A SharePoint MySite is a type of SharePoint site that can be created to allow a user to (a) centrally manage and store their documents, content, links, and contacts, and (b) share information about themselves, such as their skills and interests. Each user within an organisation is normally given the rights to create their own MySite and people often refer to it as “Facebook for my organisation”.

Normally, allowing users to create MySites is a great way of facilitating SharePoint adoption. When a user creates a MySite they automatically become a Site Owner and can therefore experiment with uploading documents, adding lists, Web parts and other SharePoint components. MySites are also easy to use and similar to the concept of a social networking page, which many people are familiar with. Traditionally, the creation of thousands of MySites is often seen as a sign of success as it illustrates users are experimenting with the new software.

However, in some organisations it may be strongly desirable to allow one subset of users to create MySites rather than all users . The most common reason I have found for this is because a SharePoint pilot is running and therefore only a subset of users are allowed access the new SharePoint system. Other reasons for incrementally deploying MySites could include (a) very low spec server hardware, which would grind to a halt or run out of space if thousands of sites were created at once, and (b) low amount of IT resources to help with MySite queries. Ideally, issues (a) and (b) should be resolved prior to launching any SharePoint system.

However, if you still have a strong business case for allowing only a certain groups of users to be able to create a MySite, my recommended approach is to:

1. Make an Active Directory (AD) group called ‘MySite Users’:

clip_image002

2. Add the first batch of users to the AD group ‘MySite Users’:

clip_image004

3. Open up SharePoint Central Administration and click the name of your Shared Services Provider:

clip_image006

4. Within the SSP, under User Profiles and MySites, click Personalization services permissions:

clip_image008

5. On the Manage Permissions: Shared Service Rights page, add  the AD group ‘MySite Users’, configure it to allow Create personal site and click Save:

clip_image010

5. On the Manage Permissions: Shared Service Rights page, click NT AUTHORITY\Authenticated Users:

clip_image012

Note: NT AUTHORITY\Authenticated Users is provided by default to allow all users to create a MySite.

6. De-select the Create personal site checkbox and click Save:

clip_image014

As a result of following the steps above, only the initial members of the ‘MySite Users’ AD group will be able to create MySites. When additional users, such as those from other departments within your organisation need to be able to create a MySite, their AD user accounts should be added to the AD group ‘MySite Users’. This process can be repeated until every user within your organisation is able to create a MySite.

For the curious amongst you, below is a picture of what a user will see if they do have permissions to create a MySite:

image

Below is a picture of what a user will see if they do not have permissions to create a MySite (the ‘MySite’ link is automatically removed):

image

Enjoy! This blog post was published by:

JamesKemp

James Kemp
SharePoint Architecture Consultant
Microsoft Consulting Services UK
James.Kemp@Microsoft.com

Click here to see my bio page