SharePoint 2010 : Operations Management with the SharePoint Central Administration Tool (part 5) - Reviewing Security Settings in SPCA

1/31/2011 3:59:29 PM

Reviewing Security Settings in SPCA

The Security page in SPCA, as shown in Figure 22, contains all security-related items available for configuration in SPCA.

Figure 22. Viewing the security items in SPCA.


Within the first category on the Security page, labeled Users, all security settings related to not only users, but also specific user groups are listed. This includes the following:

  • Manage the farm administrators group— Enables full farm administrators to be defined.

  • Approve or reject distribution groups— Distribution groups automatically added by the Directory Management Service are listed in this area if the farm is configured to require administrator approval for new distribution groups. The Directory Management Service is enabled from within the incoming email settings in SPCA.

  • Specify web application user policy— Permission for an individual user or a group to override security within a web application can be set in this area. For example, the Search Crawling Account can be configured to have read access to all content within the entire web application to enable it to be crawled.

General Security

Within the second category on the Security page, labeled General Security, all other security settings that don’t fit into either the first or third category are listed, including the following:

  • Configure managed accounts— This area is highly useful for SharePoint admins, because it allows for the concept of a managed account to be configured. A managed account is a service account that can be set to automatically have its password changed, as shown in Figure 23. Managed accounts can be set for all SharePoint service accounts, such as the Crawl account, Search account, accounts for \service applications, and App Pool identity accounts.

    Figure 23. Creating a new managed account in SPCA.
  • Configure service accounts— Enables specific services in Windows Server to be updated with the credentials of a specific managed account used as the service account. This enables services that run with the credentials of a user to be automatically updated per best practices.

  • Configure password change settings— Enables administrators to determine what the individual settings for password changes are, such as who is notified via email of the changes and how many seconds to wait before notifying services of the change.

  • Specify authentication providers— Enable administrators to define more than one authentication directory to use to gain access to SharePoint content, as shown in Figure 24.

    Figure 24. Modifying authentication providers.
  • Manage trust— Within this area, different farms can be “trusted,” allowing for their content to be intermingled with the farm and allowing for sharing of information between the farms. The trust relationships to other farms must be set up using PKI certificates and requires a common trusted root certificate when creating the trust, as shown in Figure 25. Trusts are required to consume information from another farm.

    Figure 25. Adding a trust to a different farm.

  • Manage antivirus settings— Antivirus settings are provided in SPCA as part of the built-in antivirus Application Programming Interface (API). Note that just because the API is there does not mean that antivirus functionality is available out-of-the-box. To enable antivirus, a supported antivirus product, such as Microsoft’s Forefront Protection 2010 for SharePoint, must be installed.

  • Define blocked file types— The default list of file type extensions that are blocked in SharePoint is defined in this area. It can be modified as necessary.

  • Manage web part security— The security settings related to web parts, such as whether users can create connections between web parts, are listed in this area.

  • Configure self-service site creation— Also linked to from the Application Management area of SPCA, enables specific users with the proper rights to create their own subsites.

Information Policy

Within the third category on the Security page, labeled Information Policy, information about enabling Information Rights Management (IRM) to enable document libraries to be secured using Active Directory Rights Management Services (AD RMS) is provided.

  • Configure information rights management— Enables IRM settings to be enabled or disabled within SharePoint, depending on whether AD RMS is already deployed within the AD forest or whether SharePoint should manually address the server, as shown in Figure 26.

    Figure 26. Configuring IRM settings in SPCA.
  • Configure information management policy— Individual IRM policies for SharePoint, such as policies for labels, barcodes, auditing, and retention, can be defined within this area.

Most View
NIKKOR AF-S 2S-300mm f/3.5-5.GG ED VR
Samsung Galaxy SIII Mini - A Small Galaxy Having Few Stars (Part 3)
Nintendo WII U - Modern HD Gaming Console (Part 5)
Plantronics Voyager Legend
Nikon D7100 DSLR – A Camera Providing Excellent Images (Part 2)
Xerox Mobile Scanner - Scan Without A Computer
30 Something CD Players Group Test Preview
Travel – Planet Of The Apps
Windows RT 64bit Is Being Executed
DirectX 10 Game Programming : Shaders and Effects - Pixel Shaders, Lighting (part 1) - Generating Normals
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Top 10
Sharepoint 2013 : Content Model and Managed Metadata - Publishing, Un-publishing, and Republishing
Sharepoint 2013 : Content Model and Managed Metadata - Content Type Hubs
Sharepoint 2013 : Managed Metadata in SharePoint Sites (part 3) - Filtering, Tagging in Office Applications
Sharepoint 2013 : Managed Metadata in SharePoint Sites (part 2) - Tagging User Interface
Sharepoint 2013 : Managed Metadata in SharePoint Sites (part 1)
VOLVO XC90 T6 : Premium people carrier
RENAULT ZOE : Zoe is in town
PORSCHE BOXSTER GTS : Punchier Boxster
Designing a Windows Server 2012 Active Directory : Choosing a Domain Namespace - Examining Domain Design Features, Choosing a Domain Structure
Designing a Windows Server 2012 Active Directory : Understanding AD DS Domain Design - Examining Domain Trusts