Woody Windischman

Sep-222011

Governing SharePoint Designer

wpe4A Book Excerpt from “Beginning SharePoint Designer 2010

SharePoint Designer provides a great deal of customizing power to its users. In some environments, particularly in an enterprise, giving all users access to this level of power may not be appropriate. To address this, SharePoint allows system administrators and site owners to configure different levels of access for users of SharePoint Designer.

First and foremost in the governance of SharePoint Designer is the proper application of regular security roles to a SharePoint site. Quite simply, even if a user downloads and installs SharePoint Designer, he cannot use it to make any changes to a site he would not otherwise be permitted to make. For example, a typical user in the Member role cannot change themes or master pages, or modify the schema of a list or library. SharePoint Designer would not suddenly enable him to do so. A user would need to be in (for example) the Web Designer or Administrator role on the site in order to make such changes, regardless of any tool he has installed.

In SharePoint 2010, you also have the settings for directly managing the use of SharePoint Designer, irrespective of the regular security of a site. These settings allow or prevent access to certain features by users of SharePoint Designer.

The SharePoint Designer controls screen is shown below

clip_image002

This page is accessible at different levels within SharePoint, depending upon the scope over which control is to be exerted. You can set these options at the web application or site collection level. If SharePoint Designer or one of its features is blocked at the web application level, it cannot be overridden by a site collection owner. Nevertheless, a site collection owner can invoke tighter restrictions than are set at the web application.

Note: Restrictions implemented at the site collection level impact most users, but do not apply to the site collection administrators themselves.

Regardless of which method or methods you use to restrict SharePoint Designer, your choices will be reflected in the experience presented to the users. The user interface of SharePoint Designer is security trimmed. This means that users are only shown the functions that they have the right to see or control. This figure shows a Site Objects list with all the SharePoint Designer options enabled (the default state).

clip_image003

Compare to the figure below, which is the same site with the options disabled.

clip_image004

Observe that access to the Master Pages gallery and direct access to the site files are not visible in the restricted site. Other elements throughout the user interface, such as context menus, are similarly trimmed.


Published: Sep-22-11 | 0 Comments | 0 Links to this post
Tagged as: Governance, SharePoint Designer, Administration, Best Practices

Sep-222010

Critical ASP.NET Issue *Updated*

Defuse the Ticking Bomb in your SharePoint Sites

Update: An out-of-band patch for this issue has now been released. Please see the SharePoint Team Blog for details.

By now, you have probably heard about the ASP.NET security flaw that was discovered over the weekend. SharePoint has been an ASP.NET based application for the last several versions, so it stands to reason that it would be affected by any problems discovered in the core platform. However, there has been some conflicting information with regard to just how (and how much) this affects SharePoint - in particular whether all versions are affected, or just SharePoint 2010.

The latest word is that you need to apply workarounds if you are using either SharePoint 2010 or SharePoint 2007. This also applies to SharePoint Foundation 2010 and Windows SharePoint Services 3.0, as well as SharePoint Portal Server 2003 and Windows SharePoint Services 2.0. (Updated to include confirmation of the older product impact.)

While it is good practice to harden any SharePoint environment, it is particularly critical to apply updates and security measures to public-facing sites. If you have not already done so, please immediately go to the official SharePoint Team Blog site and read their update for information about how to configure SharePoint to mitigate this critical ASP.NET issue. The article regarding this issue is regularly updated, and directly linked below:

Security Advisory 2416728 (Vulnerability in ASP.NET) and SharePoint.

This issue affects virtually all ASP.NET Versions

Please remember, this is not "just" a SharePoint issue - it affects all ASP.NET applications, from all vendors. Even if you don't use SharePoint, you should check with your software supplier to determine what steps should be taken to mitigate any risks in your environments.


Published: Sep-22-10 | 2 Comments | 0 Links to this post
Tagged as: Administration, Best Practices, Governance, Patches, Search Server, SharePoint, SharePoint 2010, WSS

Aug-162010

SharePoint Saturday Columbus Wrap-up

Another Successful SharePoint Saturday in the Books

I'm back and settled after SharePoint Saturday, Columbus. There was plenty of SharePoint knowledge to be had, with 6 tracks and over 20 speakers.

My session was "Who's Afraid of SharePoint Designer". There were only a few slides - which you can download here, if you like. Most of the session was taken up demonstrating some of the governance features of SharePoint Designer 2007 and 2010.

I would like to give a warm thank you to the organizers, sponsors, and (of course) the attendees for making the day as great as it was!


Published: Aug-16-10 | 0 Comments | 0 Links to this post
Tagged as: Best Practices, Conferences, Governance, SharePoint, SharePoint 2010, SharePoint Designer

Jul-272010

Speaking at SharePoint Saturday: Columbus, Ohio

Back to My Old Stomping Grounds...

When I was a "wet behind the ears" high school graduate, I ended up attending Ohio Institute of Technology (OIT) to study Electronics Engineering Technology. While I was there, OIT became DeVry Institute of Technology, Columbus. Today it is known as DeVry University, Columbus and offers a whole lot more than electronics. I ultimately ended up living and working in Columbus for many years, and it holds a special place in my heart.

Today, I'm pleased to announce that I've been selected to present at the SharePoint Saturday in Columbus, Ohio. This takes place on August 14th, 2010 at The Conference Center at OCLC. Click on the link or logo above for all the details, including registration, a list of the other presenters, as well as the Twitter feed of #SPSColumbus commentary.

A SharePoint Saturday is a free to attend event that serves as a mini SharePoint conference. SPS Columbus will be an educational, informative & lively day filled with sessions from respected SharePoint professionals & MVPs, covering a wide variety of SharePoint-oriented topics.  SharePoint Saturday is FREE, open to the public and is your local chance to immerse yourself in SharePoint!

So, if you're in Central Ohio, and interested in SharePoint - whether you need the latest information on SharePoint 2010 or are still trying to make the best use of SharePoint 2007, this is the place to be! I hope to see you there...


Published: Jul-27-10 | 0 Comments | 0 Links to this post
Tagged as: Best Practices, Conferences, SharePoint, SharePoint 2010, SharePoint Designer