Discussion begins here

Coordinator
Apr 10, 2009 at 9:07 PM
Hello all. Please leave your questions and comments on the BlockSPDHttpModule. Although I cannot promise immediate answers or solutions I will be checking here as frequently as I can.
Aug 12, 2009 at 10:36 PM

Michelle,

 

Thank you for sharing this solution. Instructions were excellent.  In my testing I am noticing a different result than you have indicated. While conducting my testing, I am presented with a message stating that I do not have permissions to edit. Looked promising. However, after clicking on the cancel button I am still able to check-out and check-in files.

 

Any guidance is much appreciated.

 

 

Coordinator
Aug 14, 2009 at 8:57 PM

Hi Raquel,

Thanks for posting. I would need some more information about your configuration, your workstation login, whether you are attempting to authenticate to SPD as someone else, etc.

Without knowing anything else I might guess that you are logged into your workstation as someone whom you granted SPD access but are attempting to open SPD using a restricted user's account name. Is that the case? Please let me know exactly what you see click-by-click.

Michelle

Aug 14, 2009 at 11:49 PM
Edited Aug 17, 2009 at 1:38 PM

Michelle,

 

Thank you for responding to my post.

 

As mentioned I followed the installation as you have instructed and verified that webpart is in the GAC, registry is in place, security group is created. Currently the security group that was created does not have anyone, which means that everyone is blocked from using SharePoint designer. My testing is being conducted in our QA environment and the changes have been applied to our 2 WFEs.

 

Assumptions:

 

1. In all test the user has full control to the site.

2. User is not site collection owner.

3.  

 

 

Test1a:

 

· User x is logged on to pc

· User has only full control to site.  User is not set as an admin of site collection.

· User opens site in browser

· User does a File - > Edit with Office SharePoint Designer  

 

 

 

User receives the following:

 

Clicked on Edit Page Layout.

Page open

 

User proceeds to do a checkout of a file.

No error provided.

 

=========================

 

Test2:

 

1. Opened SharePoint Designer

2. File -> Open Site

 

 

3. Selected site to open

4. Did a checkout of default.aspx  . No errors received.

 

 

Looking forward with any recommendations as we are very enthusiastic in adopting this solution.

 

 

 

From: MichelleDexheimer [mailto:notifications@codeplex.com]
Sent: Friday, August 14, 2009 3:58 PM
To: Contreras, Raquel E.
Subject: Re: Discussion begins here [blockspdhttpmodule:52937]

 

From: MichelleDexheimer

Hi Raquel,

Thanks for posting. I would need some more information about your configuration, your workstation login, whether you are attempting to authenticate to SPD as someone else, etc.

Without knowing anything else I might guess that you are logged into your workstation as someone whom you granted SPD access but are attempting to open SPD using a restricted user's account name. Is that the case? Please let me know exactly what you see click-by-click.

Michelle

Read the full discussion online.

To add a post to this discussion, reply to this email (blockspdhttpmodule@discussions.codeplex.com)

To start a new discussion for this project, email blockspdhttpmodule@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com

Coordinator
Aug 15, 2009 at 12:40 PM
Edited Aug 15, 2009 at 12:49 PM

Try adding the application pool account to your empty group. I have not conducted any test with an empty group.

If you do not want to add any SharePoint user accounts to your group, add a user who does not have any privileges on the SharePoint site.

Aug 17, 2009 at 1:14 PM
Edited Aug 17, 2009 at 1:39 PM

Michelle,

 

If I add the app pool account to the security group wouldn’t this mean app pool account can use SPD?

 

Am I missing something?

 

 

 

Best Regards,

 

Raquel Contreras

 

From: michelledexheimer [mailto:notifications@codeplex.com]
Sent: Saturday, August 15, 2009 7:41 AM
To: Contreras, Raquel E.
Subject: Re: Discussion begins here [blockspdhttpmodule:52937]

 

From: michelledexheimer

Try adding the application pool account to your empty group. I have not conducted any test with an empty group.

Read the full discussion online.

To add a post to this discussion, reply to this email (blockspdhttpmodule@discussions.codeplex.com)

To start a new discussion for this project, email blockspdhttpmodule@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com

Coordinator
Aug 17, 2009 at 1:18 PM

Read my edited post above yours. Yes, adding the application pool account would give it rights. You do not have to add that account if you don't want.  Add an account with no rights on the SharePoint site instead. That way you have one account in the group but it has no rights to edit anything anyway.

Aug 17, 2009 at 1:36 PM
michelledexheimer wrote:

Read my edited post above yours. Yes, adding the application pool account would give it rights. You do not have to add that account if you don't want.  Add an account with no rights on the SharePoint site instead. That way you have one account in the group but it has no rights to edit anything anyway.

 Michelle,

In my test, I am testing to see if my account  (site collection owner, site admin to several site collections) has any rights to the SPD application. According to the documentation I should not be able to open up a site and make changes. However, I was able to, which leads to my previous emails.

Coordinator
Aug 17, 2009 at 2:20 PM

FYI to all: Upon further investigation the problem was related to an incomplete deployment. You must deploy both modules according to the instructions provided. In addition, don't forget to activate the Web Application Feature entitled "Deploy Block SPD".

In addition, note that blocking SharePoint Designer will also block other Office application editing from the ECB menu. MOSS treats SPD like any other Office application and uses the same HTTP UserAgent. Therefore, BlockSPDHttpModule should be considered a part of your overall SPD-restriction solution.