                  List of FRONTPG.INI Settings

List of FRONTPG.INI Settings

Configuring Server Extensions Parameters

Default Server Extensions Parameters

  * NoAbsoluteFileResults
  * NoServerFileResults

Other Security-related Server Extensions Parameters

  * NoExecutableCgiUpload
  * Logging
  * AllowExecutableScripts
  * AccessControl
  * RestrictIISUsersAndGroups

Additional Server Extension Configuration Parameters

  * ReformatHtml
  * UpperCaseTags
  * PreserveTagCase
  * TextMemory
  * NoIndexServer
  * SMTPHost
  * MailSender
  * SendMailCommand
  * MailCharSet
  * MailEncoding
  * CacheMaxDocMeta
  * CacheMaxInclude
  * CacheMaxImage

Parameters That Can Also Be Set in the FrontPage Explorer

  * NoClientImageMaps
  * ImageMapFormat
  * ImageMapURLPrefix
  * ScriptLanguage

Configuring Server Extensions Parameters

Some features of the FrontPage 98 Server Extensions can be
controlled by setting parameters in the appropriate sections of
the frontpg.ini file. The frontpg.ini is in the Windows NT
directory. The appropriate sections for each virtual server are
titled [Port <IPAddress>:<port>] for multihosted servers or just
[Port <port>] for single-hosted servers, global settings are
stored in the [FrontPage 3.0] section. The default setting in
the software for each of these parameters is 0, unless otherwise
noted. The parameter syntax is as follows: Parameter=value

For Example: Logging=1

Placing the parameter in the [FrontPage 3.0] section of the
frontpg.ini will affect all ports and all web servers installed
on that server. Placing the parameter in the [Port
<IPAddress>:<port>] section will affect only that port.

Default Server Extensions Parameters

The FrontPage 98 Server Extensions install with the following
parameters set as indicated. This default configuration
minimizes the host server's vulnerability.

NoAbsoluteFileResults

Initial value after installation: 1. A value of 1 for this
parameter forces the default (Save Results), Registration, and
Discussion FrontPage form handling components write only to a
file within the customer's web content area. It prevents these
FrontPage Components from writing to an absolute file path.

NoServerFileResults

Initial value after installation: 1. A value of 1 for this
parameter prevents the default (Save Results), Registration, and
Discussion FrontPage form handling components from writing to
the _vti_log directory in the customer's document root (Setting
the NoServerFileResults parameter to zero can be useful to allow
customers to save the output generated from the Save Results,
Registration, and Discussion FrontPage Components to the
_vti_log directory in the server's root web). As a security
measure, the author.log file in the _vti_log directory records
all authoring actions on the web when the Logging parameter is
set (see below). The non-zero value for NoServerFileResults
prevents an author from "covering his tracks" by overwriting or
modifying the author.log file.

Other Security-related Server Extensions Parameters

The following web configuration parameters are not included in
the default installation of the FrontPage 98 Server Extensions,
but can be added by editing the Server Extensions configuration
file. When set as indicated below, these options can increase
the overall security of FrontPage.

NoExecutableCgiUpload

Initial value after installation: 0. When set to 1, authors
cannot upload files to a directory marked executable, and cannot
mark a directory executable. Setting this parameter to 1
completely prevents authors from uploading and executing Active
Server Pages (ASP), Internet Database Connector Pages (IDC),
PERL Scripts (PL), CGI scripts and ISAPI extensions. To only
restrict authors ability to upload and execute CGI scripts and
ISAPI extensions use the AllowExecutableScripts configuration
parameter, below.

Logging

When set to a non-zero value, authoring operations are logged to
_vti_log/author.log in the root web. Each operation is logged
with the current time, the remote host, the author's user name,
the name of the web, the operation performed, and per-operation
data. In the event of a security breach, this log file can be
analyzed for authoring activity on the customer's web. Default
value = 0.

AllowExecutableScripts

When set to a non-zero value, FrontPage will set the executable
bit on files within executable directories. So, when directories
are marked as executable, all files within the directory will
also be marked as executable. If authors are permitted to upload
into executable directories (because the NoExecutableCgiUpload
parameter, above, is zero), then by setting this parameter to a
non-zero value, authors will be able to execute newly uploaded
CGI scripts and ISAPI extensions because they will be marked as
executable. If this parameter is zero and NoExecutableCgiUpload
is also zero, authors will be able to upload and use ASP and IDC
files but not CGI or ISAPI files.

AccessControl

When this parameter is set to zero, FrontPage AccessControl is
completely disabled. In general this is not recommended. Turning
off AccessControl requires that the access control on the
_vti_bin directories be set manually whenever a sub-web is
created. Until this is done, anyone can author against the web.
The advantage to AccessControl is that a knowledgeable webmaster
who has set custom access control permissions will not have work
re-written by FrontPage. This also causes the FrontPage Explorer
to disable the Permissions command on the FrontPage Explorer's
Tools menu. Default = 1.

RestrictIISUsersAndGroups

This parameter enables user and group list restrictions, thereby
preventing a FrontPage end user from seeing all NT accounts on
the server. This parameter can be enabled globally or on a
per-service basis, and restrictions can be overridden on a
per-server basis. Setting the key to 1 enables restrictions. If
the users and groups restrictions are enabled for a given
service, the extenders look for an NT group named in the
following format:

FP_ServiceName[_Subweb]

On a multihosted IIS2.0/3.0 machine ServiceName is the service's
IP address and port number combination  and _Subweb is the name
of the sub-web. On a single-hosted machine, the ServiceName
portion is simply the port number.

On IIS 4.0, ServiceName can be of the form /LM/W3SVC/<N>, where
<N> is an instance number. This is the recommended method. On
IIS 4.0, ServiceName can also be of the form
<virtual_server>:<port_number>. If you use this form, you must
use specify the virtual server's name; you cannot use the
virtual server's IP address on IIS 4.0.

To specify a root web's restriction group, omit the _Subweb
portion.

Examples:

FP_157.55.49.66:80_MySubweb

FP_80_MySubweb

FP_/LM/W3SVC/1_MySubweb

Restriction groups are global groups and are not restricted to
be groups on the local machine.

Additional Server Extension Configuration Parameters

These Server Extension configuration parameters do not have an
effect on the security of FrontPage, but are relevant to
concerns that a Web presence provider may have.

ReformatHtml

Setting this parameter to "Y" or a non-zero value will cause the
FrontPage 98 Server Extensions to reformat all HTML pages when
they are uploaded to the web server. Setting a zero value for
this parameter causes only pages with FrontPage Components to be
reformatted. Default = "N"

UpperCaseTags

When set to "Y" or a non-zero value, converts all HTML tags to
upper-case when the FrontPage 98 Server Extensions reformats
HTML pages. Defaults to 0.

PreserveTagCase

When set to "Y" or a non-zero value, attempts to preserve the
case of HTML tag attributes when the FrontPage 98 Server
Extensions reformats HTML pages. Note that the tag itself will
always be upper- or lower-case according to the UpperCaseTags
attribute. Defaults to 0.

TextMemory

When set to zero, turns off full-text indexing of your webs.
When set to a non-zero value, sets how many megabytes the
text-indexing allocates for its hash-tables and other data
structures. Defaults to 1.

NoIndexServer

Setting this parameter to 1 communicates to FrontPage that it
should not use the IIS Index Server and that it should use the
FreeWAIS search engine that is included in FrontPage 98. Default
value = 0, indicating that if FrontPage detects the presence of
the Index Server, it will use it as the search engine for this
server.

SMTPHost

This parameter is set to the name or IP address of a host
running an SMTP daemon, such as Exchange on NT. When a user
submits a form whose results are to be sent via Email, the
FrontPage Server Extensions connect to the SMTP daemon to
deliver the mail. By default FrontPage assumes the daemon is
listening on port 25 (the standard for SMTP) but you can
override this by appending ":xx" to the name, where the xx is
the port to use. Normally you will set either SMTPHost or
SendmailCommand, but not both, because SendmailCommand takes
priority over SMTPHost. Examples:

SMTPHost=mail.example.microsoft.com

SMTPHost=test:10000

SMTPHost=127.0.0.1

MailSender

This parameter sets the user name to use as the "from" account
when sending Email. Specifically, it is used as the argument to
the "SEND FROM:" command in SMTP. The default for SMTP is
user@host, where "user" is the current user account and "host"
is the current host name.

SendMailCommand

This parameter sets the name of a program to which Email should
be piped. Typically this will be sendmail, but it could be any
program. Before invoking the command, all occurrences of "%r"
are replaced with the recipient of the mail. The per cent sign
character followed by any other character is replaced by that
character. Example:

SendmailCommand=/usr/lib/sendmail %r

MailCharSet

This parameter can be used to override the character set
attribute of the content-type header.

MailEncoding

This parameter can be used to override the content transfer
encoding attribute of the content-type header.

CacheMaxDocMeta

This integer parameter sets the maximum number of documents in
the cache. The default value is 512 (files)

CacheMaxInclude

This integer parameter sets the size in MB of the include file
cache. The default value is 16.

CacheMaxImage

This integer parameter sets the size in MB of the image file
cache. The default value is 16.

Parameters That Can Also Be Set in the FrontPage Explorer

The following parameters can be set in the FrontPage Explorer
under the Tools menu's Web Settings command in the Advanced tab.
Using these parameters will set the defaults for the web,
however these settings will not be updated in the FrontPage
Explorer's user interface.

NoClientImageMaps

When this parameter is set to 1, it prevents FrontPage from
generating HTML that supports client-side image map processing.
By default, FrontPage can generate both client-side and
server-side HTML by not setting this parameter and by selecting
a server-side ImageMapFormat.

ImageMapFormat

This parameter sets the server image-map style. Valid parameters
include: FrontPage, NCSA, CERN, Netscape, or <None>. If you
select <None>, FrontPage will not generate HTML to support
server-side image map processing.

ImageMapURLPrefix

This parameter sets the server-relative URL of the server-side
handler for the selected image-map style. If style
(ImageMapFormat) is FrontPage, server-side image maps are
handled automatically. For other styles, provide the name and
location of a handler.

ScriptLanguage

This parameter sets the scripting language for the scripts that
are automatically generated to enforce any data validation
settings you apply to form fields. Valid parameters include
VBScript, JavaScript, or None.

