SharePoint Saturday Kansas City December 2009

SharePoint Saturday Kansas City was a blast. Sold out registration amounted to over 200 attendees, and the community college did a great job both in providing needed facility resources and in catering lunch (via their culinary school). Becky Isserman and Kevin Hughes are to be commended for organizing the event and keeping all the amazing speakers in line. Copious quantities of water, coffee, and sugar were in as ready supply as power outlets.

My presentation was an end-user focused session comparing customization using three methods: OOTB browser based tools, SharePoint Designer, and custom code. In general, the message was that the greatest flexibility comes with custom code, but this also incurs the highest risk and cost. Recommendation, then, is not to custom develop unless it is determined that requirements cannot be met any other way. With feedback and questions from the audience, I plan to add a section on development best practices for IT managers (separate dev environment, Service Level Agreements for consultant work, etc). Any suggestions for this section would be welcome.

Big thanks are owed for help on the presentation, which summed up interviews with some experts who volunteered to help with their advice and opinions: Lori Gowin, Mark Rackley, Clay Cobb, Aidan Garnish, and Laura Rogers all gave opinions on the relative strengths and weaknesses of the three approaches. Bjorn Furuknap gave permission to use some screen shots from his blog.

As is par for the course at SharePoint events, SharePint was educational as well. Juan Celaya warned us of the dangers of tree-bound elephants. JD Wade introduced us to the latest in ergonomic office chair design. Dennis Bottjer explained some handy acronyms. Susan Henry and Mark Rackley produced ShareWow! SharePoint infomercials. Eric Harlan gave lessons in the use of bread products as air filters. Cathy Dew traded hair care tips. Scott illustrated narcoleptic conversation starters. Becky Isserman shared the Menorah lighting and taught us to play Dreidel. Coskun Cavusoglu impressed us with business cards featuring a pronunciation guide. And much comradery was enjoyed by all. The SharePoint community is awesome.

Moving Email-Enabled SharePoint Calendar

Devin Walker has an excellent blog post on a strictly browser-based method of moving SharePoint lists from one site to another using the List Template method. I used the instructions with success on one of our calendars.

I was concerned about the effect the move might have on events emailed to the calendar and on its display in Outlook as another user’s Calendar. These problems were resolved by giving the new calendar the same email address as the old calendar. However, making this email assignment required a direct edit in Active Directory, because attempting to assign the old address to the new calendar resulted in an error that the email address was already in use. Disabling email in the old calendar did not remove the Contact entry  in AD; neither did deleting the old calendar from the site. After removing the Contact from AD directly, I was able to assign the email address to the new calendar.

Testing showed the new calendar accepting emailed calendar items, and the new calendar displayed in Outlook correctly without having to delete and re-add the new calendar as another User’s Calendar.

SharePoint Access with a Trusted Domain

Establishing SharePoint access for users on a trusted domain was a great learning experience. SharePoint touches so many other fundamental services within the organization: in this case, good old Active Directory. The trust in question is an external non-transitive trust with a district office with its own domain. As a two-way trust, my users can authenticate on the foreign domain, and their users can authenticate on the local domain, where SharePoint is housed.

Authentication, however, will only get you so far. Without specific rights granted to individuals or to security groups in the foreign domain, the authenticated user could not view anything in our SharePoint environment, which is a closed intranet.

Best practice, of course, is to use security groups and/or SharePoint groups whenever possible to avoid the duplication of user management outside of AD.  Therefore, I needed the names of the security groups within the foreign domain in order to grant access permissions in SharePoint. If there is a way to view users and groups from a trusted domain within Active Directory 2003 Management Console, I haven’t found it. To get around the problem, I created a folder on my desktop and did the following:  right-click the folder and go to Properties>Sharing>Share This Folder>Permissions>Add..  From Locations… choose the trusted domain name. Then select Advanced to go to the Common Queries window. With no criteria listed, Find Now to get the full list of users and groups from the foreign domain.

To test the security access, I asked the administrator of the foreign domain to create a test account for me, which I then used to log on to the SharePoint site. The log on worked, and my test account was able to navigate the site pretty much as expected. The test account was placed in only one security group: the one representing the most general group: district office. Interestingly, because the group was added only to the Viewers group at the root site, this experiment did reveal some ugly situations where inheritance was inappropriately broken, causing the test account to be unable to navigate to sub-sites beyond that level.

Next steps will be to correct the broken inheritance problems, test alerts to the foreign users, and to map the foreign security groups to their local security group equivalents in order to grant permission to sites with specialized group permissions.

Duplicate SharePoint Personalization Site Navigation Tabs

Strange Symptom of Running Out of Disk Space

Recently we had an issue with SharePoint Search that caused very large log files to be produced, eventually taking up almost all the hard drive space. Restarting the server (without yet knowing this was the issue) produced a problem wherein a custom top navigation tab on the MySite pages was duplicated, appearing twice side by side between the MyHome and MyProfile tabs. This navigation tab was created from Central Admin (Shared Services Administration> SharedServicesName> Personalization site links), and was not custom developed.

Since both duplicate tabs were fully functional (if quite distracting) I left them for the time being to find the cause of the trouble. Once the log files were moved and the drive space restored, a restart outside of production hours corrected the problem.

School of Hard Knocks Lesson: Audience Targeting

SharePoint audience targeting is a great way to hide content from unauthorized users, right? You don’t want Department B to see the calendar on Department A’s home page, so you edit the calendar web part, targeting the calendar to Dept A only. Voila! When a member of Department B navigates to the site, the calendar does not appear, while Department A’s members see it. Nicely done, and you didn’t have to mess with those confusing security groups and permission issues.

“Is Bob Spiking the Eggnog in this One?”

Hold on there, big [boy|girl]! We need to determine WHY you’re hiding the calendar. If it’s because Dept B doesn’t care about Dept A’s dental appointments and would much rather see say, links to some incriminating office Christmas party photos, you’re cool. Content filtering is what audience targeting is all about. Using audience targeting, you can present a customized feel to a SharePoint site based on the user’s id or group membership. Given the limited screen landscape available when standard navigation is employed, audience targeting can also help create a cleaner, less confusing user experience.

“Obscurity is Not Security”

If you’re hiding Dept A’s calendar because it contains top secret appointments that shouldn’t be seen for security reasons, however, you have not done enough to keep out those nosy Dept B snoops. Just because a user does not see a web part displayed on a given web does not mean that the content is not available through alternative navigation, such as View All Site Content or by following a link returned in search results.

You can quickly test this by creating an item in an audience targeted SharePoint list or calendar that contains an uncommon or made-up word, such as “IfDeptBCanFindThisI’mDoneFor.” Log in as a user who is not in the targeted group, but otherwise has permission to view the site. The list or calendar will not be visible on the page to which targeting has been applied, but if the user searches for “IfDeptBCanFindThisI’mDoneFor,” the item will be returned in their search results, and the user will be able to follow the link in the search results to see the item’s content. Doh!

[Note that, depending on your crawl schedule, it may be several minutes before the new "IfDeptBCanFindThisI'mDoneFor" item is indexed and available in search results.]

To prevent this, you must modify the permissions for the web part in question. Care should be taking in requirements gathering here, as “Department B shouldn’t see this,” can mean different things to different people.

While audience targeting can create a customized experience for users, be aware that excessive use of audience targeting can cause slow load times, as all the content is rendered, and then subsequently filtered based on audience targeting.

SharePoint Saturday Ozarks

SharePoint Saturday Ozarks was a blast. The folks in Harrison, AR welcomed us warmly. A special thank you goes to the management at the Hotel Seville, who offered a discount to attendees and a tolerant attitude for our wild and wooly ways.

The attendee group was great, providing questions to help me be more informative in my next engagement. Suggested Laura Roger’s session on Out of the Box Webparts to one attendee. I was in the audience for this session later in the day, and got excited about the possibilities for business applications with a little work in SharePoint Designer. I’ll also be sure to have some governance resources on hand, since some attendees were looking for this information in particular.

I also attended Cathy Dew’s session on SharePoint branding, and boy, do I want to learn more about that.

The slide deck for my presentation (with links to resources) is available on Slide Share from the link below.

We Have Sharepoint! Now What

View more presentations from JoyKnows.

SharePoint Bootcamp Week 6 – The Mini SUG

Interesting turn of events this week. Had our first mini SharePoint User Group (SUG) with admins from three state agencies participating.

Our infrastructures vary widely. Mine is the smallest, with 1 Windows Server 2003 running SharePoint & and a SQL Server. The second agency is significantly larger, with 2 WFEs, MS Project Server, a box for SharePoint Services, and a clustered SQL Server group. This agency plans to migrate the currently split content dbs to a single dedicated SQL Server. The third agency is launching an environment to host SharePoint sites for several smaller agencies that have no IT departments of their own. This admin plans to create one SharePoint farm with multiple Web Apps to insulate the content.

While my inherited environment has been established for a couple of years, I’m quite new to the administration side, so talking with the admins from the other two agencies with their very new implementations made for good discussion at this sessions. Foremost among the topics were design strategy and challenges of implementation.

Since mine is the only fully-deployed, working environment, we plan to use it as a example case for tricky settings, like having both an HTTP and HTTPS address resolve to the same content on port 80. As such, I sent the other admins copies of my piped out Alternative Access Mappings along with the STSADM command to pipe out their own for backup, since this is not part of the built in SharePoint backup functionality. (Thank you, Todd Klindt, for providing this info).

We also discussed issues with BlackBerry authentication on SharePoint sites, a problem which needs more exploration to determine if connectivity problems are device specific, or BES policy specific. Additionally, an idea was presented to create a group test environment on a virtual box so we could explore different authentication and partitioning techniques outside our production environments. Cool idea, Eric!

Some other topics of interest (thank you Twitterverse for good discussion and referrals to blog posts):

Audience targeting is not security trimming. This met with some resistance, but I told them of the discussions I’d had on Twitter and my own testing which confirmed this. I could log in with my test user account and not see the calendar I had set as unreadable with audience targeting, but a global search not only showed the target appointment, but clicking on the result in the result set displayed the full calendar appointment with all its details. Audience targeting, then, should be used only to determine what and how content is *displayed* on a particular page. Only breaking inheritance and manually setting security access will prevent a user from seeing a particular item. Other observations on audience targeting: does the most good, but also causes the most performance drag, on the main page of a site or site collection: use with caution!

SharePoint 2010 will be 64-bit only. This includes all servers in the farm, including SQL Server housing the content databases. A welcome bit of news for the two admins working on refining an existing, but not fully deployed, SharePoint environment. They’d wanted to upgrade to 64-bit servers, but since they are running SharePoint 2007, they had the allowable mixed environment. Knowing the future would be all 64-bit gave good rationale for implementing a hardware upgrade at the same time as their infrastructure update.

SharePoint Service Pack 2 (SP2) reverts converted paid product back to a trial subscription. The admin has 180 days to reenter the license key. This was news to even our seasoned admin, who while not concerned for his current deployment, did mention he should contact his former employer to make them aware.

Overall, I think everyone was happy about the collaboration and the amount of information exchanged at this first meeting, even within a small group of people. We had some followups to finish for one another, and plan to meet once a month, with perhaps some other agencies invited. I’m the newbie of the group, but had plenty to share because of my reading and paying attention in the community groups. This is a testament to the power of the User Group. If you have no grand expectations, but come willing to seek information and share what you know, the group’s value can be more than the sum of the individuals involved.

Women in the Tech Community

Some thoughts inspired by Becky Isserman’s blog post “My Experience as a Woman in the Community:

Thanks, Becky! It’s good that we can discuss our ideas and concerns repectfully, and as professionals.

All my IT work has been in male-predominant teams, a fact that has never been a problem. In my experience, if you pull your weight and do the work, there’s not a gender issue. If you’re good, teach others. If you don’t know, ask. You’ll catch a lot more hell for being a slacker or poser than for being female.

Of course, it hasn’t always been that way, and a nod is given to the women of the “Mad Men” years who made it possible that, in my agency, the boss is a woman, and women outnumber men on most teams; a situation most remarkable today for its lack of remarkability.

That being said, I enjoy the comradery of groups in which I’m involved. As a newcomer to the SharePoint community, I’ve felt welcomed by everyone with whom I’ve interacted, but particularly welcomed by the all-female group, which encourages members to seek out speaking engagements and to share expenses to make non-work sponsored travel more affordable.

That gender division does seem to promote misunderstandings, however. Take for instance the Pajama Party Podcast idea. This was to be like a sleepover with girlfriends in flannel pajamas & curlers, but instead of dishing about boys, they’d be dishing about SharePoint. The speed at which this was interpreted as a potential “Tech Girls Gone Wild” episode was concerning.

Don’t get me wrong, I love a good off-color joke, and will probably privy you to some if I meet you at a conference, if you’re up for it. But I think sometimes the all-female premise lends itself to misinterpretation, when that is not the intention. Because of that, gender-based groups might want to make a particular effort to choose their branding mechanisms wisely (…and yes, I intend to take my own advice on that note).

So do we *need* a gender-based group? Probably not. The community is accepting of both sexes. Although I appreciate the promotion of women by women within the community, I wouldn’t want to be selected over another speaker because of gender. But I didn’t percieve that as the intent of the female group; there’s enough talent among the members not to need special treatment.

Is a gender-based group a bad thing? Also, probably not. People are motivated in different ways, and if participation in a group pushes you to realize your potential in ways you wouldn’t have, that is a good thing. A very good thing.

The barriers to entry as a speaker today seem to be more within the person and their skill set. As a newbie, I have a lot to learn, but I’ll learn it. It takes time, and mistakes, and slogging your way through others’ mistakes, and asking for help. There aren’t any shortcuts, although knowing people who’ve been there before certainly helps. The support available from the community if you’re willing to ask is amazing – it’s definitely helped me.

And in the end, I don’t know any women who want to be known by their technology peers as “good…for a girl.” They want to be good. Period.

SharePoint Boot Camp Week 5

“Pride goeth before a fall.” Proverbs 16:18

So last week I was all pumped because after a month or so of reading and discussion, I finally felt I knew a little something about SharePoint administration.

This week I learned how little.

The MOSS setup includes a single virtual machine with Server 2003 and a SQL Server database. In attempting to move the VM housing MOSS, the sysadmins found they could not migrate it because of a missing VM vmx file. Attempts to recreate the vmx file were unsuccessful, and the VM would not power-up after shutdown.

We prepared to recreate the farm by reconfiguring a new virtual server to house MOSS. Luckily, I asked my good friend and patient mentor Todd Klindt (@ToddKlindt on Twitter) for some advice.

Turns out I was mistaken in thinking that because the farm included only one box, and that machine (which housed central admin) was unavailable, that we would be unable to join an additional server to the existing farm. In other words, I thought we would need to create a new farm by provisioning a new server, recreating our web apps, and then reattaching the databases from backup.

Todd corrected me by explaining that the config dbs are stored within the SQL Server databases, and that once we told the new MOSS Server which SQL Server database to use, the web apps, configs, Alternative Access Mappings, and content would be available, a process similar to adding an additional WFE.

The config dbs WERE the farm, so as long as the dbs were intact, all of our prior configurations would be there.

Things we would have to check would be SSL certificate installation, host headers, and removing the old machine from the farm via Central Admin (since it will continue to show up under Servers in this Farm). Other issues might be specialized icons (like the .pdf icon for search results), and Forms Based Authentication.

Sys admins came up with one more way to try to revive the old box. It took four hours but we took the gamble, since there were some settings on the original server (such as the host headers and IIS settings) that we had not backed up properly. If we could get the old setup going, we could export them properly and then add commands to the backup script to back them up in the future. That would put us back at a point of a working system, and we’d be in much better shape.

I got a reprieve — it worked! The current box will still need to be decommissioned, but it is back to its working state before it was shut down. Now we can more gracefully add the new server to the farm, switch all the services to the new server, and remove the old box.

Thankfully nobody’s yelling at me. SharePoint Admin is not even in my job description – I’m the Applications Chick. But when I realized there was no SP Admin, and that we had no one on staff with any experience with SP Administration, I figured I’d better start learning something about it because my apps and my users depended on it.

When I said something along that line, the head sys admin asked, “So who’s job is it?” I told him the former junior sys admin was doing it. “So you’re saying it’s my job?”
“No, I’m saying it’s your new junior sys admin’s job. Funny, he’s the only one not here working this weekend.” We both laughed.

I’m guessing this means I’ll get to add that SP admin designation pretty soon – because it’s pretty clear nobody else wants it!

Cross training in SharePoint is almost inevitable, anyway. SharePoint integrates so heavily with other technologies, you really need to at least have a working knowledge of SQL Server, Exchange, Active Directory, MS Office, and networking to make sure you can figure out the origin of errors when they pop up.

Thanks goes to Todd again for his help. He didn’t know my fan-dom came with a 24-7 tech support contract! Only thing I can give him is a problem example for his Monday morning netcasts.

But you gotta work with your strengths, and being a good bad example is definitely one of mine.

SharePoint Anagrams

Had come up with a few funny anagrams for SharePoint, and shared them on Twitter. The name has many of the letters you’d pick first when trying to solve the puzzle in Wheel of Fortune – so it was a good candidate. Then a friend referred me to an anagram serving website, which delivered several, although most were pretty boring. Here’s some of the goodies, both from the site and ones I found:
Evil SharePoint:
Hate Prison
Hernia Spot
Pain Throes
Hope Strain
Hare In Pots [Think Fatal Attraction]
Tear Siphon
Others Pain
Naughty SharePoint:
Hop Nastier
Porn I Haste
I Entrap Hos
Ornate Hips
Open A Shirt
Pa Horniest
Repaint Hos
Under the Influence SharePoint:
Another Sip
Pats Heroin
A Top Shiner [Beer]
Retain Hops
Nears Pot Hi
Hoarse Pint [What you have after teaching too many SP Sessions]
Parties, Hon!
Felonious SharePoint:
Apron Heist
Pirates, Hon
Rat Phonies
Hit a Person
SharePoint SharePoint?:
Phase Intro
Persona Hit
Orphan Site [This one was a little freaky]
Silly SharePoint:
Retinas Hop
Hairnet Sop
Hear Pintos
Opera Hints
Tape Rhinos
Nosier Path
Has Protein
Paint Horse
Pita Nosher
Thin as Rope
So I Panther [Had it been Cougar, this might have been under Naughty]
No Hare Pits
No Hair Pets [Thanks, Todd K.]