Security for Groove Server Manager


Updated: April 1, 2008

Applies To: Groove Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.


Topic Last Modified: 2009-01-05

Groove client and server software both provide built-in security systems designed to prevent unauthorized access and protect data resources. Groove’s symmetric key encryption helps ensure the confidentiality and integrity of bi-directional data transmissions between Groove clients and the Groove Manager. Groove Server 2007 Manager and Groove Enterprise Services Manager add the following layers of security to the Groove system:

  • The Groove Manager implementation of Public Key Infrastructure (PKI) provides certificates (signed contact information) that enable automatic user authentication within and across management domains. Groove Manager also supports user authentication via third- party, enterprise PKI certificates. Note that third-party PKI support is not available with Groove Enterprise Services.

  • Role-based administrator access control allows the designation of administrators with varying levels of Groove management responsibility.

  • Device password policies help ensure that Groove login practices (passwords or smart cards) meet requirements in place at an organization.

  • Account lockout policies deter fraudulent Groove login attempts.

  • Peer authentication policies control communications among Groove users in different management domains.

  • Password (or smart card) credential reset policies allow for safe reset of user login credentials.

  • Groove user account backup policies help secure vital account information by providing for scheduled account backups.

  • The management domain’s data recovery key is encrypted by a master key and stored in the SQL database. Multiple versions of the master key are stored in the database encrypted in different ways, as follows:

    • One Master Key is encrypted with the Master Password. This key, supplied during Groove Manager installation/upgrade, is never stored anywhere.

    • One Master Key is Data Protection API (DPAPI)-encrypted and stored in the database for each front-end server running Groove Manager

Security is an especially important consideration when distributing Groove user account configuration codes that enable the deployment of managed identities among your PC users. The recommended method for distributing Groove account configuration codes is to utilize the automatic account configuration capability, provided by Groove Server 2007 Manager. Note that automatic account configuration is not available with Groove Enterprise Services.