Tag: SharePoint 2010

What Domain Accounts to Use For SharePoint 2010

Published August 6, 2010

When setting up a SharePoint farm, whether 2007 or 2010, you have the option of providing various service identities throughout the process. Indeed, every application can run with its own identity. Far too often, administrators pick a single account, and use it for everything. While this is certainly the easiest approach, it is far from the most secure, and it can be very limiting down the road if you need to get granular with your permissions. The trouble is that there are a lot of intricacies as to what account does what, and getting it right requires a pretty comprehensive understanding of the product.

We now have enough work under our belt with SharePoint 2010 that I feel comfortable sharing some of our best practices around account creation for SharePoint 2010. The product itself has gotten more complex, and so therefore have the configuration options. There is no “one size fits all” approach for all scenarios, but the list that I am providing below should work as a good starting point. There is often a trade-off between the ease of manageability and providing good security, and the approach below,I feel,find a good balance.

The chart below describes the account, its purpose, what rights it needs to the local machines in the farm (including the SQL server machine(s), the rights it needs for SQL Server directly, and the rights it needs to the Active Directory domain.

Base Set of SharePoint 2010 Service Accounts

Account	Purpose	Local Rights	SQL Rights	Domain Rights
spSetup	Used to login to the farm servers Used to install bits on the farm servers	Administrator Remote Desktop Login	DB Creator Security Admin	Member
spFarm	Identity for all Windows Services Identity for all SQL Services (optional) Identity for Profile Synchronization Service Identity for all code running with elevated permissions (web parts)	None ⁽¹⁾⁽³⁾	DB Creator Security Admin	Member
spApps	Identity for all SP Application App Pools ⁽⁴⁾	None	None	Member
spServices	Identity for all SP Service Applications⁽⁴⁾	None	None	Member
spUPS	Identity for the User Profile Service	None	None	Member Replicating Directory Changes⁽²⁾
spCrawl	Used by the Indexer to crawl content	None	None	Member⁽⁵⁾
spBI	Trusted account for Reporting Services and PerformancePoint when not using Kerberos	None	DB Access as appropriate	Member
spSuperUser	Used for Object Caching	None	None	Member
spSuperReader	Used for Object Caching	None	None	Member

(1) Needs to be a part of the Local Administrators group while the User profile service is being created. See my previous post for more details. Once created, this account can be removed.

(2) AD Permission required by the User Profile service

(3) Required for a specific AD container when using the incoming email service. See this post for details on how.

(4) There may be a large number of these, one per entity

(5) Appropriate rights will need to be granted to this account for any EXTERNAL content being crawled (file system, shared folder, Lotus Notes, etc)

Hopefully this will help a few of you get started with a little less head scratching.

Using a Fixed Width Page in SharePoint 2010

Published July 5, 2010

For the most part, I prefer dynamic width pages on an intranet. It allows users to take advantage of the screens that they have, and to work the way that they want. They do have one big drawback though in that they don’t allow consistent control of presentation. You never know for sure where a particular screen artefact will be. This can be a real problem, particularly when it is necessary to maintain a consistent brand. The solution to this is to use a fixed width page, which basically keeps the width of the content constant, no matter what the width of the browser.

If you previously worked with SharePoint 2007, you’ll know that this was the default behaviour of the standard Publishing master pages (like BlueBand.master). Team sites, and most other sites used a variable width template. SharePoint 2010 now uses variable width for both types of templates, and I’m not sure that’s a good thing in a web content management scenario.

I recently had to set up my first fixed length centered page in 2010, and it was harder than I thought it would be. I isolated the class controlling the width of the content (#s4-workspace), explicitly set the width, and refreshed the page. it loaded correctly,but upon load,it immediately snapped back over to the left and filled the page. Obviously, there’s some javascript trickery going on here.

Luckily, thanks to Tom Wilson, the correct solution was quickly obtained. Basically, javascript is looking for that s4-workspace id, and doing what it thinks is best with it. Since we beg to differ, the solution is to first remove that id tag altogether. Then, you need to add in the appropriate styling to compensate for the lack of javascript positioning.

.SFC{
overflow:auto;
background: transparent url(''/SiteCollectionImages/Page_BG.jpg'') no-repeat fixed left top;

}
.SFC form
{
width:958px;
margin-left:auto;
margin-right:auto
}

The background image isn’t necessary, but it can be used to fill the non content region of the browser.

6 Comments

Overriding SharePoint 2010 CSS Classes – Background Images

Published June 23, 2010

I just overcame a tough little problem while branding a SharePoint 2010 site. I was trying to override the s4-title class in my themeable class but it just wouldn’t work. SharePoint Designer thought it was OK, my css class was loading last, ond IE Developer tools showed it as the active background image. Still no dice.

As is often the case when you’re overriding a class, the parent styles are in effect until overridden. I just couldn’t figure out what – the standard style didn’t show a background image. As it turns out, one was in fact declared in corev4.css (the standard set of classes). It didn’t show because it was positioned way above the page.

background:url("/_layouts/images/bgximg.png") repeat-x -0px -1023px;

I’m not sure why they do this (I suspect that it has to do with the theming engine), but my background was inheriting it. Once I added

background-position:0 0;

to my overridden class, my background appeared just fine.

Hope this helps someone.

9 Comments

SharePoint 2010 Page Layouts – What’s this UIVersionedContent all about?

Published June 23, 2010

If you work with the publishing features of SharePoint at all, or you do much branding, you’ve undoubtedly run into the UIVersionedContent control. Here’s an example of its use:

So what does this thing do? Simply put, it allows the SharePoint visual upgrade feature to work. When a site collection is upgraded from SharePoint 2007 (depending on the options selected), the sites themselves may wind up looking pretty much the same as they did before the upgrade. That’s because the SharePoint team didn’t want to be breaking any customizations or forcing users in specific teams to deal with new design elements, or for those concerns to hold up any upgrades. They therefore have introduced Visual Upgrade – this allows sites (not site collections) to be upgraded one at a time.

However if my site using the 2010features is using the same master page, or page layout as a site that uses the 2007 features, how will that work? That’s where this control comes into play. The control simply contains a ContentTemplate control, which in turn contains the markup to be used. It also possesses an attribute, “UIVersion” which is set to either 3 or 4. These numbers correspond to the old WSS versioning system (WSS 3, SharePoint Foundation 4) and will use the contained markup if the version of the site matches the attribute.

You’ll normally see these controls in pairs, giving an either/or type capability,but there’s no need to restrict them to this.

It’s actually a pretty slick system,but it does add a lot of text to the page layouts. One annoying thing is that all of the V3 supporting code is there even if it’s a brand new install of 2010. This makes sense, because you can introduce a V3 content database into the mix at any time, and you never know when you might need the support. However, if you know that the master pages and page layouts you’ll be working with will only be used in by V4 content, you can feel free to go ahead and remove the V3 tags. Before you do though, make sure that you’re not editing the system default masters/layouts. Always create new ones and do your customization there.

I’ve not seen any other values for the attribute besides 3 and 4 – these are processed by the server accordingly. I’m intrigued by the development possibilities though. Ideally, this could support an environment where I can register a “version” that my site could select to use. This would be much cleaner than keeping multiple master pages for variations in branding, or to support micro sites. This also might be a better model in the WCM world for multi lingual support. I have no idea if that’s the plan, but to me it would make sense.

2 Comments

Exporting a Publishing site from SharePoint 2010 Enterprise and Importing Into Standard

Published June 8, 2010

I do a lot of development/configuration on my local SharePoint farm for all sorts of reasons. When the content is ready I rely heavily on the stsadm.exe export and import commands to move content. However, this doesn’t always go as smoothly as planned. Usually site features that exist on the source, but not at the destination is the problem. When importing, you will receive an error indicating that a particular feature can’t be found.

Normally this is because of custom or third party solutions/features, but can also be an issue with out of the box deployments moving content from an Enterprise edition to a standard edition (but not the other way around).

There is some guidance for dealing with this out there for SharePoint 2007 but not much for 2010. Having recently gone through this in a trial and error fashion, I thought that I would share what worked. Essentially, you need to remove the offending feature before you do the export, deactivating doesn’t always suffice. My case below is for a publishing site, and your mileage will vary depending on the site template that you are using. First, the offending features are uninstalled:

stsadm -o uninstallfeature -force -name WACustomReports
stsadm -o uninstallfeature -force -name BizAppsListTemplates
stsadm -o uninstallfeature -force -name IPFSSiteFeatures
stsadm -o uninstallfeature -force -name ReportListTemplate
stsadm -o uninstallfeature -force -name DataConnectionLibrary
stsadm -o uninstallfeature -force -name PremiumSite
stsadm -o uninstallfeature -force -name PremiumWeb

Then the site is exported:

stsadm –o export –url http://mysiteaddress –filename myexportfile

Once done, the export file can be imported. However, don’t forget to reinstall those features – the previous step uninstalled them from all application (read – use with caution)

stsadm -o installfeature -force -name WACustomReports
stsadm -o installfeature -force -name BizAppsListTemplates
stsadm -o installfeature -force -name IPFSSiteFeatures
stsadm -o installfeature -force -name ReportListTemplate
stsadm -o installfeature -force -name DataConnectionLibrary
stsadm -o installfeature -force -name PremiumSite
stsadm -o installfeature -force -name PremiumWeb

Your mileage may vary depending on what you have in your farm,but all you need to do is to add to the commands above with the features in question.

3 Comments