locked
Security issue with SharePoint and outlook integration. RRS feed

  • Question

  • http://social.msdn.microsoft.com/Forums/eu/sharepointadmin/thread/dd3b1e71-6499-4f93-8dae-61675d511082

    In response to your comment that this is an issue with our HR not SharePoint. That's easy to say but in the real world people make mistakes. There will be many many paying MS customers that don't question how SharePoint caches sensitive data on local machines and trust the security they put in place on the server! Some even have AUPs which state staff must not store data locally then this software negates that policy!

    It's a bit like you walking into a bank to check your balance and as you leave the bank stuffs the actual money from your account into your back pocket! If someone then robs you well you should have taken more care not to get robbed!

    Are you really suggesting that it is acceptable that the system negates the security put in place on each SharePoint document library?

    What about another example. If there is a break in and someone lifts a bunch of desktops they then have the data?

    Why have any security at all why not just employee people you trust. Are you for real?

    Moderator Note: Flames unnecessary and removed. If the starter of a post (= the Original Poster = OP) marks a post as an answer then he is saying that he has the answer to his question. If anyone else marks a post as an answer then it is still an option for the OP to say that isn't an answer to his question. I will thus lock a thread as finished if the OP himself marks a post as answer. I will not lock a current thread if marked by anyone else unless the OP has stated that the reply that was marked is the answer.

    • Edited by David Cornall Friday, January 21, 2011 3:29 PM
    • Edited by Mike Walsh FIN Friday, January 21, 2011 5:40 PM Re: removed from Title. Flame read and then removed. Moderator Note added
    Friday, January 21, 2011 3:15 PM

Answers

  • I still would like you to raise my thoughts with MS

    I'm afraid you'll have to raise your thoughts yourself with MS.

    My contacts vanished the moment my 8-year MVP stretch (there must be a better word) was over at the end of September 2010.

    >The model I speak of simply means there are buttons on each thread so that community >members can mark the topics as “in the wrong forum”, “spam”, “abuse” etc. These status could >then send alerts to volunteers such as yourself.

    This would certainly be better than the present system where abusive has to serve for everything and where non-MS moderators get no alerts for that either. (I don't know whether MS Moderators do or not).

    The present system is that Moderators have a drop-down option for each individual forum for Abusive threads. This means that if I want to deal with Abusive threads I need to go to all the forums in turn and click on Abusive only to typically find no Abusive threads; then go to the next forum etc.  Typically I regularly do it only for the four main forums as usually only one of them might have an abusive thread. The other forums with less traffic get looked at maybe (with luck) every 3 months - and even then there isn't anything in most of them.

    If abusive threads could be listed for all the forums in "My Forum Threads", it would in fact be a major improvement as just one click would list all the abusive threads. But they are not. Dealing with abusive threads is easy - finding them is time-consuming.

    >Instead you seem to be limited to having to police the forums in a heavy handed way to keep >things manageable.

    I try to be "equal opportunity" and treat readers the same no matter what their names or where they come from. But when some people try all the tricks around to attempt to push their posts ahead of other peoples' posts, some amount of heavy-handedness is needed to (as you say) keep things manageable. Ditto with people multi-posting or trying to hijack other peoples' threads (or both!). Early locking is there to stop the hijacking of other peoples' threads for instance - it wouldn't be needed if that didn't occur on a massive scale.


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    • Marked as answer by David Cornall Monday, January 24, 2011 12:51 PM
    Monday, January 24, 2011 11:57 AM

All replies

  • P.S. When was it decided that a thread should be closed when marked as answered this is the daftest thing I have heard in a long time. What if somone has a better solution?!?
    Friday, January 21, 2011 3:22 PM
  • See the comment to your original post for when a thread is locked

    There are several good reasons why threads are being locked when the OP explicitly or implicitly says that his question has been answered.

    - to avoid spammers

    Most spammers seek out old threads and then place spam posts in them (I presume because they think the spam posts can't be seen as easily by Moderators)

    - to avoid people asking new questions in the thread

    A thread has a title and usually the new questions have little to do with the title of the thread.

    Such threads become long and unwieldy - one problem being that it is impossible to just say "your problem is answered in thread ..."

    The statistics keep track of only if a thread has a post with an answer mark or not; not how many questions have been answered in the thread.

    - To avoid people reviving a completely dead thread (dead = old)

    I have seen people posting a new question in a thread from the beginning of 2007 where they are asking by name for someone who was in the pre-2010 forums then how he solved it. The chances are they are long gone and certainly are unlikely to remember.

    People today tend to have much different versions (SP2 for instance) of the software than the people who were in the thread when it was active.

    --------------------

    Locking threads as soon as the OP says he has an answer is a solution for the above problems many of which the locking of current threads will only affect well into the future. They are in other words a pre-emptative solution in order to avoid future problems.

     

    Mike Walsh 


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Friday, January 21, 2011 6:18 PM
  • As a suggestion I feel it would be better if answered threads were locked after a period of time. This doesn't need to be ages. Perhaps only a few weeks. This just allows discussion on any answer given and aditional answers. All of the issues you mention seem to surround people abusing ancient threads.

    For example in a thread I answered about reporting on a task list I have thought of an aditional answer which is that the user may be able to use a view. As the thread is locked almost as soon as the OP marked it as an answer I can't offer this thought and the OP is off writting CAML!

    Saturday, January 22, 2011 11:09 AM
  • > As a suggestion I feel it would be better if answered threads were locked after a period of time. This doesn't need to be ages. > Perhaps only a few weeks.

    It's at first sight a very reasonable idea and one that was suggested to me fairly soon after I started locking threads . I'll give you a precis of the answer I gave then. (Later: turned out to be a rather longer answer than I gave then off-line).

    The problem is practical.

    I'm not paid to moderate the forums and I already some days spend far too much of my own time moderating them.

    My system for moderating - apart from setting alerts on certain threads - is to open every single thread that I haven't so far read. Doing that means I can for instance spot posts that were posted to the wrong forum (and move them) - in many cases the Title doesn't give any clues as to whether a thread is actually from someone asking about SP 2010 for instance (not to mention things like putting workflow questions in customization or development forums etc. etc.). Reading the first posts also gets to grips with the impatient types who love to say that their posts are more important than anyone else's (asap; critical; urgent etc.) and with the people who post the same question (often with different Titles) in different forums at the same time.

    OK. That's the basic system. What's the connection with setting threads as locked?

    Checking all the unread (by me) threads at every session means that I look through typically between 2-6 pages of the threads from all the pre-2010 forums (exception Knowledge Network which should have vanished when that function was dropped before RTM for MOSS 2007 and which is only in MSDN not TechNet which I mostly use).  (2-6 if several sessions a day - otherwise more)

    (Now the point) While doing that check of the latest 2-6 pages for unread threads I can run an eye over the (already read) threads between the unread threads to see if they are progressing (this is when I would get rid of spammers typically). At that time I see the threads which have been marked as answered and see if the question really was answered. If the OP has marked it as answered (and the OP ought to be king in forums as it was his question - no-one else's) and especially if he has posted a message confirming that then I can lock it *in passing*.  (I.e. it's a small amount of extra effort)

    Compared this to the proposed system of locking after a few weeks.

    That would mean every (say) week sitting down in front of the computer for a long session of several hours going through the (lets say - and this is the easiest version that excludes threads where the OP has said "thanks, that did it" without marking anything) threads that were marked as answered between two dates (say) between three to four weeks  ago.

    That sort of work would be fine (if boring) for a person paid for doing it but it's certainly nothing you would do for pleasure. I.e. the suggestion would need to be put to Microsoft so they get *their* (salaried) people to do. (I don't think it would happen even then, but that is the way to achieve it)

    Even when writing this I realised one snag I hadn't even thought of. As soon as someone posts anything (even a post "thanks that solved my problem too") to a thread, that thread no longer will appear in that 3-4 week period. So potentially waiting for 3-4 weeks before marking will not stop the threads that get filled up with new, un-related questions after the original question has been answered (or the extremely long threads that often result from them) because they will be pushed to a later date. There will still be some threads (half?) where this will not happen and they will then be available for marking in the 3-4 week period but only some. My suspiscion is that there will be many more threads which should be locked but aren't as compared to threads using the "lock it as soon as the OP has said it's answered" method which ought not to have been locked. (Yes I accept there will be some, by putting the need for the OP to mark an answer (or say "answered") as the criterion, I'm trying to make that number as few as possible).

    Make sense ?


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Saturday, January 22, 2011 5:41 PM
  • I can see with the current method of moderation i.e. volunteers such as yourself, that spending your time checking through every post is both time consuming and frankly undesirable. I am sure you have much more intersting things to be doing.

     

    I still would like you to raise my thoughts with MS as I feel the value of discussion merits them either : Paying moderators or I would suggest that a user moderated forum may be more successful.

     

    The model I speak of simply means there are buttons on each thread so that community members can mark the topics as “in the wrong forum”, “spam”, “abuse” etc. These status could then send alerts to volunteers such as yourself. This would stoip you having to moderate every thread. We could get a real community spirit. Right now I feel far from that I feel alienated.

     

    It seems to me that this would free up your time to answer questions on a product, judging by your publications you know a fair bit about. Instead you seem to be limited to having to police the forums in a heavy handed way to keep things manageable.

     

    I just feel put off answering anyones queries on here because of the strict moderation.

    Monday, January 24, 2011 11:22 AM
  • I still would like you to raise my thoughts with MS

    I'm afraid you'll have to raise your thoughts yourself with MS.

    My contacts vanished the moment my 8-year MVP stretch (there must be a better word) was over at the end of September 2010.

    >The model I speak of simply means there are buttons on each thread so that community >members can mark the topics as “in the wrong forum”, “spam”, “abuse” etc. These status could >then send alerts to volunteers such as yourself.

    This would certainly be better than the present system where abusive has to serve for everything and where non-MS moderators get no alerts for that either. (I don't know whether MS Moderators do or not).

    The present system is that Moderators have a drop-down option for each individual forum for Abusive threads. This means that if I want to deal with Abusive threads I need to go to all the forums in turn and click on Abusive only to typically find no Abusive threads; then go to the next forum etc.  Typically I regularly do it only for the four main forums as usually only one of them might have an abusive thread. The other forums with less traffic get looked at maybe (with luck) every 3 months - and even then there isn't anything in most of them.

    If abusive threads could be listed for all the forums in "My Forum Threads", it would in fact be a major improvement as just one click would list all the abusive threads. But they are not. Dealing with abusive threads is easy - finding them is time-consuming.

    >Instead you seem to be limited to having to police the forums in a heavy handed way to keep >things manageable.

    I try to be "equal opportunity" and treat readers the same no matter what their names or where they come from. But when some people try all the tricks around to attempt to push their posts ahead of other peoples' posts, some amount of heavy-handedness is needed to (as you say) keep things manageable. Ditto with people multi-posting or trying to hijack other peoples' threads (or both!). Early locking is there to stop the hijacking of other peoples' threads for instance - it wouldn't be needed if that didn't occur on a massive scale.


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    • Marked as answer by David Cornall Monday, January 24, 2011 12:51 PM
    Monday, January 24, 2011 11:57 AM