From MS SharePoint 2010 Security Technical Implementation Guide
Part of SRG-APP-000062-COL-000046
Associated with: CCI-000225
Separation of duties is a prevalent Information Technology control implemented at different layers of the information system including the operating system and in applications. It serves to eliminate or reduce the possibility that a single user may carry out a prohibited action. Separation of duties requires the person accountable for approving an action not be the same person tasked with implementing the action.
1. On the server(s) where the SharePoint software is installed, navigate to Server Manager -> Local Users and Groups -> Groups. 2. Double-click on each group to view membership. 3. Verify the SharePoint setup user domain account is a member of the Administrators and WSS_ADMIN_WPG groups only. 4. Mark as a finding if the setup user account is a member of any other group than Administrators and WSS_ADMIN_WPG on the local server where SharePoint is installed.
1. On the server (s) where the SharePoint software is installed, navigate to Server Manager -> Local Users and Groups -> Groups. 2. Double-click on each group to view membership. 3. Remove the SharePoint setup user account from membership in groups other than Administrators and WSS_ADMIN_WPG.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer