Good afternoon all my MOSS Security FANS!

Thank you for attending the webcast on SharePoint and security. I hope everyone got to see some great technologies and how to look at some the great new changes in Office SharePoint Server 2007. I have a couple of resources to share with you:

To watch the webcast again:
SharePoint Products and Technologies Security from Service Accounts to Item-Level Access

This is a great resource to see the demos again:
ITPRODSK-107: Security and SharePoint - From Service Accounts to Item-Level Access

Question: We have users that want full control, but we don't want them to be able to add groups to AD, what permissions that would be?
Answer:
You really need to look to delegation of permissions in AD. Take a look at these links for more information:

  1. Design considerations for delegation of administration in Active Directory: Achieving autonomy and isolation with forests, domains, and organizational units
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/addeladm.mspx
  2. Step-by-step guide to using the Delegation of Control wizard
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/ctrlwiz.mspx
  3. Best practices for delegating Active Directory administration: How delegation works in Active Directory
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/actdid3.mspx
  4. est practices for delegating Active Directory administration: Case study: a delegation scenario
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/actdidcs.mspx

Question: Is BDC part of WSS or only part of MOSS?
Answer:
No, the business data catalog is not a part of WSS. It is a part of Microsoft Office SharePoint Server 2007 Enterprise edition.

Question: If I have an external vendor working with my company, do I have to set up an account for them in AD for them to have access to an application?
Answer:
No, you can use the ASP.Net provider model to authenticate them with a SQL account, take a look at this TechNet magazine article for more information: http://www.microsoft.com/technet/technetmag/issues/2007/01/Security/default.aspx

Question: Will these ASP.Net security settings apply to all ASP type deployments and not just a SharePoint environment?
Answer:
Yes, this is all a part of the ASP.Net provider model. Take a look here for more information: http://msdn2.microsoft.com/en-us/library/aa479030.aspx

Question: Can you programmatically set permissions - Through WMI, PowerShell, or .Net?
Answer:
Yes you can, take a look here for the SDK: http://www.microsoft.com/downloads/details.aspx?familyid=05E0DD12-8394-402B-8936-A07FE8AFAFFD&displaylang=en