Securing SharePoint and Project Server 2010
A year ago, I showed how to lock down SharePoint 2007 using the Security Configuration Wizard that was introduced with Windows Server 2003. The last post includes information on how the tool works, but as the Microsoft SharePoint 2010 Administration Toolkit was just released (which includes the Security Configuration Wizard (SCW) manifests for SharePoint 2010 running on Windows Server 2008/R2, I thought I would link to some resources and provide screenshots of the process.
- Download the Microsoft SharePoint 2010 Administration Toolkit v1.0
- SharePoint 2010 Administration Toolkit v1.0 (SharePoint Server) documentation
- SharePoint 2010 Administration Toolkit v1.0 (SharePoint Foundation) documentation
- Security Configuration Wizard in Windows Server 2008 documentation
- Security Configuration Wizard Documentation download
While the documentation discusses how to install the SharePoint Foundation and SharePoint Server manifests, it appears that Project Server 2010 security manifests are included as well:
The Project Server manifests depend upon having the SharePoint Foundation and SharePoint Server manifests installed following the steps here, after which you can register them as follows:
- If you are using Windows Server 2008 Service Pack 2, type scwcmd register /kbname:PROJECTSERVER2010 /kbfile:Project2010W2K8.xml and press ENTER.
- If you are using Windows Server 2008 R2, type scwcmd register /kbname:PROJECTSERVER2010 /kbfile:Project2010W2K8R2.xml and press ENTER.
Once you are done, just start up the Security Configuration Wizard by clicking Start –> Run –> scw.exe. Just click through the wizard, choose the appropriate options, and apply the configuration. You will then be all set to go with unnecessary services/ports disabled and firewall/auditing/registry settings configured as locked down.