Today I was pulled into a request I hadn’t come across before, Adding Local User Accounts To Sharepoint 2010 in a Standalone SharePoint installation. The standalone box is for a corporate team-building exercise, and is not a domain machine:
- SharePoint is installed in a Standalone installation
- Several local user accounts created on the box for team members to access the environment
- The site templates have already been created and copied to each team site, all that is remaining is the permissions to be set
- The box is not linked to Active Directory in any way
- Creating a dummy domain and promoting the SharePoint box to be a DC wasn’t an option
- Several team sites created, and needed to be restricted to each logon
- Users do not require access to the Site Collection, just their allocated team site
When trying to modify site security settings, the only local account visible was the COMPUTER\\SPAdmin account used to install SharePoint. First off we were looking at a way to use the User Profile Service to import local accounts, but that got us nowhere.
After some playing around, I realised there was an easier option. From the Site Collection level we set NT AUTHORITY\\Authenticated Users full control to the Site Collection. Hitting up http://COMPUTER/ on a separate machine we were prompted to authenticate against the box, and used each of the COMPUTER\\Team accounts to gain access to the site one by one, logging out before proceeding to the next user account.
Once this was done, the Team accounts were listed in Site Permissions as assignable accounts to the different sites. Each site was secured to the appropriate team, before we removed the original NT AUTHORITY\\Authenticated Users addition to Site Owners.
After this, we were able to access http://COMPUTER/ and navigate through all team sites as our SPAdmin account, and with each team site we could access http://COMPUTER/Team sites directly to access SharePoint, but as required we couldn’t navigate to other team’s sites.