Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

SPS V2: Handling non-AD users

  Asked By: Desmond    Date: Aug 31    Category: Sharepoint    Views: 2482


We are implementing authentication in SP 2003 through Active Directory, but have many users outside of the University that would need access to SharePoint. Since we have not found a perfect solution to handle those outside users, I wanted to get an idea about whether other sites have run into the same problem and what solution they have chosen.
Here are the options we have looked at:
1. Local accounts
Disadvantage: requires too much administrative overhead
As we understand, it doesn't integrate with SharePoint
3. Putting users in Active Directory
Disadvantage: gives users access to other resources they should not have access to.

We have also started looking into ISAPI filter. If anyone has had any experience with what exactly it does, could you please share?

Any ideas you can give us would be very much appreciated.
Thank you,



2 Answers Found

Answer #1    Answered By: Lee Black     Answered On: Aug 31

In terms of #3, why is this an assumption? It would seem to me that you could place those users  in their own OU, secure it with GPOs any way you’d like and explicitly deny those users to other resources in AD.

Any way you look at it, you’ll have some extra Admin overhead.

Answer #2    Answered By: Fred Rios     Answered On: Aug 31

ISAPI (Internet Server Application Programming Interface)
commonly functions as a 'filter' to allow IIS for example
to know what to do with an .asp file type and so on.

While it is possible to use an ISAPI filter for other tasks
the data it would function with still has to be stored
somewhere. Thus, I'd have to concur with Bill's suggestion
to reconsider using the Active Directory Organizational Units.

There is also LDAP (Lightweight Directory Access Protocol) that
you may need to consider and which I believe may also be used
with SharePoint if even not supported natively.

Briefly, what you need to understand are three fundamental
criteria: Authentication, Authorization, and Accounting

Authentication, Authorization, and Accounting

Once you understand the criteria involved in an framework
designed to control access to networked resources you will
hopefully understand why you need to learn how to deploy a
directory schema, most likely provided by Microsoft's Active

I would suggest you consult with those who provide
network security for your organization.

Didn't find what you were looking for? Find more on SPS V2: Handling non-AD users Or get search suggestion and latest updates.