Configure Security for Windows SharePoint Services
These questions are based on 70-631 TS: Windows SharePoint Services 3.0, Configuring Microsoft Self Test Software Practice Test.
Objective: Configure Security for Windows SharePoint Services
Sub-objective: Configure Web application authentication
Single answer, multiple choice
You are a network administrator for your company. You recently have deployed Microsoft Windows SharePoint Services (WSS) 3.0 for access by your employees and users at your partner companies. Employees use domain accounts, while users at partner companies use a shared service account. Portions of your Web sites also should be available over the Internet to public users. You want to ensure that the correct portions of your Web sites can be accessed over the Internet without requiring user credentials. What should you do?
- Enable the guest user account.
- Enable anonymous authentication for the Web site from the IIS Management console.
- Modify the web.config file to specify the connection string details, membership and role information for the custom authentication provider.
- Enable basic authentication for the Web site from the IIS Management console.
B. Enable anonymous authentication for the Web site from the IIS Management console.
You should enable anonymous authentication for the Web site from the IIS Management console. The anonymous authentication technique is used to provide access to users who do not have Microsoft Windows NT server accounts. An anonymous account is created by IIS to provide anonymous access and generally is named IUSR_computername. The anonymous account first has to be enabled for a virtual server using the IIS Management console and then enabled for each individual Web site.
The following steps will enable anonymous authentication for a Web site:
- On the Web site page, click Site Settings.
- Under Administration, click Go To Site Administration.
- Under Users and Permissions, click Manage Anonymous Access.
- Choose Entire Web Site or Lists and Libraries because by default anonymous users have no Web site access.
You should not enable a guest user account for permanent users. This method only is recommended for contractors or guests that need brief access to the server. The guest account has reduced versions of the permissions granted to normal users.
You should not modify the web.config file to specify the connection string details, membership and role information for the custom authentication provider. The web.config file is used when ASP.NET forms are utilized to authenticate users with identity management systems not based on Windows.
You should not enable basic authentication for the Web site because basic authentication is used to authenticate users who have Windows account credentials. With basic authentication, users are prompted to enter their credentials each time they want to access a document; however, the scenario requires that public users with no credentials be allowed to access portions of your Web site. Because basic authentication sends the username and password in clear-text format, basic authentication is applicable in scenarios where encryption is not required. SSL (Secure Sockets Layer) must be enabled in the Internet Information Services (IIS) Manager to provide encryption of usernames and passwords with basic authentication. SSL can be enabled for the administration site using the following commands:
- stsadm.exe o setadminport p 443
- stsadm.exe o setadminport ssl
Microsoft TechNet > Windows SharePoint Services 3.0 Technical Library > Planning and architecture for Windows SharePoint Services 3.0 technology > Plan for and design security (Windows SharePoint Services) > Plan environment-specific security (Windows SharePoint Services) > Configure anonymous access