Downloadable book: Security for Windows SharePoint Services 3.0

Applies To: Windows SharePoint Services 3.0


Topic Last Modified: 2009-04-14

This guide describes how security is implemented in Microsoft Windows SharePoint Services 3.0. The audiences for this guide include information architects, IT generalists, and program managers who are planning to make Windows SharePoint Services 3.0 sites accessible from the Internet.

This guide includes the following parts:

Part 1 — Plan site and content security

Part 1 of this guide describes the permissions that control access to your sites and the content in your sites. It also discusses security related to implementing search.

Part 2 — Plan for authentication

Part 2 of this guide describes the authentication methods that are supported by Windows SharePoint Services 3.0, discusses the authentication configuration settings that need to be planned for individual Web applications, and includes sample configuration settings for several common forms authentication and Web single sign-on (SSO) authentication providers.

Part 3 — Deploying Windows SharePoint Services 3.0 in a secure manner

Part 3 of this guide describes practical secure configurations for specific server roles. The guidance for each server role includes recommended secure settings for the network, the operating system, and the applications that are installed, including Internet Information Services (IIS), the Microsoft.NET Framework, and Microsoft SQL Server database software. Part 3 also addresses security requirements and recommendations for planning for security roles and for configuring administrative and service accounts.

Click the following link to open a Microsoft Word .doc file that you can download to your computer and print. The size of this document is approximately 1.1 MB. Publish date: April 2009.

Windows SharePoint Services Security (

The content in this book is a copy of selected content in the Windows SharePoint Services technical library ( as of the date above. For the most current content, see the technical library on the Web.