MCT USE ONLY. STUDENT USE PROHIBITED Developing a Plan for Governance 12-41 HKLM\Software\Policies\Microsoft\Shared Tools\Web Server Extensions \14.0\ SharePoint\DWORD DisableInstall To block installation, set DWORD DisableInstall=00000001. IT Service Features These are some of the IT service features in SharePoint Server 2010 that you can use to provide governance of your SharePoint Server 2010 implementation: • Site templates. Using a site template, you can encourage consistent branding, site structure, and layout in the sites that your users create. You can create customized site templates for provisioning sites and use them instead of the templates that are included with SharePoint Server 2010. • Quotas. A quota dictates a limit on the amount of storage that a site collection can use, and prevents users from adding content when the limit has been reached. • Workflows. Workflows implement business processes for users of a SharePoint site, and are associated with site items such as documents, forms, or lists. • Features. You can deploy a feature as a part of a site definition or a solution package, and you can individually activate a feature. You can hide features to prevent site users from manually deactivating them. You can use a technique called feature stapling to attach a feature to all new instances of sites that use a given site definition. This enables you to control the features that users of your service can access. • Self-service site creation. You can enable users to create their own site collections by using the Self-Service Site Creation feature. A key decision in governing self- service site creation is to determine the level of service that supports self- service site creation. By default, this permission is enabled in SharePoint Server 2010 for all authenticated users. • SharePoint Designer. You can manage how an organization uses SharePoint Designer 2010 at either the Web application level or the site collection level. • User profiles and My Site policies. You can use user profile policies to control the site content that users can see and how they can interact with that content. By default, all authenticated users can create a My Site Web site, and you should use security groups to manage permissions for these sites. My Site features store and use personally identifiable information, so before you deploy My Site Web sites, you should either plan how to control the behavior of these features or turn them off completely to help protect the security of this information. MCT USE ONLY. STUDENT USE PROHIBITED 12-42 Designing a Microsoft® SharePoint® 2010 Infrastructure Question: At which levels can you control the use of SharePoint Designer? Additional Reading For more information about setting the Group Policy object and for tracking SharePoint installations by using the Active Directory Domain Services marker, see http://go.microsoft.com/fwlink/?LinkID=200905&clcid=0x409. For more information about working with site templates, see http://go.microsoft.com/fwlink/?LinkID=184756. For more information about planning quotas management, see http://go.microsoft.com/fwlink/?LinkID=201246&clcid=0x409. For more information about planning workflows, see http://go.microsoft.com/fwlink/?LinkID=201247&clcid=0x409. For more information about using features, see http://go.microsoft.com/fwlink/?LinkID=201248&clcid=0x409. For more information about turning self-service site creation on or off, see http://go.microsoft.com/fwlink/?LinkID=201249&clcid=0x409. MCT USE ONLY. STUDENT USE PROHIBITED Developing a Plan for Governance 12-43 Information Management Features for Implementing Governance Key Points Information management in SharePoint Server 2010 consists of managing, retrieving, obtaining, and retaining information. SharePoint Server 2010 includes several information management features that an organization can use to help govern the use of SharePoint Server 2010. These are some of the information management features in SharePoint Server 2010 that you can use to provide governance of your implementation of SharePoint Server 2010: • Document management. You use document management to control the life cycle of documents in your organization. You can use policies that implement auditing, document retention, labeling, and barcodes. You can implement these policies to help your organization achieve regulatory compliance, such as retaining records for a given time period. • Content approval. You can use content approval to formalize and control the process of making content available to an audience, for example, to ensure that MCT USE ONLY. STUDENT USE PROHIBITED 12-44 Designing a Microsoft® SharePoint® 2010 Infrastructure content has gone through the correct legal review and approval process before it is published. • Versioning. You can use versioning to prevent users who have read permissions from viewing drafts of documents. • Records management. Records management is the process by which an organization determines the types of information that should be considered records, how to manage records while they are active, and how long to retain each type of record. SharePoint Server 2010 includes features that can help organizations to implement integrated records management systems and processes. • Digital asset management. Having a centralized repository for managing your digital assets enables you to apply firm control over brand-sensitive content, and helps to ensure that only approved assets are available to the appropriate users. • Hold and eDiscovery. You can use this site-level feature to track external actions such as litigations, investigations, or audits that require you to suspend the disposition of documents. If you use SharePoint Server 2010 to manage any electronic information, you should consider using Hold and eDiscovery when you are developing your SharePoint Server 2010 governance plan. Additional Reading For more information about planning document management policy, see http://go.microsoft.com/fwlink/?LinkID=200906&clcid=0x409. For more information about content approval and versioning, see http://go.microsoft.com/fwlink/?LinkID=201250&clcid=0x409. For more information about records management planning, see http://go.microsoft.com/fwlink/?LinkID=201251&clcid=0x409. For more information about planning for eDiscovery, see http://go.microsoft.com/fwlink/?LinkID=201252&clcid=0x409. MCT USE ONLY. STUDENT USE PROHIBITED Developing a Plan for Governance 12-45 Information Management Policies for Implementing Governance Key Points SharePoint Server 2010 includes several information management policies that an organization can use to help govern the use of SharePoint Server 2010. An information management policy is a set of rules for a type of content, or for a location where content is stored. Each rule in a policy is a policy feature. You can use information management policies to control who can access organizational information, what they can do with it, and how long the information should be retained for. You can assign a policy to a list, document library, or content type. Note: When you configure an information management policy, it is a recommended best practice to write a policy statement that is displayed in Microsoft Office 2010 client programs to inform document authors about the policies that are enforced on a document. MCT USE ONLY. STUDENT USE PROHIBITED 12-46 Designing a Microsoft® SharePoint® 2010 Infrastructure SharePoint Server 2010 includes the following information management policies: • The Auditing policy. This policy logs events and operations that are performed on documents and list items. You can configure Auditing to log events such as editing documents, viewing them, or changing a document's permissions level. • The Retention policy. This policy helps to dispose of or process content in a consistent way that you can track and manage. For example, the policy can delete a document or define a workflow task to have SharePoint Server route the document for permission to destroy it. • The Labeling policy. This policy specifies a label to associate with a type of document or list item. Labels are searchable text areas that SharePoint Server generates based on metadata properties and formatting that you specify. • The Barcode policy. This policy enables you to track physical copies of a document. You create a unique identifier value for a document and then insert a barcode image of that value in the document. By default, barcodes are compliant with the common Code 39 standard (ANSI/AIM BC1-1995, Code 39), and you can use the object model of the policies to plug in other barcode providers. Information management policy reports help you to monitor how consistently your organization uses policies. If you implement information management policies to help your organization comply with regulations, you should monitor policy usage frequently to help ensure that your organization is compliant. Additional Reading For more general information about planning information management policies, see http://go.microsoft.com/fwlink/?LinkID=200906&clcid=0x409. MCT USE ONLY. STUDENT USE PROHIBITED Developing a Plan for Governance 12-47 Information Architecture Features for Implementing Governance Key Points SharePoint Server 2010 includes several information architecture features that an organization can use to help govern the use of SharePoint Server 2010. Information architecture in SharePoint Server 2010 refers to the organization of enterprise information such as documents, lists, Web sites, and Web pages to take full advantage of the information's usability and manageability. You can increase your organization’s return on its portal investment by including information architecture standards and policies in your governance plan. A well- governed architecture makes it easier for your users to find, share, and use your information. These are some of the information architecture features in SharePoint Server 2010 that you can use to provide governance of your SharePoint Server 2010 implementation: • Content types. You use content types to organize, manage, and handle content in a consistent way. They define the attributes of a type of list item, document, MCT USE ONLY. STUDENT USE PROHIBITED 12-48 Designing a Microsoft® SharePoint® 2010 Infrastructure or folder. Each content type can specify metadata properties to associate with items of its type, available workflows, templates, and information management policies. To govern content types, you should consider associating event receivers and workflows with the forms that are used to modify the content types. • Blocked file types. You can use this feature to restrict files from being uploaded or downloaded to a server by basing the restriction on the file extension. For example, you can block executable files, which may contain malicious software, so that users cannot run them on their client computers. By default, many file types are blocked, and this includes executable files. • Taxonomy and managed metadata. Managed metadata is a hierarchical collection of centrally managed terms that you can define and then use as attributes for items in SharePoint Server 2010. Users can see only global term sets and term sets that are local to the user's site collection. Therefore, if there are term sets that some users should be unable to view, you should assign these term sets to separate groups. An organization’s governance policies can affect how you design managed metadata services and connections. If every document that is created must have a certain set of attributes, you may want to have a content type hub in at least one service. You should acquaint yourself with your organization’s governance plan before you determine any managed metadata services and connections. Question: Which managed metadata term sets can a user view? Additional Reading For more information about content types and workflow planning, see http://go.microsoft.com/fwlink/?LinkID=200908&clcid=0x409. For a complete list of the default blocked file types, see http://go.microsoft.com/fwlink/?LinkID=201253&clcid=0x409. For more information about managed metadata service applications, see http://go.microsoft.com/fwlink/?LinkID=201254&clcid=0x409. MCT USE ONLY. STUDENT USE PROHIBITED Developing a Plan for Governance 12-49 Governance of Sandboxed Solutions Key Points A sandbox is a restricted environment that enables programs to execute code that can access only specific resources, which means that any issues that happen in the sandbox do not adversely affect the rest of the environment. When you deploy a solution in a sandbox, it is known as a sandboxed solution. Sandboxed solutions run in an isolated worker thread, so they cannot use resources that belong to other solutions. In addition, they have restricted access to local and network resources, so they cannot gain access to content outside the site collection in which you have deployed them. The most common scenarios for using sandboxed solutions are when: • Your organization wants to run code on a production SharePoint Server 2010 site, and you have not fully and rigorously tested the code. • You want to provide hosted environment services and you need to allow the owners of the hosted SharePoint Server 2010 sites to upload and run custom code. • You want to utilize sandboxed solutions for load-balancing purposes. MCT USE ONLY. STUDENT USE PROHIBITED 12-50 Designing a Microsoft® SharePoint® 2010 Infrastructure Planning for Sandboxed Solutions When you plan for sandboxed solutions, you must first determine whether you need to use them at all. If you decide that you need to use them, you must decide whether your main reason for wanting to deploy them is to achieve greater performance or greater security. Planning Governance for Sandboxed Solutions When planning governance for your sandboxed solutions, you should consider the following: • When should a farm administrator block or unblock a sandboxed solution? Identifying the management policy for blocking and unblocking sandboxed solutions will help to reduce confusion if there is any uncertainty about whether to block a sandboxed solution. • When can you transfer a sandboxed solution to the production environment as a fully trusted solution? You must define a policy for determining what level of testing is required for a sandboxed solution to be considered ready for production use in your organization. • Who will you allow to deploy sandboxed solutions? Depending on your organization’s security requirements, you could choose to add people directly to the site collection administrators group. Alternatively, you could establish a procedure for specifying a restricted number of site collection administrators to deploy sandboxed solutions on behalf of their users. • Will you dedicate a separate server to running sandboxed solutions? You can increase isolation by using remote load balancing and by only running the sandboxing service on specific servers. Note: Only members of the Farm Administrators group can block sandboxed solutions, configure load balancing, and reset exceeded quotas. Additional Reading For more information about planning sandboxed solutions, see http://go.microsoft.com/fwlink/?LinkID=200909&clcid=0x409. . executable files. • Taxonomy and managed metadata. Managed metadata is a hierarchical collection of centrally managed terms that you can define and then use as attributes for items in SharePoint. You can deploy a feature as a part of a site definition or a solution package, and you can individually activate a feature. You can hide features to prevent site users from manually deactivating. Information management in SharePoint Server 20 10 consists of managing, retrieving, obtaining, and retaining information. SharePoint Server 20 10 includes several information management features that an