|
4.2. User ManagementWindows SharePoint Services simplifies user management by relying on IIS and Microsoft Windows Server 2003 to manage user accounts and authentication. Either Windows Server 2003 or Active Directory can be used to manage the user accounts; however, IIS is always used to manage user authentication. 4.2.1. User Account ModesWindows SharePoint Services provides two user administration modes:
When you or your administrator installs and configures Windows SharePoint Services on a department or company server, you choose the account mode to use in SharePoint. This is an important decisiononce you select one mode, you cannot change back to the other mode without uninstalling and reinstalling Windows SharePoint Services. Further, SharePoint will not run in a mixed mode. A default Windows SharePoint Services installation uses domain account mode. Domain account mode allows users with Windows Domain accounts access to your site. This account mode is best suited when you plan to use SharePoint internally on a Windows-based network where your systems administrator controls user creation. If you plan to use SharePoint externally, choose Active Directory account creation mode. In Active Directory account creation mode, you can create users in the SharePoint central administration web site. SharePoint then adds the user to Active Directory after creation. 4.2.2. Authentication ModesSharePoint limits which users can access a team site through authentication. Granting a user access to a site means the user passed authentication. Denying a user access to a site means the user failed authentication. Windows SharePoint Services uses IIS to control how a user is authenticated. IIS provides four authentication methods (in order of increasing security):
You can choose any of the four authentication methods, depending on the security needs for your site. 4.2.3. Default User PermissionsAfter authenticating a user, SharePoint assigns a default set of permissions to the user. By default, new users receive the site group reader (see the Section 4.3). You can change this setting and grant increased access rights or even grant administrative rights. You can also create different sets of rites for different users or user groups. |
|