Security

Define your Microsoft Project Server 2003 configuration

Decide whether to configure Project Server 2003 for Enterprise or Non-Enterprise mode, using these tips.


Congratulations are in order if you recently completed the Project Server 2003 installation successfully. Microsoft has greatly increased the functionality with this latest version, so installation has naturally become more complex. However, there are several steps you must complete before rolling it out. Specifically, those steps are:
  • Define the Project Server configuration
  • Review Project Web Access customization features
  • Review the security management configuration

Also, you will need to set up users and provide them information to successfully use Project Server in conjunction with the clients (Project Professional 2003 or Project Web Access). This article will focus on defining the Project Server configuration. Subsequent articles will handle the other recommendations outlined.

Deciding whether to use Enterprise or Non-Enterprise mode
Project Server 2003 offers two modes of operation called Enterprise and Non-Enterprise. Choosing Enterprise mode is typically your best bet because it enables standardization of how projects are designed and tracked across an organization while providing useful centralized tools. A few of the centralized tools that will prove useful for most organizations are:
  • Enterprise Resource Pool – Through sharing resources in Project Professional, a project manager can create a resource pool in one project plan and use it with other projects. However, this option will not necessarily provide a true picture or effective management of a resource since a resource might actually exist in several different resource pools managed by different people. With the Enterprise Resource Pool, an organization has a better method for tracking and monitoring resource usage since there is only a single repository of resources throughout the organization.
  • Enterprise Templates - Project templates can be saved so that project managers with the correct permissions can view the templates, and then create a project plan based on a template.

Enterprise mode is an excellent option for an organization which has developed a common project methodology, approach, and tools. However, an organization which has spent little or no time developing a common methodology will need to take a look at the individual benefits of each enterprise feature before using this mode.

Enabling Enterprise or Non-Enterprise mode
If you discover that you chose the incorrect mode during installation, you can change the setting within Project Web Access (the Web client for Project Server 2003). To enable Enterprise or Non-Enterprise mode, follow the steps below:

Note
If this is your first time accessing Project Server from a Web browser, you will likely get a page for the End User License Agreement (EULA). If the Project Web Access control is not installed in Internet Explorer, there will also be an attempt to automatically download and install the control.

Figure A

  1. Access Internet Explorer.
  2. Type the URL for the Project Server (the syntax is http://[server name]/projectserver). The Project Web Access Login page appears as shown in Figure A.
  3. Type administrator in the Username field.
  4. Type the password you defined for the administrator account during installation, and then click the OK button. The Project Web Access main page appears.
  5. Click Admin on the Project Web Access toolbar at the top. The Administration Overview page appears as shown in Figure B.
  6. Click Server Configuration in the Actions panel on the left side of the page. The Server Configuration page appears as shown in Figure C.
  7. Select either the Enable Enterprise Features or Enable Only Non-Enterprise Features option.
  8. Click the Save Changes button at the top or bottom of the Server Configuration page to save changes.

Figure B


Figure C


If you chose Enterprise mode, you will notice there are two options related to master projects. Master projects are used within Project Professional to consolidate several projects into one, providing somewhat centralized management and tracking. When using Project Server 2003, there is no need to use master projects. In fact, the options for allowing master projects to be published or saved to the Project Server should not be used. If you are using enterprise data, master projects loaded with resource data, for example, can affect the accuracy of reports generated since duplicate identities of resources can exist.

Pulling user accounts from Active Directory
A useful option in Enterprise mode is to have Project Server 2003 pull a list of users from a group in Active Directory to save on administrative time. To make the most of this option, create a user group specifically for access to the Project Server in Active Directory. Then as you add new users, you can simply add them to this group as you create their accounts in Active Directory. You can set how often these users are pulled from Active Directory.

Users pulled from Active Directory are added to the Team Members group in Project Server automatically. These accounts are set up to authenticate using Windows Authentication instead of Project Server authentication. I personally like to use Windows Authentication because it is more secure than Project Server authentication. However, you should be aware you will need a Windows Client Access License (CAL) for anyone authenticating to a Windows Server 2003 platform, even through the Internet. If you already have enough Windows CALs to cover this, you will find this to be the best option.

The steps to configure pulling user accounts from Active Directory are:
  1. Access the Server Configuration page.
  2. Type the name of the Active Directory group from which user accounts will be pulled in the Active Directory Group To Synchronize text box.
  3. Choose the Update Every option, and then choose the interval for synchronizing with Active Directory.
  4. Click the Save Changes button to save the Active Directory synchronization settings.

In addition, the accounts pulled in from Active Directory are only given membership to the Team Members group in Project Server. This means they have the lowest rights and permissions, which is always a good security measure.

Editor's Picks