MOSS Hosting

TheMSsForum.com: The Microsoft Software Forum

Hello All

We host a few sharepoint 2007 sites for a few clients (SPLA). The way
our setup is configured at the moment is that we configure their top
level site for them and just provide them with an access URL, they
dont get access to Central Admin. Therefore If anything is required to
be enabled on the server, for example the InfoPath forms service, they
request this via a support ticket.

We now have the requirement to provide a dedicated service to a
specific customer who wants to be able to use Central Admin. The
problem as I see it is that the dedicated service is in our hosting AD
domain and therefore they could cause problems and also probably
browse our AD (?)

Is there a way,apart from creating them in their own domain, that we
can stop them interogating our hosting AD?

What are the real risks if we let them lose with central admin on a
MOSS server in our hosting domain.

Any thoughts and advice would be most welcome.

Thanks

Andy
Top

Re: MOSS Hosting by John

John
Fri Jul 04 14:07:05 CDT 2008

What exactly are they wanting to access via central admin. I certainly
wouldn't let them near it just because they asked!

Regards

John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog


"AJ" <andyjones99@hotmail.co.uk> wrote in message
news:079f51c2-4085-43c4-9aaa-0b80aeafb973@8g2000hse.googlegroups.com...
> Hello All
>
> We host a few sharepoint 2007 sites for a few clients (SPLA). The way
> our setup is configured at the moment is that we configure their top
> level site for them and just provide them with an access URL, they
> dont get access to Central Admin. Therefore If anything is required to
> be enabled on the server, for example the InfoPath forms service, they
> request this via a support ticket.
>
> We now have the requirement to provide a dedicated service to a
> specific customer who wants to be able to use Central Admin. The
> problem as I see it is that the dedicated service is in our hosting AD
> domain and therefore they could cause problems and also probably
> browse our AD (?)
>
> Is there a way,apart from creating them in their own domain, that we
> can stop them interogating our hosting AD?
>
> What are the real risks if we let them lose with central admin on a
> MOSS server in our hosting domain.
>
> Any thoughts and advice would be most welcome.
>
> Thanks
>
> Andy


Top

Re: MOSS Hosting by AJ

AJ
Mon Jul 07 14:27:20 CDT 2008

On 4 Jul, 20:07, "John Timney \(MVP\)" <xyz_j...@timney.eclipse.co.uk>
wrote:
> What exactly are they wanting to access via central admin. =A0I certainly
> wouldn't let them near it just because they asked!
>
> Regards
>
> John Timney (MVP)http://www.johntimney.comhttp://www.johntimney.com/blog
>
> "AJ" <andyjone...@hotmail.co.uk> wrote in message
>
> news:079f51c2-4085-43c4-9aaa-0b80aeafb973@8g2000hse.googlegroups.com...
>
>
>
> > Hello All
>
> > We host a few sharepoint 2007 sites for a few clients (SPLA). The way
> > our setup is configured at the moment is that we configure their top
> > level site for them and just provide them with an access URL, =A0they
> > dont get access to Central Admin. Therefore If anything is required to
> > be enabled on the server, for example the InfoPath forms service, they
> > request this via a support ticket.
>
> > We now have the requirement to provide a dedicated service to a
> > specific customer who wants to be able to use Central Admin. The
> > problem as I see it is that the dedicated service is in our hosting AD
> > domain and therefore they could cause problems and also probably
> > browse our AD (?)
>
> > Is there a way,apart from creating them in their own domain, that we
> > can stop them interogating our hosting AD?
>
> > What are the real risks if we let them lose with central admin on a
> > MOSS server in our hosting domain.
>
> > Any thoughts and advice would be most welcome.
>
> > Thanks
>
> > Andy- Hide quoted text -
>
> - Show quoted text -

Hi John
Thanks for your input. I think this is the stance that we are going to
take. However I have seen other companies that offer full central
admin access so I was also curious to how they did this. I guess they
deployed a seperate AD forest specifically for that customer, or is
there someway this can be done using forms based authentication and
SQL server as the accounts repository?
Thanks
Andy
Top

Re: MOSS Hosting by callahan

callahan
Mon Jul 07 16:06:33 CDT 2008

Or, possibly, they deployed separate virtual machines for the clients,
either setup with their own AD, or using the server's SAM for
authentication.

-callahan
"AJ" <andyjones99@hotmail.co.uk> wrote in message
news:cbfe6b03-1278-4043-b98b-7fb2722cca4b@k30g2000hse.googlegroups.com...
On 4 Jul, 20:07, "John Timney \(MVP\)" <xyz_j...@timney.eclipse.co.uk>
wrote:
> What exactly are they wanting to access via central admin. I certainly
> wouldn't let them near it just because they asked!
>
> Regards
>
> John Timney (MVP)http://www.johntimney.comhttp://www.johntimney.com/blog
>
> "AJ" <andyjone...@hotmail.co.uk> wrote in message
>
> news:079f51c2-4085-43c4-9aaa-0b80aeafb973@8g2000hse.googlegroups.com...
>
>
>
> > Hello All
>
> > We host a few sharepoint 2007 sites for a few clients (SPLA). The way
> > our setup is configured at the moment is that we configure their top
> > level site for them and just provide them with an access URL, they
> > dont get access to Central Admin. Therefore If anything is required to
> > be enabled on the server, for example the InfoPath forms service, they
> > request this via a support ticket.
>
> > We now have the requirement to provide a dedicated service to a
> > specific customer who wants to be able to use Central Admin. The
> > problem as I see it is that the dedicated service is in our hosting AD
> > domain and therefore they could cause problems and also probably
> > browse our AD (?)
>
> > Is there a way,apart from creating them in their own domain, that we
> > can stop them interogating our hosting AD?
>
> > What are the real risks if we let them lose with central admin on a
> > MOSS server in our hosting domain.
>
> > Any thoughts and advice would be most welcome.
>
> > Thanks
>
> > Andy- Hide quoted text -
>
> - Show quoted text -

Hi John
Thanks for your input. I think this is the stance that we are going to
take. However I have seen other companies that offer full central
admin access so I was also curious to how they did this. I guess they
deployed a seperate AD forest specifically for that customer, or is
there someway this can be done using forms based authentication and
SQL server as the accounts repository?
Thanks
Andy


Top

Re: MOSS Hosting by SamS

SamS
Mon Jul 07 21:58:56 CDT 2008

I see no issue giving them access to their SSP site, if they have one.
The problem here is to accomodate their request might be too late as this
would have been planned in the planning stage with all the different
options. If it was to process, look at migrating their environment to a new
MOSS instance


"callahan" <cacallahan@NOSPAM.computer.org> wrote in message
news:ukxwbVH4IHA.4908@TK2MSFTNGP04.phx.gbl...
> Or, possibly, they deployed separate virtual machines for the clients,
> either setup with their own AD, or using the server's SAM for
> authentication.
>
> -callahan
> "AJ" <andyjones99@hotmail.co.uk> wrote in message
> news:cbfe6b03-1278-4043-b98b-7fb2722cca4b@k30g2000hse.googlegroups.com...
> On 4 Jul, 20:07, "John Timney \(MVP\)" <xyz_j...@timney.eclipse.co.uk>
> wrote:
>> What exactly are they wanting to access via central admin. I certainly
>> wouldn't let them near it just because they asked!
>>
>> Regards
>>
>> John Timney (MVP)http://www.johntimney.comhttp://www.johntimney.com/blog
>>
>> "AJ" <andyjone...@hotmail.co.uk> wrote in message
>>
>> news:079f51c2-4085-43c4-9aaa-0b80aeafb973@8g2000hse.googlegroups.com...
>>
>>
>>
>> > Hello All
>>
>> > We host a few sharepoint 2007 sites for a few clients (SPLA). The way
>> > our setup is configured at the moment is that we configure their top
>> > level site for them and just provide them with an access URL, they
>> > dont get access to Central Admin. Therefore If anything is required to
>> > be enabled on the server, for example the InfoPath forms service, they
>> > request this via a support ticket.
>>
>> > We now have the requirement to provide a dedicated service to a
>> > specific customer who wants to be able to use Central Admin. The
>> > problem as I see it is that the dedicated service is in our hosting AD
>> > domain and therefore they could cause problems and also probably
>> > browse our AD (?)
>>
>> > Is there a way,apart from creating them in their own domain, that we
>> > can stop them interogating our hosting AD?
>>
>> > What are the real risks if we let them lose with central admin on a
>> > MOSS server in our hosting domain.
>>
>> > Any thoughts and advice would be most welcome.
>>
>> > Thanks
>>
>> > Andy- Hide quoted text -
>>
>> - Show quoted text -
>
> Hi John
> Thanks for your input. I think this is the stance that we are going to
> take. However I have seen other companies that offer full central
> admin access so I was also curious to how they did this. I guess they
> deployed a seperate AD forest specifically for that customer, or is
> there someway this can be done using forms based authentication and
> SQL server as the accounts repository?
> Thanks
> Andy
>

Top