Configuring Search Results Security Trimming

Configuration of delegation is necessary in order for the SharePoint search service provided to Jive to perform security trimming using the account supplied to the search method.

Attention: This is required when SharePoint and Jive SBS use NTLM to communicate (the "non-Kerberos" option). This is not required for the Kerberos option.

Requirements

Windows Server 2003 (or later) Active Directory controller.
The application pool accounts must use a domain account.
Kerberos must be configured as described below.

Configuration Scenario

On every SharePoint web front end use the Local Security Policy snap-in (Start > All Programs > Administration Tools > Local Security Policy) to confirm that the SharePoint application pool accounts have the following privileges on each SharePoint web front end:

Act as part of the operating system privilege.
Impersonate a client after authentication.

Note: If the two changes above for the application pool account are not acceptable for the the application pool account used by regular users, consider extending the SharePoint web application and using a separate application pool account for the extended web application. Then when Adding a SharePoint Location, use the original web application for the External SharePoint Location URL and the extended web application URL as the Internal SharePoint Location URL. It is the Internal SharePoint Location URL that must use an application pool account with the specified settings.

On the domain controller, use the Active Directory Users and Computers snap-in to confirm the correct domain functional level.

View the properties for the domain.
Verify that the domain functional level is set to Windows 2003 or later.
If the domain is not set to at least Windows 2003, right-click the domain and select "Raise domain functional level". Beware, this command is not reversible.