|
|
|
|
|
|
|
|
|
|
|
|
| Making Sense of the SharePoint World |
7/27/2010
 Back to My Old Stomping Grounds...
When I was a "wet behind the ears" high school graduate, I ended up attending Ohio Institute of Technology (OIT) to study Electronics Engineering Technology. While I was there, OIT became DeVry Institute of Technology, Columbus. Today it is known as DeVry University, Columbus and offers a whole lot more than electronics. I ultimately ended up living and working in Columbus for many years, and it holds a special place in my heart.
Today, I'm pleased to announce that I've been selected to present at the SharePoint Saturday in Columbus, Ohio. This takes place on August 14th, 2010 at The Conference Center at OCLC. Click on the link or logo above for all the details, including registration, a list of the other presenters, as well as the Twitter feed of #SPSColumbus commentary.
A SharePoint Saturday is a free to attend event that serves as a mini SharePoint conference. SPS Columbus will be an educational, informative & lively day filled with sessions from respected SharePoint professionals & MVPs, covering a wide variety of SharePoint-oriented topics. SharePoint Saturday is FREE, open to the public and is your local chance to immerse yourself in SharePoint!
So, if you're in Central Ohio, and interested in SharePoint - whether you need the latest information on SharePoint 2010 or are still trying to make the best use of SharePoint 2007, this is the place to be! I hope to see you there... 7/11/2010![wpe4[4]](/Lists/Posts/Attachments/93/wpe44_thumb_692EDA2B.gif "wpe4[4]") Yes, It's True - I'm Officially Certifiable!
Much like designing software, Microsoft goes through a pretty significant effort to develop certification examinations. The most public stage of that process is the Beta phase. Members of the public are invited to take a special version of the exam. After these folks take the test, the questions are evaluated for how accurately they predict whether someone actually knows what they're talking about.
Last month, I took the configuration (667) and administration (668) beta exams for SharePoint Server 2010. Over the last two days, the results for these have been released. I'm happy to say that, based on my answers to the questions that survived validation, I have passed both exams. That gives me the right to use the following logo:
So, for those of you who were always telling me I was certifiable, we now have proof that you were right! 6/29/2010
 Minimizing Your Footprint
I recently participated in an MVP chat, and we got an interesting question about SharePoint storage requirements. I answered the question as well as possible given the chat format, but the issue really deserves a more thorough treatment.
Reading through the SharePoint 2010 system requirements you quickly come across one that seems a bit strange. SharePoint is asking for 80 Gigabytes of hard disk space! We all know that SharePoint itself isn't that big, so where is that requirement coming from? Not only that, but where is that space actually required? And, can it be moved around?
Here's the kicker - SharePoint itself doesn't actually "require" that space, Windows does (in a way). But, SharePoint knows this, and will give you warnings in Central Administration if your C: partition doesn't have double your "physical" RAM free. This is because when Windows crashes, it creates a memory dump on the system volume, and needs free space to do it. In addition, Windows sets up a hard drive cache for swapping chunks of memory around - that's also usually around double your RAM. Further, if you have a hibernation file on your hard drive, that's also going to be the size of your RAM. Finally, you need the space that Windows, SharePoint, and any other applications actually do take up. And a little bit of buffer, so you can actually do some work.
If you've got 8 GB of RAM (the minimum recommended for a SharePoint production environment), that adds up pretty quickly. Hence, the storage requirements. Now, some of these pieces can be easily shifted around in Windows. Most servers don't need a hibernation file, for example, and you can easily move the swap file and dump locations onto other volumes. Then you can go into Central Administration's Health Monitoring to tell SharePoint to not monitor the drive space, so you don't get the warning (I haven't found a way to tell SharePoint to monitor a different drive, unfortunately). But there is still more going onto drive C: than many corporate Windows Server administrators like.
SharePoint Stuff you Can and Can't Move
Let's get this out of the way right up front. You can't tell SharePoint where to install certain things. The core of SharePoint - the "SharePoint root" or "14 hive" - is always going to be installed on your system drive (usually C:), in "\program files\common files\Microsoft shared\Web Server Extensions". That's where it goes. You can't configure this during Setup. You can't move it after the fact. Learn it. Live with it. Embrace it. Love it.
Other stuff, however, can be controlled. Just not always easily. Let's get the easy stuff taken care of.
- Your SharePoint content (the stuff you actually store in your sites) is going into SQL Server. You usually have full control over this, but there are lots of articles discussing SQL Server configuration so I'm not going to go into the gory details here.
- On versions of SharePoint other than Foundation, you can configure where certain non-core SharePoint components are stored during Setup. That's where things like search indexes go. But that doesn't change the location of the SharePoint root as described above.
- You can control where SharePoint stores certain log files. By default, those go into the SharePoint root, but they can be configured in Central Administration to be stored just about anyplace you please. Given how large these can grow, you almost certainly want to move them, and enable compression on the target folder.
SharePoint is also dependent upon Windows' Internet Information Services (IIS). When you activate the Web Server and/or Application Server roles on Windows Server 2008 and 2008 R2, several IIS components are pre-configured to be hosted on the system drive - most notably the INETPUB folder (which hosts your SharePoint Web Applications) and the IIS log files that get stored in the Windows\System32 folder (which can also become huge). In versions of Windows prior to 2008, it was an easy enough task to tell IIS to move these to another location. Not so with IIS 7.x and Windows Server 2008. Try as hard as you might, you won't find that configuration information in the management console.
Fortunately, these things can be moved. Unfortunately, moving them can only be done through the command line, and the commands to do it aren't trivial. The best instructions I've found for this are on IIS Program Manager, Thomas Deml's, Blog. In this, he not only describes the commands needed, but gives you a batch file to move the IIS root. Unfortunately, even Program Managers aren't immune from typos, and his batch file actually contains a couple of extra "\" characters. I've corrected the file, and made it available for download here. This batch file should be run after you install the SharePoint prerequisites, but before the actual SharePoint setup. Just as with the SharePoint logs, you should compress the folder you're storing the IIS logs in.
Summary
That's about it. SharePoint's requirements do state that you need 80GB of hard drive, but as you have seen, that statement is a little fuzzy about the why and where you need it. Although the default is drive C, many corporations have policies limiting what you do on the C drive. In this article, I've described how you can move many of these items around. I hope this has given you the information you need, or at least food for thought. 6/9/2010
 "Bring It On! (But Please, Give us Real Food...)"
Dateline, New Orleans LA
We're halfway through Tech-Ed 2010 (North America). Tech-Ed is Microsoft's broadest-based, and (historically) one of its best attended shows. A number of clear trends are emerging.
The biggest, and most obvious, is - Tech-Ed is Back! Last year was one of the smallest Tech-Ed conferences I'd ever been to. And while everyone had a good time, there was an undercurrent of concern. Granted, the economy was in the dumpster, but some folks were questioning whether it was a blip or a long-term trend. But this year's conference is almost as well attended as the massive "Boston 'T' (as in Technology) Party" I wrote about several years ago. Maybe more.
People are ready to move forward. After a couple years of hunkering down, and making do with older systems, it is clear that many folks are ready to embrace the future. In the SharePoint booth, even though it has only been officially available for a few weeks, I'm seeing plenty of interest in migration to SharePoint Server 2010 from long-time SharePoint users. Add in side notes of folks saying they're upgrading (or have just upgraded) many other elements of their technology stacks, and it looks like the slump is coming to an end. IT is usually on the leading edge of a recovery, and from what I'm seeing we could be heading into some pretty good times.
The watchword is "value". Just because they want to move forward, they aren't charging ahead "willy-nilly". People want value for their money, and there is more of a "we want to do it right this time" attitude than I have seen in some previous conferences. They're willing to invest in the future, as long as there is a clear destination. No more just throwing some technology at the users to see what sticks.
The "value" is there. Not only in the Microsoft technologies, but in the offerings from the wide array of vendors set up at the expo, I'm seeing a lot more polish than flash. Even in the more cutting edge tools, like services in the cloud, and the forthcoming Windows Phone 7, the emphasis is on doing the real jobs that real users need to do.
An army, even an army of geeks, moves on its stomach! The conference dining offerings have been a mixed bag this year. The lunches have been (at least in my opinion) pretty decent so far. However, the consensus is that the so-called "continental" breakfast served each day has been a non-starter. Even folks from "the" Continent were complaining. In addition, there has been a distinct lack of fresh fruit - both during the meals, and the session breaks. Break fare in general has been as sparse as the breakfasts. As hot and muggy as the weather is, I have yet to see a single frozen treat from this conference.
And that, in essence is the message of this show. Like New Orleans itself, the economy seems to be on the mend after a major jolt. The road ahead is laid out. We (at least most of us) have our packs loaded up. We need to move forward, but we want to do it right, and we need the resources (food) to do it.
We're ready for what ever the future has in store, so bring it on! 5/27/2010![MC900139387[1]](/Lists/Posts/Attachments/90/MC9001393871_thumb_30C45FBA.png "MC900139387[1]")
Finding your Way through the Configuration Maze SharePoint has two basic configuration modes: - SharePoint sets up "Everything" for you
- You set up "Everything" manually There is precious little in between these two extremes. The good news is, if you let SharePoint configure everything, chances are everything will work. The bad news is, these settings rarely reflect best practices, and if (when?) you want to tweak some of those settings later you often find that one change has to lead to another, and another, and another in order to get back to working order. By the time you're done you may as well have done it manually in the first place. Configuring SharePoint 2010 to do people search is one such area. The first half of the manual configuration (or reconfiguration) process is setting up the User Profile import. That is fairly well documented in several places. Probably the best is by fellow MVP Spencer Harbar in his article "A Rational Guide to Implementing SharePoint Server 2010 User Profile Synchronization". The Bread of the Sandwich Given how comprehensive Spencer's article is, you wouldn't think that there is anything more to say, and in truth, it is the meat of the issue and often the hardest part to get working. But as I said, that is only half of the story - getting user profile data into SharePoint. What my article is about is letting your users find the information. Since some of this comes before, and some comes after, the AD configuration in Spencer's article, you could think of this as the bread of the sandwich. Once Central Administration is up and running, the first thing it offers is the opportunity to let another Wizard configure all of your service applications for you, and set up a default SharePoint web application. If you followed Spencer's advice, you said "No" to its kind offer. His article assumes you did, and gives instructions for setting things up completely manually. For this article, I'll assume you said "Yes" and want to fix things up. For completeness, I cover some of the same ground, and you can safely follow either set of instructions for creating the User Profile Sync service app. Again, if you say "Yes", you'll get something that works. But if you look carefully, you'll discover two big things that violate good configuration practice for production environments: - The Search service application is configured to use the Server Farm/Database Access account as the default content access account.
- My Sites and the Profile host site collection are configured to live within that first web application, which is named with the host name of your central administration server.
The first one is easy to address - on the surface. Create a suitable domain account, then in Central Administration, go to your Search service application and assign it to be the default content access account. 
SharePoint will give it a default read policy on every web application associated with that service application. That's great as far as it goes, but hold that thought for a moment. I'll be coming back to it shortly. As for the second issue, having the personal sites embedded in a content web application, you'll need to delete and re-create the User Profile Service application to resolve that. Or create the service application for the first time if you didn't invoke the wizard. Whether correcting from the wizard or creating the applications for the first time, other than the deletion, the steps (and some of the potential issues) are the same. First, create a "normal" web application for your profiles and personal sites. Create a site collection at the root of the web application using either the "Blank" or "MySite Host" template. Second, go to your Service Applications page and from the New button select User Profile Synchronization service application. Like most service applications, this one requires you to allocate an application pool and number of databases. The page suggests leaving them as the default names, which you can, though if you do make sure the databases from the original service application (if any) are deleted first. Otherwise, give them appropriate names for your environment. Toward the end of the configuration page, specify the server in your farm that you want to host the profile sync service, and enter the web application you defined in the previous step. 
After you accept your settings, wait for the service application to finish creating. (You will return to the UI before that process completes.) Now would be a good time to go read Spencer's article to see what you should have done to get to this point, and have your AD administrator set the permissions required for your profile import account. By that time, you should be able to complete the User Profile service application configuration as instructed. The Last Piece of Bread In a perfect world, you would be done. Of course, we don't live in a perfect world. Chances are, you'll get a wonderful set of profiles imported, and you can navigate to them and see everything. If your users create MySites, you'll probably even be able to find their content. But do a people search, and you get a whole bunch of "nothing". That's because you're not actually crawling the profile store - at least not successfully. Time to go back to Central Administration, and first look at your Search service application's management page. Click the Content Sources link on the left hand side, and open/edit your Local SharePoint Sites content source. In the Start Addresses section, you will see a box with entries similar to those below: 
Notice the sps3: line. This is the protocol SharePoint uses to read profiles. (Note: It isn't a "protocol", per se. It just instructs SharePoint to call a specific web service hosted at that address.) If you ran the wizard to configure your service applications, it will be pointing at the original web application created by it. You'll need to change it to reflect your new profile web application, then save the changes to your content source definition. Also, if you deleted the original wizard-created web application (or aborted its creation), you'll need to delete the regular http: line referencing it. You might think (again) that that's all there is, but again you'd probably be wrong. Once you make the change above, you'll probably start seeing access denied errors on that "server". Remember when we assigned a new default content access account way back in step one? Well, even though it has permission to read the contents of the web site, the service under the sps3 protocol leads right back to the User Profile Synchronization service application, and you didn't tell that application to let the new content access account in. To do that, navigate to the Manage Service Applications page, and highlight your User Profile Service Application. Click the Administrators icon in the ribbon. 
You'll need to add your default content access account to the list of "administrators". It won't really be an administrator - notice that there are an array of permissions available. Once you add the account, highlight it and ensure that the "Retrieve People Data for Search Crawlers" permission is checked, as shown below:
Click OK, and reset IIS on the profile import server. Maybe even reboot it. Best Practices? At last, you're done. You should now have functioning user profiles and people search, configured in accordance with "best" practices. (Yeah, "best" is relative...) Still, there are reasons for this kind of configuration. It gives you an easily manageable farm, with excellent control over My Sites - ensuring that personal content is in separate databases from your corporate portal data. The account used to crawl won't be the "all powerful" Farm account, and you can tell the difference through access and audit logs between administrative access to resources and the search crawler's. Now, wasn't that a tasty sandwich? 5/26/2010
 Get the Lowdown in Party Town!
For 2010, Microsoft's biggest public educational event of the year has moved to the Big Easy - New Orleans, Louisiana. There, you'll find it easy to get the latest on the biggest technologies Microsoft has introduced over the last year, from Windows 7, to SQL Server, to Office and SharePoint 2010. 21 technical tracks lead to over 700 different sessions, hands on labs, and other educational interactions. You're sure to find plenty of ways to fill your time, and your brain!
One of those is the Technical Learning Center, or TLC. The TLC is an array of dozens stations constantly manned with both internal Microsoft and external experts - MVP's, MCT's, and product team members - all ready, willing, and able to answer your questions. I'm pleased to announce that I'll be joining them in the SharePoint area.
So, come on down and join us! Get the details here. And if you haven't already signed up, what are you waiting for - Mardi Gras? Well, we've got that too! 5/12/2010 This is the day the world has been waiting for! OK, maybe just some of the world. But it is certainly a big one for users of Microsoft software. After years of development, testing, and previews, Microsoft today is officially rolling out the 2010 wave of SharePoint and Office products.
Some of the changes are "evolutionary", others are "revolutionary", but no matter how you slice it, this is a big announcement.
Get all of the scoop, including live streaming of the official event at http://www.the2010event.com/
4/29/2010
 Stop the Presses!
Microsoft has announced the discovery of a cross-site scripting vulnerability in the SharePoint 2007 (and WSS 3.0) Help system. Although they are still investigating the root cause and working on a long-term solution, they have provided a workaround which will mitigate the only known (at the time of this writing) attack vector. You can read the details of the vulnerability and a server-side workaround in Security Advisory 983438. The Security team have also posted some more explanations about this class of vulnerability and some client-side mitigations in this blog post.
A Little More Info
The vulnerability is what is known as an "injection attack". Essentially, arbitrary JavaScript can be run by being passed as a carefully crafted parameter to the built-in SharePoint Help page. This script will run in the context of the current user's client session, and can therefore perform any actions against the SharePoint site that the user could.
This does not turn the user into an administrator, or otherwise elevate their own privileges. As far as I can tell, it does not (as some reports have suggested) expose the user's password. Update: This is with the default SharePoint authentication. Custom authentication methods could potentially store credentials in an accessible manner. I have no way to test that scenario, but any attacker would need intimate knowledge of how that authentication module worked in order to exploit it. So, while your passwords are probably safe, this vulnerability could allow an attacker to probe for and read any information in SharePoint that the user does have access to, or to vandalize or destroy information the user is permitted to update. Therefore, for the time being I strongly suggest disabling the help.aspx file in the Layouts folder of your SharePoint servers, either by following the instructions in the security advisory or through other means. (At this time, I don't suggest just deleting the file.)
Update #2
It has been pointed out that, although the attack itself cannot (usually) directly glean the user's credentials, an injected script could prompt an unsuspecting user into providing them, thinking the request was coming from your site. This does not change my advice (applying the mitigation procedures), but it should increase your priority in doing so.
4/26/2010![MC900055166[1]](/Lists/Posts/Attachments/86/MC9000551661_thumb_6CB44FEE.png "MC900055166[1]") Some SharePoint News
Life has been a bit hectic around here, but I haven't disappeared. Here's a quick rundown of some recent and upcoming events. First, the big news - SharePoint 2010 is Available! Not all editions, but you can get the most popular parts if you are a subscriber to MSDN or TechNet Plus: - Microsoft Office 2010 Professional Plus
- Microsoft SharePoint Foundation 2010 (this replaces Windows SharePoint Services)
- Microsoft SharePoint Server 2010 (this replaces MOSS. You can get keys for Standard or Enterprise edition)
- Office Web Apps (Web-based versions of Word, Excel, PowerPoint, and OneNote)
- Microsoft SharePoint Designer 2010
Look for launch events all over the place throughout the summer! You Have Two Chances to for Live Chat Online with MVP's! The other news for this week is that there are not one, but two MVP real time chats with your favorite SharePoint MVP's. The first one is tomorrow (Tuesday, April 27) at 4:00pm Pacific time (7:00pm Eastern). The second chat is Wednesday at 9:00am Pacific (12 noon Eastern). Check out the MVP Program Blog for details of where to sign in and who'll be online when, but I can tell you that I'll be online for the Wednesday Chat! That's all for now. I'll see you there! 4/13/2010 Stalking the Ruby-hearted Gleamcatcher
Updated 4/19 to use a picture of the real ring rather than the catalogue image... OK, so this still isn't the article on incoming SharePoint email that I promised. That article (which will be cross-posted at EndUserSharePoint.com) is still coming, as is an article for Microsoft's Get the Point! blog. But from a personal standpoint, this is even more important. Over the Easter holiday weekend, I proposed to my girlfriend, Brenda, while we were on a nature walk. Essentially, I set it up so that on our walk we would be seeking out the nesting site of the very rare "Ruby-hearted gleamcatcher." It turned out that the "gleamcatcher" was actually a ruby and diamond pendant, and the "nest" was its box, which I had previously nestled in a tree. After I gave it to her, I figured she would be a little disappointed, since we had been discussing the idea of marriage for a while. So, I mentioned that the reason I chose that particular pendant was that it went along so nicely with the ring I had in my pocket (pictured above). I took it out and placed it on her finger, asking her to join me forever on that great nature walk of life (OK, those weren't quite the words I used, but they should have been). To make a long story short, she said "Yes!", so on August 1st... We're Getting Married! (Note: Brenda is a much more private person than I am, and doesn't like her picture taken, so sorry, no pix at this time. Maybe for our wedding site once I have that set up.) |
|
|
|
|
|
|
|
 |
|
|
|
|