Did you ever thought it should not matter if my colleague gets temporarly remote access to my SharePoint farm which is only a test environment?
Well, let me show you a nice example why it should matter. Well, your colleague is a really nice person, but he also knows how to use google und find out, that he could be interested in the password of the farm account? May be he needs it someday?
So what do you think he will find? He’ll find this little nice script which tells him the details of the farm account. If he is familiar with powershell it might be not the only thing he could find out.
[sourcecode language=”csharp”]
function GetFarmCreds()
{
[void][System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.Web.Administration”)
$mgr = New-Object Microsoft.Web.Administration.ServerManager
$pool = $mgr.ApplicationPools | ? { $_.Name -eq “SharePoint Central Administration v4” };
$pool.ProcessModel.UserName;
$pool.ProcessModel.Password;
}
GetFarmCreds
[/sourcecode]
Amazing… So the end of this story: There is a reason why administrators have different access as developers and vice versa. It is always good to consider this in your governance plan or processes.
..:: I LIKE SHAREPOINT ::..
Leave a Reply
You must be logged in to post a comment.