Just SharePoint

Microsoft have released an important security bulletin for Windows SharePoint Services v3 and MOSS 2007 – MS07-059.

HowTo for MOSS 2007

Download Security Update to a C:\Downloads\SharePoint

Run this command from the cmd prompt (Assuming your moss installation files are copied to C:\Server12)

officeserver2007-kb937832-fullfile-x86-glb.exe /extract:C:\Server12\Updates

Check C:\Server12\Updates folder to find new files!

HowTo for WSS3

Download Security Update to a C:\Downloads\SharePoint

Run this command from the cmd prompt (Assuming your moss installation files are copied to C:\WSS)

wssv3-kb934525-fullfile-x86-glb.exe /extract:C:\WSS\Updates

To create MySite using STSADM.exe, use the following command

stsadm -o createsite -url http://servername/personal/username -ownerlogin domain\username -owneremail user@domain.com -sitetemplate SPSPERS

Note: Please do not copy paste this code. Type it in.

The account requirements detail the specific permissions that you need to grant prior to running Setup. In some cases, additional permissions that are automatically granted by running Setup are noted in the planning tool.

This article does not describe the account requirements for using single sign-on (SSO) in Microsoft Office SharePoint Server 2007. For more information, see Plan for single sign-on .

This article does not describe security roles and permissions required to administer Office SharePoint Server 2007. For more information, see Plan for security roles (Office SharePoint Server) .

Source

If you want to allow your blog visitors to comment on blog posts you will need to explicitly allow them to do so. To achieve this, you will need to setup unique permissions on your blog.
Here is the procedure:
1. Open http://your_blog_url/Lists/Comments/AllComments.aspx
2. Select Settings > List settings
3. Select Permissions and Management > Permissions for this list
4. Open Actions >Edit permissions (confirm this action when dialog pops-up)

Now you can setup unique permissions for this list. From this step forward you can add permissions for a specific user. The best approach is to give the Visitors group “Contribute” rights for this entire list.

You will also need to limit user’s ability to edit and delete only his comments.
The procedure is as follows:
1. Open http://your_blog_url/Lists/Comments/AllComments.aspx
2. Select Settings > List settings
3. General Settings> Advanced Settings
4. Choose “Only their own? for Edit access option

Source

How to change the Application Pool Identity of a WSS or MOSS web application

1. Open SharePoint Central Administration, click Operations.
2. Under Security Configuration, click Service accounts.
3. Click the radio button beside Web application pool. Select Windows SharePoint Services Web Application. Select the application pool where you want to change the identity, for example: Sharepoint – 80.
4. Make a note of the existing settings in case you need to unwind your changes.
5. Select the Configurable radio button. Provide the user name and password. It helps to be explicit here and use the domain\account format (e.g. mydomain\SPService). Also be sure to use a strong password. Click OK.
6. To restart the application pool, either open IIS and recycle the application pool, or open a command prompt and type iisreset -noforce.
7. Open your SharePoint site in a browser to confirm that the change was successful.

This change will be automatically propagated to all web front-ends.

How to change the Application Pool Identity for SharePoint Central Administration (SCA)

Repeat these steps on each server which hosts the SharePoint Central Administration web application. If the web front-end (WFE) and application (APP) server roles are served by separate machines, SCA should be enabled on one APP server (or more) and stopped and/or removed from the WFE servers. This allows control over access to the SCA. The SCA service account should not be the same as that used for the SharePoint application pool so even if one is compromised, the other remains secure.

1. Open a command prompt.
2. Run: stsadm -o updatefarmcredentials -userlogin domain\username -password password
3. Be patient. This may take a few minutes to run.
4. To restart the application pool, either open IIS and recycle the application pool, or open a command prompt and type iisreset -noforce
5. Open SharePoint Central Administration in a browser to confirm that the change was successful.

The above steps create an Administration Application Pool Credential Deployment timer job. You can see this in the Timer Job Definitions page. The job is complete when it no longer appears in the list of definitions (refresh the browser, this isn’t automatic).

How to change the default content access account for MOSS search

The content access account is used to crawl and index SharePoint content for a given Shared Service Provider (SSP). It should be different from the application pool identity and configured so that only the most recent version of each document is indexed, otherwise old versions will appear in search results.

1. Open SharePoint Central Administration (SCA), and on the left below Shared Services Administration click on the Shared Service Provider with the search configuration you want to change (e.g. SharedServices1).
2. Under Search, click Search settings. Click Default content access account.
3. Enter the credentials, confirm the password and click OK.

How to change the Search Service account for MOSS

Note that this is the identity used to run the Search Service, it is not the identity with which content is actually crawled and indexed. This account must be a local administrator (not a domain administrator) on both the query server and the index server in order for index propagation to work. This is set automatically for you when you click OK (below), but is the first thing to verify if you get a “Query server not responding” error (see Chris Gideon’s post).

1. Open SharePoint Central Administration, click Operations.
2. Click Services on server, and then Office SharePoint Server Search.
3. Configure the Farm Search Service Account. It is okay to use the same account as the SharePoint application pool identity.
4. Scroll down and click OK.
5. Wait while your changes are processed.

How to change the default content access account for WSS search

Note that the Search Service account (which runs the WSS search application) is not the same as the Content Access account (which actually indexes the content). The Search Service account may be the same as the SharePoint application pool identity. The Content Access account should be different from the SharePoint application pool identity.

1. Open SharePoint Central Administration, click Operations.
2. Click Services on server, and then Windows SharePoint Services Help Search.
3. Configure the Service Account.
4. Configure the Content Access Account.
5. Scroll down and click OK.
6. Wait while your changes are processed.

or

1. Open a command line.
2. Run: stsadm.exe -o spsearch -farmserviceaccount domain\username -farmservicepassword password
   It is okay to use the same account for this service as the SharePoint Application Pool identity.
3. Run: stsadm.exe -o spsearch -farmcontentaccessaccount domain\username -farmcontentaccesspassword password
   This account should be different from the SharePoint Application Pool identity.
4. Repeat these steps for all servers in the farm.

Source: Eli Robilliard’s World

Also Refer to:

Joel Oleson: Password change via stsadm (2006-08-22)

MSDN KB 934838: How to change the passwords for service accounts in SharePoint Server 2007 and in Windows SharePoint Services 3.0