SharePoint Sharpener

Obsessively Sharpening SharePoint

Archive for February 2009

Hardening Your MOSS 2007 WCM Application

with 4 comments

This is a re-post of a still relevant post from my old blog at

Today Last year at the SharePoint Conference in Berlin, Ben Robb of cScape Ltd gave a talk about configuring internet-facing web sites running MOSS 2007/WCM.

He brought up some interesting points about securing the application against unauthorised content editing and attacks from hackers.

Make sure your installation check list contains a least the following items:

1. Enable firewalls and standard network security
Fairly standard stuff, but necessary all the same.

2. Disable SMTP and incoming mail
In essence, you shouldn’t be running services on the server that aren’t necessary for MOSS. Also, close any ports that MOSS doesn’t need.

3. Secure the Central Administration site
Surprisingly, it is very common to leave this entry point wide open. The admin site should be accessible only via an SSL connection .

4. Use lockdown mode
Use this stsadm command to activate lockdown mode:
stsadm –o activatefeature –url <url> -filename ViewFormPagesLockdown\feature.xml
Read more about ViewFormPagesLockdown.

5. Restricted reader role
The anonymous user should have a restricted reader role which only enables viewing of pages, documents and images.

6. Policies
Constrain the maximum access per web application and deny all write access via http://sitename:80.

7. Content deployment
Use different servers for authoring and the actual internet-facing web application. Content generated on the authoring server (typically within the intranet) should be pushed out to the public site using scheduled content deployment jobs.

To many administrators the above bullets merely point out the obvious and do feel free to leave comments if you have any additions to the list.

Thanks to Ben Robb for providing 99% of the info for this post.


Written by Thomas Sondergaard

February 18, 2009 at 9:54 am

Access Denied When Trying to Create a New Page on a Publishing Site

with 7 comments

From time to time you may encounter that a user on a publishing site is denied access to creating pages, even if the Create Page link in the Site Actions menu hasn’t been security trimmed.

This is probably due to the user not having read access to the the master page gallery.



To remedy the problem, go to Site Actions > Site Settings > Modify All Site Settings > Master Page and Page Layouts. This takes you to the master page gallery.

Now go to Settings > Document Library Settings > Permissions for this Document Library and give the user (or the group he belongs to) read permission.


Permissions: Master Page Gallery

Written by Thomas Sondergaard

February 6, 2009 at 2:05 pm

Confirmed: SharePoint Conference 19-22 Oct 2009 in Las Vegas

leave a comment »

As I mentioned three weeks ago, the next SharePoint Conference will be held in Q4 in Las Vegas!

Early bird registration is now open at the conference site.

Focus will be on the next version of SharePoint (codenamed SharePoint 14).

More to follow.

Written by Thomas Sondergaard

February 4, 2009 at 9:37 am