Wednesday, January 21, 2015

Your Password Is 12345? Password FAIL

Your Password is 12345?

It's hard to fathom why people don't get that 12345, 123456, and other similarly stupid passwords make their own information and your organization's much less secure. But many people don't get it.

Dark Helmet from SPACEBALLS warned you a long time ago: "12345? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!"

I made the above demotivational poster in honor of this post from InformationWeek:
Password Fail: Are Your Workers Using 123456?

Do better with passwords!

Monday, October 6, 2014

How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your Information

This presentation is adapted from a course I wrote for AIIM, which is available in their SharePoint Resource Center. I also presented some of this material at the SharePoint Users Group of DC (SUGDC) on 9/11/2014.


The AIIM Resource Centers offer lots of tutorials, webinars, publications, perspectives and more on SharePoint and a host of Information Management topics. Professional Members of AIIM can take advantage of these resources for free and get industry research, resource kits, training discounts, and more.

View this presentation as a course with audio and a full transcript in the AIIM SharePoint Resource Center. I have contributed more content there, including a webinar on Records Management in SharePoint 2013.

Thursday, September 11, 2014

Speaking at SUGDC Tonight

I am excited to be speaking at SUGDC (SharePoint Users Group of DC) tonight. I am presenting on "How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your Information". This is material adapted from an AIIM course I developed that is available in the AIIM Resource Center for professional members.

Monday, September 8, 2014

Managing SharePoint User Access

What is the best way to manage individual users' access to SharePoint sites? Through AD security groups inside corresponding SharePoint groups. I prefer to keep the names consistent between SharePoint and AD security groups.
Example Permission Groups for SharePoint
AD Security GroupSharePoint GroupSharePoint Permission Level
WebApp1_Site1_InfoManagersWebApp1_Site1_InfoManagersManage Information
WebApp1_Site1_ContributorsWebApp1_Site1_ContributorsContribute
WebApp1_Site1_VisitorsWebApp1_Site1_VisitorsRead

After creating SharePoint groups and placing AD groups, you can add and remove individual AD user accounts from the AD groups without triggering new crawls. However, to me the main benefit here is about Information Governance: If you have a documented process of requesting, adding, removing, and documenting membership in AD security groups, and if you remove the ability of site "information managers" to add individuals and groups to their SharePoint sites, you can effectively manage information access and security in a way that is auditable and defensible.

Note: The permission level "Manage Information" is not an out of the box permission level. I typically create this permission level and remove the ability to manage permissions and lists. I plan to write more about this in future posts. I also blow away the "Site Owners" group, leaving those permissions to trained site collection administrators. I have seen too many site owners "accidentally" delete entire subsites and lists when they should never have had those rights to begin with. This is better for everyone.

Note: It is usually a good idea to keep Active Directory Security Group object names to no more than 64 characters in length. You need a naming convention that is unambiguous when identifying web applications and site collections as well as permission roles. And document this!

See this post for details about how adding people and groups to SharePoint sites will affect search crawls:
Clarifying Guidance on SharePoint Security Groups versus Active Directory Domain Services Groups