Understanding Security in SharePoint Central Administration

The Security section allows you to configure the security settings for the SharePoint farm. The following sections discuss the important Security screens.

Exploring Users Settings

The Users section contains various settings to manage users in the farm administrators group and to manage users in the Approve or Reject distribution groups. In addition you can provide users access at the web application level through the Specify Web Application User Policy screen.

General Security

This section allows you to configure various security settings as described in the following list:

• Configure Managed Accounts—This screen allows you to add, edit, and delete managed accounts. A managed account is a user account whose credentials are managed by and contained within SharePoint. Figure 16.21 shows the Configure Managed Accounts screen.

Figure 16.21. Configure Managed Accounts

• Configure Service Accounts—This allows you to change the accounts under which the service applications run. In addition you can change the user accounts of the application pools used in your SharePoint farm. Figure 16.22 shows the Service Accounts screen.

Figure 16.22. Service Accounts

• Configure Password Change Settings—This screen allows you to configure farm-level settings for automatic password changes and to configure the notification email address that will be used to send all password change notification emails.

• Specify Authentication Providers—This screen lists the authentication providers for the selected web applications and allows you to configure those authentication providers. Figure 16.23 shows the Authentication Providers screen.

Figure 16.23. Authentication Providers

• Define Blocked File Types—This allows you to specify file types that are prevented from being uploaded within a document library in a SharePoint site.

• Manage Web Part Security—This screen allows you to enable/disable various settings related to web parts such as web part connections, access to the web part gallery, and access to scriptable web parts.

Information Policy

This section allows you to configure the following settings

• Configure Information Rights Management—This screen allows you to configure Rights Management Services (RMS) on this server. RMS allows you to use Information Rights Management, which helps you to protect sensitive files from being misused or distributed without permissions once they have been downloaded from the server. Figure 16.24 shows the Information Rights Management screen.

Figure 16.24. Information Rights Management

• Configure Information Management Policy—This screen allows you to enable/disable the various information management policy features such as Labels, Barcodes, Auditing, and Retention.