Microsoft Office Tutorials and References
In Depth Information
Confirming Sharepoint Security Groups
To access those SharePoint root folders, SharePoint creates some user groups on the local server to
manage security (it adds the necessary accounts to the correct group and then adds the group to
the access control list with the correct permissions to the folders). To see what groups were created,
open the Computer Management console (Start Administrative Tools Computer Management),
click Local Users And Groups, and open the Groups node, or you can open the Server Manager,
open the Configuration node, and click Local Users And Groups to access Groups.
As you can see in Figure 2.37, SharePoint created three groups.
WSS_WPG Used by accounts that need read access to resources, usually web application
WSS_ADMIN_WPG Used by accounts that also need write access and is usually the farm
account, farm administrators and setup account.
WSS_RESTRICTED_WPG_V4 Usually populated only by the farm account and used by
the SharePoint administration service. This service is the one that runs interference between
SharePoint and the local computer should SharePoint need to make service changes locally—
such as making changes to IIS, doing IIS resets, starting and stopping services, and so on.
And now that you know the groups exist, you can check the permissions of the SharePoint
root folders, check the groups, and understand why they are there, as you can see in Figure 2.38.
It shows the Security tab (which I displayed by right-clicking the Conig folder in the SharePoint
root and choosing from its menu), and you can see that two SharePoint groups are assigned
permissions and that WSS_WPG does have only read, list, and execute rights to that folder.