2.10. Allowing Anonymous Access
If your SharePoint site is used over the Internet, you may want to allow users who don't have network accounts access to
To allow anonymous access to a SharePoint site:
2.11. Maintaining Server Security
Access to SharePoint sites is controlled through the authentication settings in IIS. The default setting is to use Windows integrated authentication, but sites can also use digest or basic authentication.
is used when SharePoint is installed in Active Directory mode (as when configured for use by an ISP).
In addition, the security settings in the site's
file can control which users are allowed or
<authentication mode="Windows" /> <authorization> <allow roles="Administrators" /> <deny users="*" /> </authorization> <identity impersonate="true" />
attribute above refers to the Windows account group, not the SharePoint
<deny users="WOMBAT1\BeigeBond" />
attribute determines the identity used to run applications within the SharePoint site. In this case, SharePoint .
pages and web
Once a user is authenticated, SharePoint uses the members list stored in the site's content database to determine what the user can see and do. This two-
SharePoint automatically blocks executable file types from being uploaded and includes a virus scanner for uploaded files. To configure these settings from SharePoint Central Administration, choose Manage blocked file types or Configure antivirus settings.
The default settings do not enable virus-checking, so it's a good idea to change that setting if your site allows access through the Internet.