SharePoint Products and Technologies Security from Service Accounts to Item-Level Access: Webcast (05-04-2007)
Good afternoon all my MOSS Security FANS!
Thank you for attending the webcast on SharePoint and security. I hope everyone got to see some great technologies and how to look at some the great new changes in Office SharePoint Server 2007. I have a couple of resources to share with you:
To watch the webcast again:
SharePoint Products and Technologies Security from Service Accounts to Item-Level Access
This is a great resource to see the demos again:
ITPRODSK-107: Security and SharePoint - From Service Accounts to Item-Level Access
Question: We have users that want full control, but we don't want them to be able to add groups to AD, what permissions that would be?
Answer: You really need to look to delegation of permissions in AD. Take a look at these links for more information:
- Design considerations for delegation of administration in Active Directory: Achieving autonomy and isolation with forests, domains, and organizational units
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/addeladm.mspx - Step-by-step guide to using the Delegation of Control wizard
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/ctrlwiz.mspx - Best practices for delegating Active Directory administration: How delegation works in Active Directory
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/actdid3.mspx - est practices for delegating Active Directory administration: Case study: a delegation scenario
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/actdidcs.mspx
Question: Is BDC part of WSS or only part of MOSS?
Answer: No, the business data catalog is not a part of WSS. It is a part of Microsoft Office SharePoint Server 2007 Enterprise edition.
Question: If I have an external vendor working with my company, do I have to set up an account for them in AD for them to have access to an application?
Answer: No, you can use the ASP.Net provider model to authenticate them with a SQL account, take a look at this TechNet magazine article for more information: http://www.microsoft.com/technet/technetmag/issues/2007/01/Security/default.aspx
Question: Will these ASP.Net security settings apply to all ASP type deployments and not just a SharePoint environment?
Answer: Yes, this is all a part of the ASP.Net provider model. Take a look here for more information: http://msdn2.microsoft.com/en-us/library/aa479030.aspx
Question: Can you programmatically set permissions - Through WMI, PowerShell, or .Net?
Answer: Yes you can, take a look here for the SDK: http://www.microsoft.com/downloads/details.aspx?familyid=05E0DD12-8394-402B-8936-A07FE8AFAFFD&displaylang=en
