Governance Resources for SharePoint 2010

Governance relates to decisions that define expectations, manage access, and validate performance and investment performance defined by established processes and procedures.  The information here contains references to governance resources as related to SharePoint 2010, for additional information see also Governance Overview (SharePoint Server 2010).


Resource Center (Governance in SharePoint Server 2010)

The Governance Resource Center provides documentation, references, and solutions to help IT Professionals plan and prepare to govern SharePoint 2010 environments.  The Governance Resource Center aligns to three (3) specific areas:

  1. IT Governance
  2. Information Management
  3. Application Management

Resource Center (ALM Resource Center | SharePoint 2010)

The ALM Resource Center provides documentation, resources, references, and solutions to help Developers with the coordination of all aspects of software engineering.

Whitepaper (SharePoint 2010 Governance Planning)

The SharePoint 2010 Governance Planning whitepaper targets the business value of governance and provides guidance for the necessary governance planning and implementation of SharePoint Server 2010.

Whitepaper (Implementing Governance in SharePoint 2010)

This document focuses on the product and technology aspects of SharePoint governance – the technical implementation. It provides high-level guidance on the many configuration options SharePoint provides to enable you to manage the environment for the benefit of all.

Publication (Essential SharePoint 2010: Overview, Governance, and Planning (Addison-Wesley Microsoft Technology Series)

Essential SharePoint 2010 provides information derived from a business value perspective that documents and illustrates how to plan and implement SharePoint 2010-based solutions to maximize business results.

Tools and Utilities

Tool (SharePoint Site Recycle Bin)

Track, report, and protect deleted sites and site collections with the SharePoint Site Recycle Bin.

The SharePoint Site Recycle Bin is a Microsoft SharePoint Foundation 2010 solution package that when deployed to a Microsoft SharePoint Foundation 2010 or Microsoft SharePoint Server 2010 server farm enables administrators to create a snapshot of subscriptions, site collections and Webs as they are deleted through the SharePoint user interface, the SharePoint Administration Tool, the SharePoint 2010 Management Shell, SharePoint 2010 Central Administration, or SharePoint Designer.


Active Directory Domain Services Markers

Active Directory Domain Services Markers can be used to prevent and report on SharePoint installations in your organization.


Quotas are used to specify limits to the amount of storage that can be used by a site collection and establish resource limits on sandboxed solutions.


Locks are used to prevent users from from adding content to or accessing site collections.

Self-Service Site Creation

Self-Service Site Creation is used to allow or prevent  users from creating site collections on demand.

For a comprehensive list of governance features see also

Service Connection Points and Governance with SharePoint Server 2010

Keeping the trend going this week we’ll look at Active Directory Markers in SharePoint Server 2010. 

Governance is one of the key planning processes that should occur when considering the deployment of any technology, and SharePoint Server 2010 provides a number of tools and resources to facilitate the product and technology aspects of governance, one of which is the concept of Active Directory Markers to manage and control the uncontrolled proliferation of SharePoint in the Enterprise.

SharePoint Server 2010 uses the Service Connection Point Active Directory Schema (serviceConnectionPoint (SCP))) in order to publish service-specific data in the directory.  Administrators can use the data in a Service Connection Point to locate, connect to, and authenticate and instance of the service.

In order to use this new capability you must first create a container under CN=System,DC=<domain>,DC=com, where the values will reside and provide write access to the specific accounts that will write values to the container – in most cases the person or system account used to deploy SharePoint in your environment.

Configure Active Directory

  1. On a Domain Controller open ADSI Edit (ADSIEDIT.MSC).
  2. Right-click the ADSI Edit node and select Connect to…
    1. On the Connection Settings dialog under Select a well-known Naming Context select Default Naming Context and click OK.
  3. Select the Default naming context node and expand the domain.
  4. Locate and right-click CN=System and select New | Object…
    1. On the Create Object dialog under Select a class… select container and click Next.
    2. In the Value: field enter Microsoft SharePoint Products and click Next.
    3. On the Create Object dialog click Finish.
  5. Right click on the new container (Microsoft SharePoint Products) and select Properties.
    1. On the CN=Microsoft SharePoint Products Properties dialog select the Security tab.
    2. Click Add… and select the individual or service account that will have write permissions to the container on the Select Users, Computers, Service Accounts, or Groups dialog and click OK.
    3. On the CN=Microsoft SharePoint Products Properties dialog under Permissions for <account> select the checkbox labeled Write under Allow and click OK.

Deployment and Validation

When SharePoint Server 2010 is deployed a Service Connection Point object is created as a GUID under the container created in the previous steps.

  1. Locate and right-click the GUID and then select Properties.

The deployed server farm’s Topologies Web Service is created with the value presented as :/Topology/topology.svc">http://<server>:<port>/Topology/topology.svc.

For additional information on Connection Points and Active Directory see also