Configure User Settings

The Collaboration Tools Installer has already changed some of these settings to make them more secure than the default Drupal configuration, but I recommend even stricter settings:

  1. Go to Administer->User management->User settings (http://www.stanford.edu/.../admin/user/settings)
  2. In "User registration settings":
    • In "Public registrations" select "Only site administrators can crate new user accounts" (recommended at least during initial development) or "Visitors can create accounts but administrator approval is required". (Stanford sites that will be using WebAuth should usually select "Only site administrators can create new user accounts", since users with SUNet IDs will still be able to log in and have Drupal accounts automatically created for them.)
    • Leave "Require e-mail verification when a visitor creates an account" enabled (checked)
    • If "Visitors can create accounts but administrator approval is required" was selected, include appropriate registration instructions and guidelines in "User registration guidelines". This text will be displayed on the registration form. (Remember this option exists later if you add features such as Organic Groups and registration becomes more complicated.)
  3. In "User e-mail settings" most of the defaults can be left as is for now, but these should be changed immediately for security reasons:
    • In "Welcome, new user created by administrator", delete the line "password: !password" from the "Body" text. (Later you should return to these settings and edit the rest of the text to make sense now that no password is being sent.)
    • In "Welcome, no approval required", delete the line "password: !password" from the "Body" text. (Later you should return to these settings and the rest of the text to make sense now that no password is being sent.)