Setting SharePoint Workspace account usage policy


Applies to: SharePoint Workspace 2010, Groove Server 2010

Topic Last Modified: 2010-02-11

This article describes how to set a policy that requires managed SharePoint Workspace users to enter Windows logon credentials issued from specific Active Directory forests when they open their accounts. If credentials did not originate from specified forests, a member cannot open their account. Because specified forests can be those that you manage, this policy helps ensure that accounts and related workspace data function only with operating system logons that comply with password quality requirements managed by your organization.


This policy applies Active-Directory-integrated management systems only.

This procedure requires that Groove Server 2010 Manager is installed as described in Deployment for Groove Server 2010.

To restrict SharePoint Workspace users to operating system logon from specific Active Directory forests

  1. Log on to the Groove Server Manager administrative Web site, expand Policies, and then click Default or another policy template.

  2. Click the Security Policies tab, and under Account Usage, select the check box for Restrict SharePoint Workspace identities to OS logon in listed forests only. If Active Directory is integrated with your management system text field appears, together with a list box that displays Active Directory forests that are integrated with the Manager domain.

  3. To specify an Active Directory forest with which domain member workspace logon credentials must comply, enter a forest name in the text box by using a test string that represents a forest root domain in <name>.<name>.<name> form (for example:, and then click the Add button.

  4. Click Save Changes in the toolbar.

  5. To delete a forest from the list, select the forest name in the list, and then click Remove Selected Forest Names.

After SharePoint Workspace clients receive this policy from Groove Server Manager, domain members will be able to log on to their SharePoint Workspace accounts only by providing valid operating system logon credentials for specified Active Directory forests. This policy applies to domain members who are subject to this policy template. For information about assigning policy templates to domain members, see Deploying policies to SharePoint Workspace users.