Details
Limit the number of web parts in SharePoint to 100.
Rationale:
A user can create too many personal views. With personal views, SharePoint actually adds each view as a web part on the page. If a user has 10 personal views, there are actually 10 web parts on the page. 9 of those web parts are hidden depending on the personal view selected. When SharePoint reaches the default maximum of 50 web parts on the page, it will throw an error.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Navigate to the IIS Manager on the Web Front End (WFE) servers
1. Click on the Sites folder.
2. Highlight the site (web application).
3. On the right-hand navigation bar, Click on Explore.
4. Open the web.config file with Notepad.
5. Find the following phrase:
6. Change the value for MaxZoneParts from 50 to 100.
7. Save the file.
8. Open a command prompt as Administrator and type in iisreset to restart IIS.
9. Repeat for the remaining Web Front End servers.
Impact:
SharePoint will throw errors if the number of web parts is not limited.
Default Value:
50 web parts per page
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.