MCT USE ONLY. STUDENT USE PROHIBITED
Developing a Plan for Governance 12-41
HKLM\Software\Policies\Microsoft\Shared Tools\Web Server Extensions
\14.0\ SharePoint\DWORD DisableInstall
To block installation, set DWORD DisableInstall=00000001.
IT Service Features
These are some of the IT service features in SharePoint Server 2010 that you can
use to provide governance of your SharePoint Server 2010 implementation:
• Site templates. Using a site template, you can encourage consistent branding,
site structure, and layout in the sites that your users create. You can create
customized site templates for provisioning sites and use them instead of the
templates that are included with SharePoint Server 2010.
• Quotas. A quota dictates a limit on the amount of storage that a site collection
can use, and prevents users from adding content when the limit has been
reached.
• Workflows. Workflows implement business processes for users of a SharePoint
site, and are associated with site items such as documents, forms, or lists.
• Features. You can deploy a feature as a part of a site definition or a solution
package, and you can individually activate a feature. You can hide features to
prevent site users from manually deactivating them. You can use a technique
called feature stapling to attach a feature to all new instances of sites that use a
given site definition. This enables you to control the features that users of your
service can access.
• Self-service site creation. You can enable users to create their own site collections
by using the Self-Service Site Creation feature. A key decision in governing self-
service site creation is to determine the level of service that supports self-
service site creation. By default, this permission is enabled in SharePoint Server
2010 for all authenticated users.
• SharePoint Designer. You can manage how an organization uses SharePoint
Designer 2010 at either the Web application level or the site collection level.
• User profiles and My Site policies. You can use user profile policies to control the

site content that users can see and how they can interact with that content. By
default, all authenticated users can create a My Site Web site, and you should
use security groups to manage permissions for these sites. My Site features
store and use personally identifiable information, so before you deploy My Site
Web sites, you should either plan how to control the behavior of these features
or turn them off completely to help protect the security of this information.

MCT USE ONLY. STUDENT USE PROHIBITED
12-42 Designing a Microsoft® SharePoint® 2010 Infrastructure
Question: At which levels can you control the use of SharePoint Designer?
Additional Reading
For more information about setting the Group Policy object and for tracking
SharePoint installations by using the Active Directory Domain Services marker, see

For more information about working with site templates, see

For more information about planning quotas management, see

For more information about planning workflows, see

For more information about using features, see

For more information about turning self-service site creation on or off, see


MCT USE ONLY. STUDENT USE PROHIBITED
Developing a Plan for Governance 12-43
Information Management Features for Implementing
Governance


Key Points
Information management in SharePoint Server 2010 consists of managing,
retrieving, obtaining, and retaining information. SharePoint Server 2010 includes
several information management features that an organization can use to help
govern the use of SharePoint Server 2010.
These are some of the information management features in SharePoint Server 2010
that you can use to provide governance of your implementation of SharePoint
Server 2010:
• Document management. You use document management to control the life
cycle of documents in your organization. You can use policies that implement
auditing, document retention, labeling, and barcodes. You can implement
these policies to help your organization achieve regulatory compliance, such as
retaining records for a given time period.
• Content approval. You can use content approval to formalize and control the
process of making content available to an audience, for example, to ensure that
MCT USE ONLY. STUDENT USE PROHIBITED
12-44 Designing a Microsoft® SharePoint® 2010 Infrastructure
content has gone through the correct legal review and approval process before
it is published.
• Versioning. You can use versioning to prevent users who have read permissions
from viewing drafts of documents.
• Records management. Records management is the process by which an
organization determines the types of information that should be considered
records, how to manage records while they are active, and how long to retain
each type of record. SharePoint Server 2010 includes features that can help
organizations to implement integrated records management systems and
processes.
• Digital asset management. Having a centralized repository for managing your
digital assets enables you to apply firm control over brand-sensitive content,
and helps to ensure that only approved assets are available to the appropriate

users.
• Hold and eDiscovery. You can use this site-level feature to track external actions
such as litigations, investigations, or audits that require you to suspend the
disposition of documents. If you use SharePoint Server 2010 to manage any
electronic information, you should consider using Hold and eDiscovery when
you are developing your SharePoint Server 2010 governance plan.

Additional Reading
For more information about planning document management policy, see

For more information about content approval and versioning, see

For more information about records management planning, see

For more information about planning for eDiscovery, see


MCT USE ONLY. STUDENT USE PROHIBITED
Developing a Plan for Governance 12-45
Information Management Policies for Implementing
Governance

Key Points
SharePoint Server 2010 includes several information management policies that an
organization can use to help govern the use of SharePoint Server 2010. An
information management policy is a set of rules for a type of content, or for a
location where content is stored. Each rule in a policy is a policy feature.
You can use information management policies to control who can access
organizational information, what they can do with it, and how long the information
should be retained for. You can assign a policy to a list, document library, or

content type.

Note: When you configure an information management policy, it is a recommended
best practice to write a policy statement that is displayed in Microsoft Office 2010 client
programs to inform document authors about the policies that are enforced on a
document.
MCT USE ONLY. STUDENT USE PROHIBITED
12-46 Designing a Microsoft® SharePoint® 2010 Infrastructure
SharePoint Server 2010 includes the following information management policies:
• The Auditing policy. This policy logs events and operations that are performed
on documents and list items. You can configure Auditing to log events such as
editing documents, viewing them, or changing a document's permissions level.
• The Retention policy. This policy helps to dispose of or process content in a
consistent way that you can track and manage. For example, the policy can
delete a document or define a workflow task to have SharePoint Server route
the document for permission to destroy it.
• The Labeling policy. This policy specifies a label to associate with a type of
document or list item. Labels are searchable text areas that SharePoint Server
generates based on metadata properties and formatting that you specify.
• The Barcode policy. This policy enables you to track physical copies of a
document. You create a unique identifier value for a document and then insert
a barcode image of that value in the document. By default, barcodes are
compliant with the common Code 39 standard (ANSI/AIM BC1-1995, Code
39), and you can use the object model of the policies to plug in other barcode
providers.

Information management policy reports help you to monitor how consistently
your organization uses policies. If you implement information management
policies to help your organization comply with regulations, you should monitor
policy usage frequently to help ensure that your organization is compliant.

Additional Reading
For more general information about planning information management policies,
see

MCT USE ONLY. STUDENT USE PROHIBITED
Developing a Plan for Governance 12-47
Information Architecture Features for Implementing
Governance

Key Points
SharePoint Server 2010 includes several information architecture features that an
organization can use to help govern the use of SharePoint Server 2010.
Information architecture in SharePoint Server 2010 refers to the organization of
enterprise information such as documents, lists, Web sites, and Web pages to take
full advantage of the information's usability and manageability.
You can increase your organization’s return on its portal investment by including
information architecture standards and policies in your governance plan. A well-
governed architecture makes it easier for your users to find, share, and use your
information.
These are some of the information architecture features in SharePoint Server 2010
that you can use to provide governance of your SharePoint Server 2010
implementation:
• Content types. You use content types to organize, manage, and handle content
in a consistent way. They define the attributes of a type of list item, document,
MCT USE ONLY. STUDENT USE PROHIBITED
12-48 Designing a Microsoft® SharePoint® 2010 Infrastructure
or folder. Each content type can specify metadata properties to associate with
items of its type, available workflows, templates, and information management
policies. To govern content types, you should consider associating event
receivers and workflows with the forms that are used to modify the content

types.
• Blocked file types. You can use this feature to restrict files from being uploaded
or downloaded to a server by basing the restriction on the file extension. For
example, you can block executable files, which may contain malicious
software, so that users cannot run them on their client computers. By default,
many file types are blocked, and this includes executable files.
• Taxonomy and managed metadata. Managed metadata is a hierarchical
collection of centrally managed terms that you can define and then use as
attributes for items in SharePoint Server 2010. Users can see only global term
sets and term sets that are local to the user's site collection. Therefore, if there
are term sets that some users should be unable to view, you should assign
these term sets to separate groups.
An organization’s governance policies can affect how you design managed
metadata services and connections. If every document that is created must
have a certain set of attributes, you may want to have a content type hub in at
least one service. You should acquaint yourself with your organization’s
governance plan before you determine any managed metadata services and
connections.

Question: Which managed metadata term sets can a user view?
Additional Reading
For more information about content types and workflow planning, see

For a complete list of the default blocked file types, see

For more information about managed metadata service applications, see


MCT USE ONLY. STUDENT USE PROHIBITED
Developing a Plan for Governance 12-49

Governance of Sandboxed Solutions

Key Points
A sandbox is a restricted environment that enables programs to execute code that
can access only specific resources, which means that any issues that happen in the
sandbox do not adversely affect the rest of the environment. When you deploy a
solution in a sandbox, it is known as a sandboxed solution.
Sandboxed solutions run in an isolated worker thread, so they cannot use
resources that belong to other solutions. In addition, they have restricted access to
local and network resources, so they cannot gain access to content outside the site
collection in which you have deployed them.
The most common scenarios for using sandboxed solutions are when:
• Your organization wants to run code on a production SharePoint Server 2010
site, and you have not fully and rigorously tested the code.
• You want to provide hosted environment services and you need to allow the
owners of the hosted SharePoint Server 2010 sites to upload and run custom
code.
• You want to utilize sandboxed solutions for load-balancing purposes.
MCT USE ONLY. STUDENT USE PROHIBITED
12-50 Designing a Microsoft® SharePoint® 2010 Infrastructure
Planning for Sandboxed Solutions
When you plan for sandboxed solutions, you must first determine whether you
need to use them at all. If you decide that you need to use them, you must decide
whether your main reason for wanting to deploy them is to achieve greater
performance or greater security.
Planning Governance for Sandboxed Solutions
When planning governance for your sandboxed solutions, you should consider the
following:
• When should a farm administrator block or unblock a sandboxed solution?
Identifying the management policy for blocking and unblocking sandboxed

solutions will help to reduce confusion if there is any uncertainty about
whether to block a sandboxed solution.
• When can you transfer a sandboxed solution to the production environment
as a fully trusted solution? You must define a policy for determining what level
of testing is required for a sandboxed solution to be considered ready for
production use in your organization.
• Who will you allow to deploy sandboxed solutions? Depending on your
organization’s security requirements, you could choose to add people directly
to the site collection administrators group. Alternatively, you could establish a
procedure for specifying a restricted number of site collection administrators
to deploy sandboxed solutions on behalf of their users.
• Will you dedicate a separate server to running sandboxed solutions? You can
increase isolation by using remote load balancing and by only running the
sandboxing service on specific servers.


Note: Only members of the Farm Administrators group can block sandboxed solutions,
configure load balancing, and reset exceeded quotas.
Additional Reading
For more information about planning sandboxed solutions, see