Plan for and design security (Windows SharePoint Services)

Applies To: Windows SharePoint Services 3.0


Topic Last Modified: 2009-04-15

This chapter provides a methodical approach to building security into your solution design for Windows SharePoint Services 3.0. This approach is based on a foundation of the following security guides that are provided in Microsoft patterns & practices (\&clcid=0x40):

These guides explain practical secure configurations for specific server roles. The guidance for each server role includes recommended secure settings for the network, the operating system, and the applications that are installed, including Internet Information Services (IIS), Microsoft ASP.NET Framework, and Microsoft SQL Server.

The information in this chapter supplements the patterns & practices security guides in several ways:

  • Provides recommendations for each server role within a server farm.

  • Identifies additional networking, operating system, and application settings that are appropriate for server roles.

  • Provides recommendations for securing the specific applications and features that are installed by Windows SharePoint Services 3.0.

  • Targets security recommendations to security environments that are common for Windows SharePoint Services 3.0 solutions.

Plan for and design security by using the following steps:

  1. Plan your security environment   The security guidance that is recommended for your organization depends on which environment best matches your intended use of Windows SharePoint Services 3.0. Use the following article to help plan your security environment:

  2. Plan server farm security   plan how to secure individual servers within a server farm. The patterns & practices security guides are used as a foundation for securing Windows SharePoint Services 3.0 environments. Use the following articles to help plan server farm security:

  3. Plan secure configurations for features   plan how to configure Windows SharePoint Services 3.0 features in a secure manner. Use the following article to help plan secure configurations:

  4. Plan environment-specific security   plan security targeted to your specific environment. Use the following articles to help plan environment-specific security:

  5. Plan security roles   Use the following article to plan for and design security roles:

  6. Plan for accounts   Use the following article to plan for administrative and service accounts:

Some of these planning articles are intended for specific security environments. The following figure shows the intended planning flow based on the security environment.

Flowchart for planning for security

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable books for Windows SharePoint Services.