All of us know: People never learn, you can instruct as much as you want but some of them will always go ahead and do the opposite of what they learned. The only way to make things right is to restrict things in a way that false behaviour is not possible by design.
We use shared documents and have people instructed to only use "inherit from parent folder" and "specify credential name" (that links to protected private document credentials).
Every single week I find credential objects inside the document. I found a documentation for V5 that shows the group policy setting Do not allow creation of credential objects in document without password protection
Does the same guide exist for V6?
the above only helps that no credential object can be used.
Also every week I find that people have added credentials directly in the credential tab of objects. How can I configure a shared document that only "inherit from parent folder" and "specify credential name" are valid/available options. In my eyes I should be able to restrict shared documents that way that absolutely no one is able to save credentials in any way inside that document.
thank you for your question.
Right now we only have these policy options:
What you also can do is to provide read-only documents, so that users cannot store their objects in the document.Someone, with the correct read-only password can update/provide the doc. There are a couple of caveats using read-only docs:
One other way would be to populate a dynamic folder from a data source:
Thank you so much for all the references and good information. I ended up assigning a editor and viewer group to every document. That way it takes only a small amount of people doing exact configurations according to our documentation and the whole rest has simply no rights to do so at all.
You're welcome! Let me know if you have any further questions.
Have a nice weekend!