If you followed our deployment guide to the letter, then chance are your WSS 3.0 setup isn't 100%. There's a big problem with the deployment guide for WSS that can break "multi-tenancy." Here's how you can check if you are broken and how you can fix the problem.
- Log into an MPS-provisioned WSS site as the organization admin.
- Click the Site Actions drop-down and choose Site Settings
- Click People and Groups.
- Click New.
- Underneath the text box labeled "Users/Groups" click the little book icon (the Browse button)
- Type something generic like 'a' and hit Enter
If you see users from other organizations, you've got a problem. What you should see is only users in the organization that owns the WSS site, as well as some of the built-in accounts and groups (unfortunately WSS is limited so we can't filter out those built-in accounts).
This problem is created by the unneeded and incorrect Step 8 in procedure DWSH.1 in the HMC 4.0 deployment guide. That procedure instructs you to add the SharePoint_AppID, SharePointSrchSvc, and SharePointSrchCrl accounts to the Windows-based Hosting Service Accounts group. So to fix the problem you will need to remove these accounts from the Windows-based Hosting Service Accounts group and then restart IIS on your WSS front ends.