonate attribute of the /configuration/system.web/identity element in web.config is set to true, the IUSR_* must have the List Folder Contents right instead of the ASP.NET user:
<identity impersonate="true" />
To update security settings for a directory:
- In Windows file system explorer, right-click on the directory and select Properties
- Navigate to the Security tab
- If the Security tab is not visible, which may occur for instance after upgrading Windows XP Home to Professional:
- In Windows file system explorer, select Tools » Folder Options
- On the View tab, ensure “Use simple file sharing” is not selected
- If the account is not visible in the “Group or user names” field:
- Select Add
- Ensure “From this location” is set to the local machine
- Select Locations
- Type in the account (“ASPNET”, “NETWORK SERVICE” or “IUSR_<machinename>”) and press Check Names OR select Advanced, select Find Now and select the account
- Select appropriate permissions for the user in the “Group or use names” field; if the fields are selected but disabled checkboxes then permissions are inheriting correctly from the parent folder
- Permissions should be set to inherit; if permission denied errors appear when accessing file system resources:
- In Windows file system explorer, right-click on an ancestor folder such as WebSite or Data and select Properties
- Ensure security is set correctly for the IUSR_* and ASP.NET users
- Select Advanced under “For special permissions or for advanced settings”
- Select both “Allow inheritable permissions…” and “Replace permission entries” checkboxes
Prev Next