Plan for and design security (Office SharePoint Server)

Applies To: Office SharePoint Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.


Topic Last Modified: 2016-11-14

This chapter provides a methodical approach to building security into your solution design for Microsoft Office SharePoint Server 2007. This approach is based on a foundation of the following security guides that are provided in Microsoft patterns & practices (

These guides explain practical secure configurations for specific server roles. The guidance for each server role includes recommended secure settings for the network, the operating system, and the applications that are installed, including Internet Information Services (IIS), Microsoft ASP.NET Framework, and Microsoft SQL Server.

The information in this chapter supplements the patterns & practices security guides in several ways:

  • Provides recommendations for each server role within a server farm.

  • Identifies additional networking, operating system, and application settings that are appropriate for server roles.

  • Provides recommendations for securing the specific applications and features that are installed by Office SharePoint Server 2007.

  • Targets security recommendations to security environments that are common for Office SharePoint Server 2007 solutions.

Plan for and design security by using the following steps:

  1. Plan your security environment   The security guidance that is recommended for your organization depends on which environment best matches your intended use of Office SharePoint Server 2007. Use the following article to help plan your security environment:

  2. Plan server farm security   plan how to secure individual servers within a server farm. The patterns & practices security guides are used as a foundation for securing Office SharePoint Server 2007 environments. Use the following articles to help plan server farm security:

  3. Plan secure configurations for features   plan how to configure Office SharePoint Server 2007 features in a secure manner. Use the following article to help plan secure configurations:

  4. Plan environment-specific security   plan security targeted to your specific environment. Use the following articles to help plan environment-specific security:

  5. Plan security roles   Use the following article to plan for and design security roles:

  6. Plan for single sign-on   If you plan to connect to data sources outside of your server farm, single sign-on can be used to automatically authenticate users, rather than prompting for credentials. Use the following article to help plan for sign sign-on:

  7. Plan for accounts   Use the following article to plan for administrative and service accounts:

Some of these planning articles are intended for specific security environments. The following figure shows the intended planning flow based on the security environment.

Flowchart for planning security

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable content for Office SharePoint Server 2007.