Adding Users to WSS 3.0 Site in HMC 4.0 Exposes Users in All Organizations
If you followed our deployment guide to the letter, then chance are your WSS 3.0 setup isn't 100%. There's a big problem with the deployment guide for WSS that can break "multi-tenancy." Here's how you can check if you are broken and how you can fix the problem.
The Test
- Log into an MPS-provisioned WSS site as the organization admin.
- Click the Site Actions drop-down and choose Site Settings
- Click People and Groups.
- Click New.
- Underneath the text box labeled "Users/Groups" click the little book icon (the Browse button)
- Type something generic like 'a' and hit Enter
If you see users from other organizations, you've got a problem. What you should see is only users in the organization that owns the WSS site, as well as some of the built-in accounts and groups (unfortunately WSS is limited so we can't filter out those built-in accounts).
The Fix
This problem is created by the unneeded and incorrect Step 8 in procedure DWSH.1 in the HMC 4.0 deployment guide. That procedure instructs you to add the SharePoint_AppID, SharePointSrchSvc, and SharePointSrchCrl accounts to the Windows-based Hosting Service Accounts group. So to fix the problem you will need to remove these accounts from the Windows-based Hosting Service Accounts group and then restart IIS on your WSS front ends.
Comments
Anonymous
September 11, 2007
PingBack from http://msdnrss.thecoderblogs.com/2007/09/11/adding-users-to-wss-30-site-in-hmc-40-exposes-users-in-all-organizations/Anonymous
October 23, 2007
We have received another solution that others maybe interested in: On WSS run this command: stsadm -o setproperty -url [website of new sharepoint site] -pn peoplepicker-onlysearchwithinsitecollection -pv yes You may have to navigate to find the stsadm command if you didnt add WSS commands into your path...