Paul Liebrand’s Weblog

Welcome to my blog mainly about SharePoint

Operation: My Site Lock Down

As many people know, the SharePoint My Site is open by default. When a user gets a My Site provisioned, SharePoint conveniently creates a Personal Documents library (only accessible to the user) and Shared Documents/Shared Pictures libraries (accessible to anyone in the organization).

Here lies the problem — when a user creates a new library or list to store content it will inherit the permissions from it’s parent (which is public by default). The user needs to remember to restrict access before storing their personal and perhaps confidential content in this new list.

Many people shy away from the usage of My Site’s for this very problem. The following post will explain how to flip the permissions so the My Site is locked down by default and users have to open it up when they want someone to come visit.

Step 1: Configuring My Site Settings in Central Administration

  • Start SharePoint 3.0 Central Administration on one of your web front-end (“WFE”) servers
  • Navigate to your Shared Service Provider (“SSP”)


  • Click on My Site settings, scroll to the bottom, and remove Authenticated Users from the Default Reader Site Group and Click Ok


Step 2: Provisioning the My Site

When a new My Site has been provisioned (after the changes to My Site Settings) the user of the My Site will need to open some of the libraries back up for some functionality to work correctly (such as the Profile Picture).

  • Navigate to your My Site URL, which will start the process of creating your My Site
  • Once your My Site has been created, navigate to the Shared Documents library


  • Click on the Settings button and then Document Library Settings
  • Click on Permissions for this document library under the Permissions and Management section
  • Click on Actions and then Edit Permissions and you will get the following dialog box warning you that you are about to break the permission inheritance, click Ok


  • Click on the New button from the toolbar
  • Click on the Add all authentication users link which will add the authentication users group to the empty text box to the right


  • Select the Read – can view only option under the Give Permission section
  • Scroll to the bottom and uncheck the Send welcome e-mail to the new users checkbox and then click Ok

At this point you have basically given all authenticated users in the company access to your Shared Documents library with read access.

IMPORTANT: Now repeat this process for the Shared Pictures library. If you skip this step, then the profile picture feature of the My Site will not work.

Once you have made the adjustments above any new list or library will be locked down by default.

I hope you find this post useful.

Paul Liebrand


November 29, 2007 - Posted by | SharePoint

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: