Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Settings

Status
Not open for further replies.
rogerpatel

rogerpatel

Technical User
Jun 14, 2005
120
Hello everyone,

Can it please get some assistance here.

I been given the task to setup a basic Windows Sharepoint Services Server.

Here are our requirements :

The Server will be accessed from internal users and some external users, the internal users will be users off our Active Directory, however the external users will be setup as and when requied, they will not work for our company so wont have user accounts on our domain.

The server can does not need to be part of our domain unless its advantage, we done mind setting up users in WSS for internal access if it makes like easier.

The system will be used mainly for documents.

I've setup WSS as a basic build and it seems a great bit of software, and its free.

We are stuck on the security side.

we would like to restrict certain users from files and folders within WSS, is this possible, if so please state how as we have spent ages on this and cant figure it our.

Here's an example :

Created a docuemnt Library, and everyone can access it, what if we only want a hand full of internal/external users to access it.

I have created uses within wss and applied reader access only however they can still view all folders etc.

Thanks in advance for you help.

Roger
 
Sort by date Sort by votes
Sorry i forgot to mention,

We are also thinking of connectingthe server to our DMZ Zone so its secured when accessed from the internet.

 
Upvote 0 Downvote
Hello,

Just to mention something about the licensing. Since you will have external users accessing your site, you will have to purchase Windows Server External Connector licenses. This is a kind of CAL license that you need for your non-employed users.

Now to the restricted access for a Document Library:
By default the built in site groups (reader, contributor, Web Designer) are assigned with permissions. What you need to do is to remove those groups and add individual users or create your own sitegroup and assign it to the document library. Also have in mind that sharepoint (WSS v3 and SPS 2003) does not have itemlevel permissions, i.e you permissions are set on Document Library level, not on folders or individual documents.

Do this to change permissions for a document library:
1. Click on the document library
2. Click Modify settings and columns
3. Click change permissions for this document library. Now you will see the default sitegroups, if you do not want them to access this, remove them. Add the users (or your custom sitegroups). Assign appropriate permissions.

Since you will have external users accessing the site, I guess from the Internet? Then SSL (https) is recommended to make it secure, and as you say placing it on a DMZ is also recommended. Are you using any kind of proxy? It might be a security risk to expose a server that is a memeber of an internal domain without somekind of proxy server.

I have only setup an extranet solution with Microsoft ISA Proxy server. The setup I did then was to place the ISA Proxy server on the DMZ and then WSS webserver on the itnernal trusted network. Then ISA does handles the user requests and pass it forward to the webserver. There are some whitepapers about that on microsoft.com

You can ofcourse also just make the WSS a standalone server without being a domain member and use local accounts (I have run that kind of setup aswell, then you just make local user accounts on that server). But it is important to think about the scurity, because if someone can gain access to your WSS server and it is being a part of your internal network (or have connections to internal AD etc), they could potentially gain access to other parts of your network.

Cheers,
Thomas







 
Upvote 0 Downvote
At last..

Thanks very much for this information, very helpful.

The server is going to go onto the DMZ Zone, as its only going to be used for a WSS box i dont think we will add it to the domain. I'd rather add users to the Server and then create them in WSS.

Do you see any problems with this other than internal user's having to login every time they access the WSS server?

Security
Using your post i can now restrict users from accessing certain Document Library's, is there any other methods i can do, and is there a limit to How many document libarys we can have ?
And finally what about FOLDERS within a library, can these be secured?

Thanks for all your help Thomas.

 
Upvote 0 Downvote
ignore my question about Folders, just read your post again.

In a nut shell am i correct in saying the only security available is on Document Libarary's

Thanks

 
Upvote 0 Downvote
Yes you are correct. The current version of sharepoint only support setting permissions on sitelevel, document library level and list level.

I do not see any other problems thatn users will have to login each time (with a different username).

Cheers,
Thomas



 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ncotton
  • Locked
  • Question
Unable to change settings / modify views etc - _vti_bin/owssvr.dll?CS=65001
Replies
1
Views
289
ncotton
ncotton
Artois27
  • Locked
  • Question
My Settings - Sharepoint Foundation 2010
Replies
0
Views
44
Artois27
Artois27
mikevogt
  • Locked
  • Question
Search Settings - An item with the same key has already been added.
Replies
1
Views
60
mikevogt
mikevogt
pablopecora
  • Locked
  • Question
"Security Token Service is not available" issue when deploing custom c
Replies
0
Views
53
pablopecora
pablopecora
juw1976
  • Locked
  • Helpful tip
SharePoint Web Part Security with Source Code 1
Replies
2
Views
72
juw1976
juw1976

Part and Inventory Search

Sponsor

Back
Top