Kevin Remde's IT Pro Weblog
IT Pro Resources
TechNet EventsMicrosoft Security Response CenterMicrosoft Virtual AcademyKevin’s Evaluation Download Center
IT Pro Evangelist Blogs
Blain Barton Blain Barton's Blog@BlainBar
Brian LewisMy Thoughts on IT...@BrianLewis_
Dan Stolts IT Pro Guru Blog@ITProGuru
Jennelle Crothers TechBunny@jkc137
Kevin RemdeFull of I.T.@KevinRemde
Tommy PattersonVirtually Cloud 9@Tommy_Patterson
Yung Chou Yung Chou on Hybrid Cloud@YungChou
Below are the best of the questions and answers that occurred during our TechNet Webcast entitled, "SharePoint Server 2007 (Part 5 of 6): SharePoint Server 2007 Security, from Service Accounts to Item-Level Access"
John Weston was kind enough to help out with the questions and answers during the webcast. Much of what you see below is either specifically his answer, or based on the answer he gave during the session. I've expanded upon them, and added answers to questions we didn't get to answer or were answered verbally on the webcast. But basically this was possible as a result of his effort, and I wanted to give him credit here. Thanks, John!
PS - here are the RESOURCES I pulled together for this webcast
Questions and Answers
“A group can be created at the Context level and at the individual level?”
“How can you add users from outside of AD if you are using AD authentication?”
Check this whitepaper for a discussion on security methods http://office.microsoft.com/download/afile.aspx?AssetID=AM101638561033
“We are using windows authentication through AD for all users. What is the easiest/best/cleanest way to add test accounts?”
If you’re using AD for all users, then it's best to create and manage test AD users.
“Is there a way of assigning ‘none’ for a user's permissions? I want to explicitly revoke a user's access to a site, for instance.”
Check this link for permissions discussion http://office.microsoft.com/en-us/sharepointtechnology/HA101001491033.aspx#2 If they’re getting permissions through a group membership, then the only way to revoke permissions is to remove them from the group.
“I can import user accounts from LDAP server but cannot use LDAP to authenticate the imported users. Any idea?”
Check this link http://technet2.microsoft.com/Office/en-us/library/a38bc5b6-9d65-4c20-811b-484b082d28dd1033.mspx?mfr=true I think it may have the answer youre looking for.
“Are you going to have more advance level wbcast. How to do this type of work through code?”
I won't - But I know that our Dev Evangelists (MSDN events) have done sessions on this kind of thing. You should be able to find them if you go to http://www.microsoft.com/events and search for them. In fact, I did find one available on-demand, delivered by a good friend of mine – Glen Gordon. It’s specifically on SharePoint Custom authentication providers. http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032346257&culture=en-US
“What is the individual level? Is that a particular document?”
Yes. You can apply permissions down to the individual item level - which could be a specific document.
See you on Wednesday for PART 6 - SharePoint Server 2007 (Part 6 of 6): Keeping Control of Your SharePoint Sites with IT Governance