Friday, 15 May 2009

Blocking SharePoint Designer from Accessing Your Site

In a recent TechEd discussion panel comment, my favourite SharePoint MVP Eric Shupps mentions the ability to block SharePoint Designer from connecting to a SharePoint server and modifying content.

Why is SharePoint Designer a bad thing?

  • It’s free; every man and his dog can download it, potentially install it, and potentially break your sites
  • It can potentially be used against production—which if you follow a regimented deployment process is all wrong as changes can be made any ol’ time
  • It customises (or ghosts, if you prefer) pages thereby severing the link between the artefacts you’ve conscientiously built into a solution package and featurised;  uncustomising these artefacts may not be possible, depending on the changes that were made, or you’ll need another way to fix things up.
  • Artefacts created by SPD are created in the content database and can’t be moved easily between environments (eg. from dev to UAT to prod)
  • It modifies your files and injects stupid attributes that only it cares about
  • It’s buggy and it sucks and crashes and it’s too complicated for business analysts and too wrong for developers and it’s FrontPage rebranded and so on.

Eric’s comment got me digging and I found this new tool on CodePlex that installs a feature allowing admins and content editors to disable access to a site using SPD. Although a site definition can be altered directly to limit access by SPD this won’t affect existing sites, can’t be unlimited at any point in the future using any obvious mechanism, and is all a bit weird.

No SharePoint Designer is implemented as an HTTP Handler so it doesn’t touch the content database or much of anything. It’s still early days but definitely a “watch this space” kind of effort.

An alternative tool uses AD groups to limit access and this approach uses group policy to simply block SPD from running (and this MSDN blog entry is comprehensive if nothing else!).

Resources:

http://www.msteched.com/online/view.aspx?tid=efa154e2-6c06-4a76-ab3c-e9d71ebf0ff2
http://nospd.codeplex.com/
http://support.microsoft.com/default.aspx/kb/940958
http://blogs.msdn.com/sharepointdesigner/archive/2008/11/25/locking-down-sharepoint-designer.aspx

3 comments:

  1. You posted a solution from everyone except me: http://blockspdhttpmodule.codeplex.com/

    Mine actually works.

    ReplyDelete
  2. Thanks for the link to my article. We decided to allow open access to SPD instead of using a Group Policy, which would be my preferred method.

    eric

    ReplyDelete
  3. Thanks for the link to my article. We decided to allow open access to SPD instead of using a Group Policy, which would be my preferred method.
    Ev Dekorasyonu

    ReplyDelete

Spam comments will be deleted

Note: only a member of this blog may post a comment.