Hi,Apologies if this is the wrong forum to post this to. I'm running an Intranet and need to build a new collaboration site for a department. The department wants to be separate from the main Intranet, with permissions to deny access to anyone except the department. Also for their documents etc notto appear in the main Intranet search results. Would it be best to create a new web application with a new SSP to keep thing separate. Is this considered best practice or over the top? The documents etc might be of a sensitive nature therefore the security needs to be tight.Thanks for any help,MichaelWeb Developer MCTS SharePoint 2007 Developer

You don't have to create another web application because if the site is secure to only certain users; only those users will see the information insearch results. Net, the user only sees what they have access to.Jay Mueller

Moving to the Admin forum.Although you use the word "collaboration" in your text, it's actually a (normal) admin question.P.S. On the security aspect here, there's an interesting comment in the very good Best Practices book (http://www.amazon.com/exec/obidos/ASIN/0735625387/heme0f)It's very roughly that while SharePoint provides high-quality security, if you want to be 100% secure you shouldn't put your data in a web-browser-based system.WSS FAQ sites: WSS 2.0: http://wssv2faq.mindsharp.com WSS 3.0 and MOSS 2007: http://wssv3faq.mindsharp.com Total list of WSS 3.0 and MOSS 2007 Books (including foreign language titles) http://wss.asaris.de/sites/walsh/Lists/WSSv3%20FAQ/V%20Books.aspx

Thanks for the help. I appreciate the "shouldn't store online" comment, which i totally agree with however the sponsor wishing it to be stored on an internal website using SharePoint. Would a good compromise be to create a new web application to take advantage of a unique domain name, then use the the same SSP? I acknolwedge the security trimming in SharePoint but i wanted a little more separation. Thanks again.Web Developer MCTS SharePoint 2007 Developer

To me, the only reason to split it out like that would be to reduce the risk of human error when managing security on the data. I don't think it would be any more secure.You may also want to look at information rights management (IRM). It will provide another layer.--Paul Galvin of EMC Consulting, New York area Microsoft MVP - SharePoint Blogging @ http://feeds.feedburner.com/PaulGalvinsSharepointSpace Twitter @ http://www.twitter.com/pagalvin

I've worked with some systems that had sites split into different web apps, but most of the time a dedicated site collection under http://server/sites/ or something similar is just fine. With the organization I'm working with now, things are secured and charged back to business units based on storage at the Site Collection level. With regards to secured content, I've worked with a number of sites that include data on Acquisitions along with HR and Medical related data. It can be secured, and in the end was 10x as secure as the previous solution they had been using. When working with those sites it just takes a little more planning, governance, and validation. Both at the SharePoint level as well as the server level with the farm boxes and SQL Server.HTH SharePoint Developer | Administrator | Evangelist -- Twitter - https://twitter.com/next_connect

Hi,I went down the route of creating a new web app purely to use a unique dns entry. However i'm get a 401, due to my setup i think.The new web app needs to have the dns - deptname.intranet.When i first tried this i put the cname entry in dns in the format as above but was unable to browse to the site. As i know that deptname.intranet really equates to deptname.intranet.domain.etc i recreated the site using this as the host header entry. With me so far?I can browse to the site but i get a security prompt (hardly integrated login...). Could this be due to that fact that the vistors / viewers are set to the department security group not All Authenticated as per a normal site? All the 401 message is a bit weird it's:"You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept."Any help would be great. Thanks MichaelWeb Developer MCTS SharePoint 2007 Developer

When you setup the new application did you create a new app pool or use one of the existing ones? If you used an existing one did you supply it a valid domain account and password? It sounds like somewhere in there it has a bad account. You mentioned creating an application, but did you also create a new site for that application? When you go to browse to the site you will want to make sure it is in your Intranet or Trust Sites list to avoid having to log in. With the proper browser settings in IE your credentials will be passed to the server. SharePoint MVP | Developer | Administrator | Speaker-- Twitter -- Blog - http://nextconnect.blogspot.com