Viewing Documents in a web browser in Sharepoint

it_consultant

One of my clients has a need for a way to share documents in a way that people are unable to save them to their desktop or otherwise edit them at all. I seem to remember that Sharepoint has this ability but when I search for documentation I get simple "this is how you share a document in a list" kind of stuff. Does anyone have some documentation on how to share documents ONLY in a web part? I would like to show them an example before I go through the whole process of setting up a sharepoint server.

Thanks!

Everyone

SharePoint won't prevent you from saving the document. In fact when you open a document from a SharePoint site, a copy is downloaded to your PC. You can set it to read-only, so no one can update the document on the SharePoint server, but that does not prevent them from saving and editing their own local copy.

ptilsen

it_consultant wrote: »

One of my clients has a need for a way to share documents in a way that people are unable to save them to their desktop or otherwise edit them at all. I seem to remember that Sharepoint has this ability but when I search for documentation I get simple "this is how you share a document in a list" kind of stuff. Does anyone have some documentation on how to share documents ONLY in a web part? I would like to show them an example before I go through the whole process of setting up a sharepoint server.

Thanks!

If someone can view something on a web site in its native form, they can save it. Not much can truly prevent that. I'm not aware of anyway to set Sharepoint to display a document but not provide the end-user with access to it.

AD RMS can be used to limit the use of files, but that can be a very complex solution.

Another solution would be a locked down RD SH server. You can, through liberal use of Group Policy, prevent someone from doing anything but opening a set selection of application and files. You can provide no method to get said files off of the server. If the documents being shared are of the same file type, you could even deploy RemoteApp MSI packages. This would probably be a difficult solution for the client to maintain, however.

RobertKaucher

You can edit documents in browser with the Office App services in SP Enterprise 2010 but I imagine you would have to do some editing or something to make it hard for them to open the doc in the Office thick client. But still not 100%.

This is one of those cases where I think you need to go back to the root of the problem because there is a fundamental misunderstanding. What is the real reson they want this?

it_consultant

RobertKaucher wrote: »

You can edit documents in browser with the Office App services in SP Enterprise 2010 but I imagine you would have to do some editing or something to make it hard for them to open the doc in the Office thick client. But still not 100%.

This is one of those cases where I think you need to go back to the root of the problem because there is a fundamental misunderstanding. What is the real reson they want this?

Office App Services is what I was driving at in my OP but I got to thinking about it and I realized that I don't think there is a way of preventing people from saving it down to the desktop. I am not sure what they have in mind for this, they have been a little dodgey about their reasons thus far. I am going to go meet with them about it right now.

RobertKaucher

it_consultant wrote: »

Office App Services is what I was driving at in my OP but I got to thinking about it and I realized that I don't think there is a way of preventing people from saving it down to the desktop. I am not sure what they have in mind for this, they have been a little dodgey about their reasons thus far. I am going to go meet with them about it right now.

Sounds like one of those cases of the customer who believes in a security boogyman but does not really understand how the technology works.

it_consultant

I ended up talking to him about it, he was extremely concerned about document integrity and privacy. He didn't even want people to be able to print the documents because he worried they would take them and modify them and impersonate him and his practice. A valid concern but I had to tell him that what he wanted was basically the opposite of what computers were designed to do, which is to share information quickly and efficiently.

Everyone

You should have talked to him about AD RMS. Active Directory Rights Management Services (AD RMS) Step-by-Step Guide

If he's that worried about it, that will do the trick.

RobertKaucher

it_consultant wrote: »

I ended up talking to him about it, he was extremely concerned about document integrity and privacy. He didn't even want people to be able to print the documents because he worried they would take them and modify them and impersonate him and his practice. A valid concern but I had to tell him that what he wanted was basically the opposite of what computers were designed to do, which is to share information quickly and efficiently.

I figured that was the boogyman. I've had to deal with the same thing for several clients.

ptilsen

Everyone wrote: »

You should have talked to him about AD RMS. Active Directory Rights Management Services (AD RMS) Step-by-Step Guide

If he's that worried about it, that will do the trick.

AD RMS could be used to accomplish the goal, but to set it up in a manner that cannot be easily circumvented is not a quick or easy process and can become difficult to manage. But AD RMS is definitely designed with this sort of situation in mind.

Nothing shy of extreme (think military) physical access controls would prevent someone from using screenshots or pictures from a camera to effectively copy the contents of the documents in question. My suggestion of a locked-down RDSH server and/or AD RMS can make it pretty difficult, but not impossible.