You may find that Microsoft SharePoint Portal Server crawls .aspx pages of child portal sites in the server farm and includes this content in the index. As a result, users can search for content in the portal site that they do not have access to. Items are returned in the search results. However, when a user clicks an item, they cannot access that item.

This problem occurs if all the following conditions are true:

• You have a server farm deployment of SharePoint Portal Server or a server farm deployment of SharePoint Portal Server that uses a shared services environment.
• You configure the parent portal site to crawl content that is contained in child portal sites.
• Users search for content that is contained in the child portal sites.

In a shared services environment, where you add child portal sites as content sources to the parent portal site, SharePoint Portal Server crawls .aspx pages that are contained in the content sources (child portal sites). By default, SharePoint Portal Server uses a user account with administrator-level credentials to crawl content. This account may have access to information that other users with non-administrator credentials cannot access. As a result, data that is included in the index may be accessed by users who search the portal site.

To resolve this problem, create a rule to configure the content source so that it is crawled by using a user account that has Read permissions. Follow these steps to create a rule in SharePoint Portal Server to specify a crawling account:

1. On the Home page of your portal site, click Site Settings.
2. On the Site Settings page, under Search Settings and Indexed Content, click Configure search and indexing.
3. On the Configure Search and Indexing page, under General Content Settings and Indexing Status, click Exclude and Include other content.
4. On the Exclude and Include Content page, click New Rule.
5. On the Add Rule page, in the Path area, type a path for the content that is affected by this rule in the Path box.
6. In the Crawl Configuration area, specify the items that you want to exclude or include in the path.
7. In the Specify Authentication area, click Specify crawling account.
8. In the Account box, type a user account with Read permissions, in the Password and Confirm Password boxes, type the password for the user account that you specified.
9. Click OK.

By default, SharePoint Portal Server does not crawl .aspx pages (including Web Part pages) that are contained in the local portal. This content is not included in the index and is not included in any search results. The exclusion of this content is a result of a special site path rule that is applied to the content source of the local portal.

In a server farm that uses a shared services environment, where a parent portal site is configured to crawl content in child portal sites, SharePoint Portal Server crawls .aspx pages (and Web Part pages) of the child portal sites. The site path rule that applies to the content source of the local portal does not apply to content sources created from the child portals. As a result, content from .aspx pages (including Web Part pages) are included in the index, and users can search for and view this data. Microsoft recommends that administrators create a rule so that a user account that does not have administrative credentials crawls the .aspx pages that are contained in the child portals. This rule may help to protect the information that is contained in the Web part pages.

For more information about how to configure and administer SharePoint Portal Server, see the Microsoft Office SharePoint Portal Server 2003 Administration Guide. The Microsoft Office SharePoint Portal Server 2003 Administration Guide (Administrator's Help.chm) is located in the Docs folder in the root folder of the SharePoint Portal Server 2003 CD.

For more information about SharePoint Portal Server, visit the following Microsoft Web site: