TAILIEUCHUNG - Quản lý và thực hiện các dự án Microsoft SharePoint 2010 - p 13

Tuy nhiên, Active Directory đội có thể có một số thủ tục an ninh liên quan đến việc tạo ra các tài khoản này. Họ có thể yêu cầu cho các tài khoản được định dạng theo một cách nhất định (ví dụ, để có as_ ở phía trước của mỗi tài khoản dịch vụ), cho các mật khẩu phức tạp, và cho các tài khoản để ngồi trong một đơn vị tổ chức nào đó (OU) trong Active Directory. | 96 Chapter 5 Building Your SharePoint 2010 Team Chapter 5 However the Active Directory team might have some security procedures concerning the creation of these accounts. They might ask for the accounts to be formatted in a certain way for example to have as_ in front of each service account for the password to be complex and for the accounts to sit in a certain organizational unit OU in Active Directory. All of this is acceptable for SharePoint 2010 of course but the key thing is to ensure that you and they are aware of these security procedures up front and that they are enforced on your SharePoint 2010 installation. However it should also be pointed out here that the Active Directory team would like for certain things to be defined for SharePoint service accounts concerning account expiration failed logon attempts group policies and so on some of which might cause support and operational issues for SharePoint. For example employing account expiration settings results in the service settings for SharePoint to be reconfigured for new passwords every so often meaning there can be disruption to services. Remember it is not your place as either the project manager or the SharePoint architect to question the procedures the client teams have. However it is your responsibility to adhere to their procedures and ensure they adhere to yours. And you ll find some organizations where none of these procedures exist. It is therefore best practice that you form the SharePoint 2010 configuration management procedures for your environment quickly. Let s take SQL as an example. A significant portion of a SharePoint 2010 implementation is SQL centric. Therefore it is absolutely critical that the security provision between SQL and SharePoint is agreed to by the SharePoint architect and the SQL team. A good example is in the installation of SharePoint 2010 and determining what rights the farm account requires in SQL land. SQL DBAs might come back to you complaining that the security