Published: October 17, 2012 13:10 PM by
The stars must be in alignment, because here comes yet another blog post. This is another area that I have found to be short of great information in the SharePoint community in explaining the URL, how its built and how it can actually be a good… No, a great tool to increase find-ability of information AND give a wealth of information just at a glance. It will take some training and understanding with your end users, but in the long run, the pay off could reap huge rewards.
There are a couple of things I would like to caution to think instantly that they are ‘good ideas’ right up front. The first is the use of the Tiny URL’s. This may seem like a good idea at the time, however, the tiny URL can be cryptic at best. At worst it could be used by a disgruntled employee to send viruses, or people to less than savory sites, phisher sites, etc. The second reason is certainly understandable, but the first on being cryptic at first pass may be a moot point to you. The fact its short and sweet is great, yes it could work, but can any valuable information be drawn out of it? Will a user be able to see a tiny URL with a bunch of ‘random’ characters and goes, oh that link goes to the employee handbook? I don’t think so. So the email they got the URL as part of the body with the subject line of what it is will have to be kept… not good.
The second rumbling that I have heard about is in SharePoint 2013, the ability to assign Friendly URL’s (vanity URL’s). This ability will be available as a publishing feature. This certainly is better than seeing some of the cryptic URL’s with GUID’s thrown in for good measure. There is some uses here, but unless there is some sort of governance around the naming convention, this could very well go all over the map. I would hate seeing the URL http://<intranet>/Toaster/ go to something like the company Christmas party image of your CEO with a lampshade over their head. (Just sayin!) Probably not, but there is that possibility.
Why are these scary to me? They do have their place but when it comes to organized content, these two approaches could muddy the water and diffuse the potential for a great information architecture (IA). I may be off base here, but with my experience URL’s can make or break find-ability in an organization. Think of it as mixed signals to your end users.
A lot of the remainder of this post is going to refer to my previous blog post called An Executives Look at SharePoint Security. When working with at client, I always build SharePoint solutions security centric. In my Blog post I spoke of the four categories every SharePoint site you can possibly imagine will fall into governed by security. When configuring the main web application on an engagement, I build four managed paths that match up with those categories. (Department, Team, Project and Community sites) I also delete the ‘sites' managed path as this is too generic. Something generic when trying to put together information that is useful is like having a zombie movie where everyone is already a zombie and they all happen to be vegetarian. This sets the foundation for the URL’s and is key for making your SharePoint URL’s increase in value. Creation of new site collections depending on the type of security and what category they fall under should automatically utilize the managed path it matches up with.
Another thing to understand is when creating site collections, sites, lists and libraries using naming convention best practice will assist in the ability to have your URL legible. An easy to read URL that will contain a wealth of information such as security and other identifiers of the site the URL points to is a welcome site. One best practice is to not allow any spaces when first creating a list of library. If you create a list or library with a space in between the words when you first create it, the URL will have to add a %20 to the URL to represent a space. Not much fun to read, when you have a lot of %20’s in a URL. It makes it very illegible. Once the list or library is created, then you may go back into list/library settings and add the space(s) back into it as it will have no affect on the URL at this point forward.
The Useful URL
When you put this all together, the URL should read like a sentence. See the image below.
When your taxonomy is correct the URL can give a wealth of information. I will break out each segment below, with ideas, thoughts and reasons.
Web Application: This is the largest object in SharePoint as stated in my previous blog. This is also the beginning of the URL. I would say having a good name utilizing a host header is better than the name of the server or something phenomenally generic like ‘SharePoint’ or ‘intranet’. This will help it to be more memorable and allow for a fresh outlook if a previous SharePoint deployment attempt when horribly wrong. This will also be the beginning of the sentence, the noun if you will.
Managed Path: Remember earlier in this post I spoke about using the categories as managed paths. You will have the managed paths department, team, project and community available to you. This will indicate what type of site it is at a glance. It goes beyond that as well. I know the security schema that is attached to it as described in my previous blog post as well. It tells me who is able to see/interact with the information that is housed at the site. Is it the company as a whole, just my department or a sub set of individuals comprising as a team.
Site: This is pretty straight forward… what site is it? As above, I did not spell out SharePoint, but did keep GovernanceCommittee. Is it a bit lengthy? Yes… yes it is, however, it is also extremely legible as well. I know I am going to the SharePoint Governance Committee’s site and I also know what to expect as well.
List/Library: As stated in the section of this blog post called The Foundation, If you create a list or library with no spaces in the name initially, the URL will not have a lot of %20’s in it. I know know from the image that I am going into a document library for Governance documents. Having a specific name vs. the out of box generic names is also going to help you with find-ability as well. You have to understand, with the out of box team site template, the document library Shared Documents will be in each and every single one. Then you have 100 sites, made from the template with the same document library name, the difficulty to find something due to the fact there is nothing that will assist it to rise to the top. This being said, its also in your best interest to give a good description, as this too brings weight to your search results.
Folders: Not pictured but well worth a mention, is folders. Do not have extremely long names for folders. You will rush very quickly to a bad place where your URL will exceed the 256 characters before you even put your documents in the folder. If this takes place, you will not be able to get to your documents. If you want to have the URL legible beyond this point, you will need to not have spaces or use _’s instead of spaces. This is a whole topic I could do a full blog post on… hmmmm. For now, just understand the same rules will apply here, but the URL will change if you put spaces in after its initially created.
Items and Document: Might as well take this through the gambit… right? When you name a document or list item, if you again, want the URL extremely legible, don’t put in spaces. I have to pause a moment to take this a step further. This is a web based application. Don’t try to put funky characters in your file/item names. SharePoint will not like you for it. No ?’s, #’s, /’s, &’s, etc. This will bode very badly and SharePoint in most cases will not even allow it. Also be aware of the length of the file names or item titles. Being in a web environment, SP will break if the URL goes beyond 256 characters. I have seen this to this day, yes.
With a little planning, you will be able to have a URL that will be of great value to all your end users. Something that will allow them to know many facts about the location they are about to visit. Upon receiving a link to a document or item in SharePoint, the URL will quickly let them understand a lot of information about that document or item before even opening it.
Published: October 15, 2012 09:10 AM by
I have been working with a lot of clients since my last post and have come to the realization that security is still a pain point for many when it comes to SharePoint. The thing that has left the deepest impression when it comes to this topic is the fact “despite everyone saying that security is the greatest concern,” it turns out security is placed as an after thought. A lot of this has to do with the lack of understanding what security is and how it works. This post is going to try and give an executives explanation to the following. For all of you out there on different versions of SharePoint, this is version agnostic, meaning, this can be taken to heart no matter what the version of SharePoint is.
- High level explanation of the SharePoint object model
- Categories of any site you could create in the eyes of security
- Site Collection vs. sub site
- Tie it all together
SharePoint Object Model (High Level)
One thing I have learned working with different level management from directors to your High C’s (CEO, CIO, etc.) is they appreciate the breaking down of SharePoint objects and what it means to security. Most people (I know I am one of them are visual) so I have created a image of how the objects related to each other. See the image of concentric squares below.
Use the image on the left to visually understand what I am going to attempt to explain. Each box represent an object in the wonderful world of SharePoint. The larger the box, the larger the object. The smaller the object… well you get the idea. The parent child relation starts from the outside and works its way to the inner. The web application is the only object that does not have a parent object. The item object is the only object that does not have a child object under it.
What is all this parent/child stuff I am talking about? That is a good question. Just like my father, I have dark brown hair. Looking back at what we learned in junior high science class, I have dark brown hair because I inherited my fathers dark brown hair genes. In SharePoint, when it comes to security, the child can inherit the exact same security as its parent. For example, the intranet you go to every day that is on SharePoint has security. Everyone in the company can SEE the intranet, but not make changes to it. Only a very few individuals have the ability to make changes to the intranet. If you created a sub-site underneath the Intranet and told it to inherit the permissions of its parent, that would mean, it would not be just a copy of the permission of the parent, but the permissions of the parent itself. So the same few people who could make changes to the intranet, will be able to make changes to this new sub-site. The same people that had permission to view the intranet, would be able to view this new sub-site.
SharePoint will allow you to change permissions of any object you see in the image of concentric squares. This in itself is not a difficult concept to grasp, however, it does have other ramifications you should know about that could add complexity on the maintenance of the security over time. We will get into this when we come to the section “Tie It All Together” For right now, understand that you can give unique permissions to any object in image to the left. The largest two boxes, web application and site collection are allowed to have their own unique permission set without breaking inheritance. The site collection is the smallest object that has its own unique security schema without cutting ties from its parent.
Site Categories in the Eyes of Security
As you can see from the table below, there are four types of sites. Two of which are almost identical except for the fact one has an expiration date. (See Team and Project in Table 1) Please understand, I know these are generalizations and there can be an infinite possibility of permutations and variations of security.
A department site is a collaboration site specifically for the department it is named after. There are no exceptions, if you are a part of the department you can go to the site, if you are not, you may not.
AD Security group containing only employees of a specific department
This site is the most common site of the four. This is a site that allows for cross departmental collaboration.
AD Users added directly by the Team lead or usage of an AD Security group created for the team by the IT department.
This from a security standpoint is the same as a team site. The one difference is this has an end date. Projects finish then are archived or removed completely.
AD users added directly by the project lead or usage of an AD Security group created for the project team by the IT department.
A community is a companywide site with no exceptions. Everyone participates as some level.
In this case, <domain>/domain users is an easy way to handle this.
Site Collection vs. Sub Site
One of the questions comes up constantly. Should we use a sub-site or a site collection? The answer is yes. There are different times you will use both, both have their own place in the world of SharePoint. Understand this is from my point of view, through observations that have been made over time at multiple clients that span mom and pop shops of a handful of employees to Fortune 500 companies with over 35,000 employees. I see things very black and white when it comes to security in SharePoint, and yet have seen and even worked in several shades of grey. I will try and put a table together of the trades offs on a site collection vs. sub site at the end of this section.
A site collection as you recall from the section labeled SharePoint Object Model, is the smallest object with the ability to have a unique security schema without breaking inheritance. A site collection is an island unto itself, meaning, there is no way to get to it without a link or knowing the URL. If one would look at a SharePoint intranet, there could be dozens of site collections beyond the one housing the intranet you may not even be aware of. Think of it like a cloaked Klingon battle ship. Unless you know its there, or it lets you know its there with a happy greeting of lasers, phasers and other weapons, it is out of site and mind. Lets face it, seclusion is certainly a strong proponent of security. Prisons, such as Alcatraz are proof of that.
What does this mean? In order to ensure a unique security schema for a specific site, the site collection is the best choice. It will be able to utilize or disallow SharePoint features, allow for a potential non-IT employee to be the owner, have its own recycle bin, its own quota and more. This being said, the downside to its seclusion is you will need a plan how to allow your casual browsers/employees find the site collection if they lose the link, forget to hit ‘add to favorites’ or delete the email that welcomes them to the site collection. The navigation is specific to the site collection itself only. Anywhere outside the site collection including that phenomenal navigation your corporate communications department put together will not be there natively. Create a feature to force that navigation to be uniform across, build it manually for each site collection, decide to have every site collection utilize its own unique navigation within reason as long as a link is available to go back to the home page of the intranet. These are the paths that you could choose from. There is no wrong choice as long as one is made.
A sub-site is a part of a site collection, the navigation of a sub-site is tied directly into its parent. You even have the option to use the global (top) navigation of the parent so its uniform. When first created, you have the choice to dictate if the sub-site is going to share the same security as its parent or break the inheritance. The sub-site is listed in the View all Contents page of the parent site. You are able to use several out of box bubble up web-parts to consolidate like item objects in a single view at the parent level. This is most certainly not available to cross site collections. I find the time to use a sub-site is when the security is exactly the same or a sub-set of users of its parent site. For example, I would create a sub-site in the HR department site for the director and CFO. This sub-site will contain documents, that are so sensitive in nature, only these two by company by-law will allow them to have access rights to them. This is an appropriate business case to break permission inheritance.
|Site Collection ||Sub-Site|
|Does not break inheritance for unique security schema ||Must break inheritance for unique security schema|
|Navigation, both global and local are unique, additional development must be put together to have shared navigation cross site collections ||Can inherit global navigation from its parent with out of box controls.|
|Easy for end users to loose track of if the ‘email’ with the link welcoming them is lost or their favorites on their browser are reset to default. ||A sub-site can be found in a variety of ways, including links on the page of View all Site Content as well as in the global and/or local navigation of its parent site.|
|Has its own quota. ||Shares a quota with its parent, therefore has less space to store information|
|Contains its own recycle bin and second stage recycle bin ||Contains its own recycle bin, but shares its parents second stage recycle bin requiring a site collection owner, not site owner to restore things that have made it into the second stage recycle bin|
Tie It All Together
Largest Common Denominator
When giving out permissions you want to try and figure out the largest common denominator and give sweeping permissions in relation to that common denominator. The easiest site to explain this to is your intranet. The largest target denominator is the site collection that the Intranet (definition of intranet here is all employee facing pages of company approved information in a strictly controlled environment) is contained. The largest common denominator in this example is every employee of the company must be allowed to see (read-only) all the pages contained within the main Intranet. Giving permissions easily to achieve this is to add <domain>/Domain Users security group to the Readers SharePoint security group. (read-only) This covers the largest portion of the population with the needed permission set. For the few who actually own the content and need permissions to make changes to it will be added (perhaps individually) into the “Designers” or “Site Owners” SharePoint Security groups to obtain that elevated set of permissions. Simplicity should be the goal, but not the absolute when giving permissions by the largest common denominator.
One of the greatest and worst features about SharePoint is the ability for every object you saw in the image above with concentric squares have its own unique security schema. The thing that has plagued most every company that has had SharePoint up to this point is security when first released was an afterthought. “After all we can just break security and give unique permissions to object X.” Though that is true there is a price you must pay for every inheritance break that is rarely thought about. The difficulty for maintaining that security schema increases by N+1, where N = the number of inheritance breaks you can find in a single Site Collection. As much as I despise underlining to try and force a point, it is absolutely necessary here. Making the security bend to your will to accommodate your needs is easy, but maintaining it is a much different story. An example is needed here. You are working on your team site. This site has over time become quite large and gone through several owners. You don’t realize there are 86 breaks in inheritance. A new employee is added to your team. They are supposed to have rights to every item in your site collection. You know of 67 inheritance breaks, so you go to each one and add them manually. A deadline comes close and the new employee is told to go to a document, but they don’t have rights. Finding the place where the inheritance was broken to get them those rights become arduous and painful. Avoid the breaking of inheritance like the plague (as I should avoid clichés like the plague).
That being said, there is ALWAYS an exception to every rule and the one I just told you of not breaking inheritance if at all possible is no different. There will be times a business case is presented that will deem the usage of inheritance breaking necessary. The key words in the previous sentence are “Business Case”. When you have a solid business reason behind the breaking of inheritance, the maintenance issues spoken of in the previous paragraph becomes secondary to the need.
Planning your Security
After I have said all of this, I want to encourage you to plan your SharePoint solution around a Security Centric approach. This will in the end allow you to have a much more simplistic security schema in place that will in turn allow you to be able to comfortably manage it. Understand, over time, even the best security schema ever created that even extra-terrestrial beings will come and try to copy, will over time deteriorate. Security should be constantly in the back of your mind, not your end users mind. (Not that it usually is)
Published: April 22, 2011 12:04 PM by
Back story: Sitting with a client, their entire focus for their SharePoint project was geared around the social networking abilities of SharePoint 2010. What I did know, was area got a huge upgrade between 2007 and 2010. I also know how MySites work, how they are configured. I would even go far as to say, I am quite comfortable with setting up Profile Synchronization despite its idiosyncrasies. The SharePoint 2010 proof of concept was up, everything was running smooth, and AD was synchronizing nicely. Lets see how this bad boy works with Office 2010. Then to my stark realization the supposed super cool, outrageously awesome tie in to SharePoint and Outlook information called the Office Social Connector was blank. NOTHING! Its just a flick of the switch, right? Not exactly. I walked into this looking at Office 2010, Outlook 2010 specifically, as a black box that knows what to do.
Wowsers, where’s the info!?
The Problem: So here is the problem I encountered. SharePoint and Office do work well with each other, BUT… There is more to the Office Social Connector than meets the eyes. There are more steps involved depending on what you want to display. The problem lies in, there is very little about it in one place.
Needed Information: After several days of piecing fragmented information together, the black box began to become more translucent. Let me share with you my findings. This is not going to be a huge developer deep dive of vast proportions to break the code to the Fort Knox of Microsoft Code. This is to try and give to you what I learned in layman’s terms in every day speech. This way you know what is needed to make the Office Social Connector work with your network. Minimally. If your looking to tie it to other sources, such as Facebook, LinkedIn etc. No soup for you.
Nothing was in the social connector, not even emails related to that individual. How could that be? What was wrong? What needs to be put in place? Windows Desktop Search. Yeah you heard me correctly. It makes sense when you think about it. My client is still running on a Windows XP image. Windows Desktop Search was not a part of the image. So this is why even this information was not available. Here is where I got found the fragment that pointed me in that direction. “To take advantage of the features that are available with the Outlook Social Connector, you must run Outlook 2010 in Cached Exchange Mode with Windows Desktop Search and have Microsoft SharePoint Server 2010 My Site configured for users. In this configuration, local items — such as e-mail messages, meetings, and attachments from the sender — will be included in the communication history. Additionally, with My Site configured you can view the activity feed from the sender’s My Site.” This can be found Determine which features to enable or customize in Outlook 2010.
Once I installed Windows Desktop Search and it indexed my machine, as if like magic most everything started up. Sweet! Oh yeah baby! Out of morbid curiosity, I switched over to my laptop which is running Windows 7. I found a pleasant surprise. My information was already showing. Suddenly I remember, Windows Desktop Search is baked into Vista and Windows 7. No wonder why I was just expecting it to work. Certainly good to know.
As for the feed updates. not nearly as difficult. Click the big green + Add under any of your pictures and let it rip. Type in the URL to your MySites, then username and password. BAM! There it is. This was not difficult. No worries, there.
Last thing, seems to be a wall bigger than the Great Wall of China… photos. Why are they not there? We all put our images in our SharePoint profiles. Yeah… Yet, nothing. Grrrrr! It took several days of research and redesigning my Bing (see that Microsoft! ) searches to get the information I was looking for. When I finally came to the answer I must have looked like a deer in the headlights. I was certainly not expecting it. I knew at the clients many of the executive board want the images populated. I also knew we were going to be in a battle with the AD owners. Let me give you the excerpt from the Blog post the Office team put out there about this very thing that helped me understand what needed to happen. “
I’ll use Active Directory since it will be the most common type of server used. What is the benefit of storing pictures in Active Directory? Well, the new Outlook social connector will pull from what is stored in the thumbnailPhoto attribute so a picture of a sender is visible in email. SharePoint 2010 will sync users pictures directly to the thumbnailPhoto attribute.” Found at SharePoint 2010 Profile Picture Property 101. Now if you are like me you are going to say, what was that? Store the images in AD? Really? I have to say… Really. We tested the theory and sure enough, the images once all the AD servers synchronized. So this is where it gets interesting. How are you going to get the images in there? Well SharePoint can do it! BUT (There always is a big butt with these, isn’t there?) This means the battle with AD team members will have to be picked up again. This time they are going to have to give your LDAP service account even more privileges to make changes in AD. Good times will be had with your governance committee to give solid business reasons as to why you want to increase the permission radius of your LDAP account. Unless you have the trump card, “Because the executives said so.” Everyone has to give their LDAP account Replicate Directory Changes permission. That was a battle to let them understand that without it SharePoint Profile Synchronization would not happen. Here is the excerpt from the TechNet article of what needs to be added. “If you will export property values from SharePoint Server to AD DS, the synchronization account must have Create Child Objects (this object and all descendants) and Write All Properties (this object and all descendants) permissions on the organizational unit (OU) that you are synchronizing with. See Grant Create Child Objects and Write permission for instructions to grant this permission.” Yeah, this is to allow you to change SharePoint from import to export.
Solution Had: Once these changes were put in place the Office Social Connector worked like a champ. Lesson learned, SharePoint touches everything. Its no longer the simple plug and play of 2001. (If you could even call that plug and play) I needed to put this out there because I know many of you are looking for the same answers. With them being spread all over the internet, having it in one area, certainly helps.
Published: January 28, 2011 14:01 PM by
You are sitting there minding your own business thinking life is great. You just installed a SharePoint 2010 environment and WHAM! You have the indentation of a bus license plate on your forehead. What was that?!? You just opened up your SharePoint Health Analyzer and see the error. (See Figure 1) Expired sessions are not being deleted from the ASP.NET Session State database. Fight the urge to play “It’s the End of the World” by R.E.M. and crawling under your desk repeating “duck and cover.” This can be fixed, and without too much pain. Really!
Ok, go to your SQL Server and open up SQL Server Management Studio. You will need to have SQL Server Admin rights. (I believe. My SQL Admin days are a faint memory in my mind. I know enough to be dangerous.) Look for SQL Server Agent and expand that. There you will find Jobs. Expand Jobs and see if you have a DeleteExpiredSessions job registered or not. (See Figure 2) If not you will need to fix this.
We need to create this job so we can save the world. (Mwaa haaa haaa) Right click the Jobs folder in SQL Server Management Studio and Select New Job. On the General configurations page, Enter the Name, who you want the owner to be, category if needed, and a description. (See Figure 3) NOTE: The SharePoint health checker is looking for a specific name. DeleteExpiredSessions should be the name you use. Or change the rule to the name that you select.
On the select a page on the right hand side click on Steps next. At the bottom you will see the New button. This will allow you to build a new step. From here give the Step a name, use Transact-SQL script (T-SQL), Select your StateService_<GUiD> DB and put in your SQL statement in. (See Figure 4) Click Parse to make sure your SQL statement is correct. Click OK.
On the select a page on the right hand side click on Schedules. At the bottom of the new window you will see the New button. This will allow you to build a schedule. Give the schedule a name, and time(s) that work for your corporation. (See Figure 5) Click OK.
Fill out alerts, notifications and/or targets if needed then hit OK. You will see your job appear in the job list. If you wish, you can execute the job you just created by right clicking on it and selecting Execute Stored Procedure.
Published: July 15, 2009 13:07 PM by
The first few minutes of my presentation, I will be doing at the Best Practice Conference. Trust me, it gets even better, but you have to attend to get the rest!
Back in the day, a literary Labyrinth was called a Choose your Own Adventure Book. I actually have somewhere in my parents house the very same book that is pictured above. Reading these was an adventure. Did you choose the right path? Putting your finger(s) in multiple pages, just in case you did not choose the right path. Planning your SharePoint environment is very much the same way, there can be multiple out comes, with lots of twists and turns along the way, and depending on the choices you made earlier, could force the outcome later.
Page 1 & 2
Your company hears about this SharePoint “thing.” It sounds like a good idea. You and a bunch of co-workers are standing around the water cooler talking about it.
“Hey Sarcastic Sally, how is the paper your working on?”
“As good as an ulcer,” Sally retorted.
|“Did you hear about that program called SharePoint?”|
”Stop smiling, the light shinning off your teeth is going to blind me. Yeah, it sounds cool.”
”Maybe we should look at the business problems it could solve before we move forward with it?” you ask yourself out loud.
Sarcastic Sally Scoffs. “It’s a cool application, let’s just move forward. You are such a worry wart.”
Go to page 21 if you agree with Sally
Go to page 37 if you want to follow your own idea
Sally scares me, I think we better listen to her. However, I am not sure if this is the right way, so lets put our finger in here JUST IN CASE.
Page 21 & 22
Your SharePoint environment is installed and takes a life of its own, causing chaos and mayhem everywhere in your company. You are blamed for the IT nightmare and sent to a small town in Idaho to flip burgers.
Oh no! I like burgers, but not that much. What happened!
In reality, this is a very common mistake. More companies than not introduce a application into their environment without understanding the problems they are targeting to solve. This can be fatal to the success of releasing the application, especially if it is SharePoint. You have to understand the new workforce you are dealing with is Generation X, Generation Y, and the Lost Generations who have had Internet for the better part of their lives. They are the My Space, Facebook, iGoogle, My Yahoo, My MSN, instant messaging, tweeting generations. They know how to use we based applications very well. SharePoint being a web based application will be instantly second nature to them to use. That being said, if you do not know what business problems SharePoint is going to solve for your company, they will make those choices for you. There is a LOT of power with just out of the box features and web parts that they can take advantage of. At first glance this may sound like a good thing, however, there is one caveat. If you have legacy applications or applications that are not as intuitive to use, user friendly or “cool” to look at this new workforce can and will use SharePoint to replace those applications. This will then spread your information over multiple systems causing search ability issues and segmented data. This is not the desired effects SharePoint should have. SharePoint is extremely powerful, and I will dare say more powerful then Microsoft even realizes. This is a good thing, but has to be managed properly. In time those legacy applications may very well be absorbed by SharePoint based applications, but you want to keep it under control. Spotting the business problems SharePoint is designated to solve is the first step in a healthy deployment.
Good thing we put our finger in the page. Lets go back and try the other path… That's, page… 37. Lets go!
Page 37 & 38
You shoot back, “No, I think it will be a good idea to figure out the business problems we want to solve for the company.”
“Like what?” asks Jeff from accounting.
Sally and you watch him drain half the water cooler bottle of its contents into his water bottle. “Well, Sally already gave us one. She is having trouble collaborating with her team. The paper they are working on isn’t as easy as it should be. So collaboration is a big one I would think.”“Oh, sorry to hear that Sally, but we have our own problems,” Jeff informed us.
“How so?” Sally inquired.
“Well, we have all of these reports we are forced to do, but they are so time consuming, I don’t have time to do what I am supposed to do.” Jeff wrinkled his nose.
“The enterprise version of SharePoint has Excel Services and BI capabilities,” I offered. “That could be another business problem we could solve initially.”
“Do you have an executive sponsor?” Jeff wondered.
“We are IT, why would we need that?” Sarcastic Sally snapped.
“To get funding and support.” Jeff said defending himself.
Go to Page 13 if you want to get an executive sponsor.
Go to Page 25 if you agree with Sally
I say we go with Sally, she still scares me. Lets go to page 25, but I am going to put my finger here again, JUST IN CASE!
Page 25 & 26
| || |
Oh no, SharePoint has been considered a rogue project. Lack of funding has landed us in trouble. We are forced to use an old Commodore 64 and two TRS 80’s to try and build the environment. The project and idea has died before it could even go forward. A walk to the water cooler for you and Sally is now known as the Walk of Shame.
Sally did it to us again! What happened?!
Find out at the SharePoint Best Practices conference. If you want more information about the Best Practices Conference click on the banner below. Hope to see you there, as the line up of speakers is UNBELIEVABLE! Two of which are the authors of the book that inspired this entire event. Microsoft Office SharePoint Server 2007: Best Practices published by Microsoft Press.
Published: July 15, 2009 09:07 AM by
The first few minutes of my presentation, I will be doing at the Best Practice Conference. Trust me, it gets even better, but you have to attend to get the rest!
Active Directory (AD): Cheshire Cat. AD is everywhere and nowhere at the same time. To the end users AD is absolutely no where. They know they signed onto their computer to get to their applications, but if you ask them what AD was, they would look at you with the wide eyed bewilderment Alice had upon entering the looking glass or wonderland for that matter. This is the power of being nowhere as the Cheshire Cat. If you switch to the internal IT personnel’s point of view AD is everywhere. Its security permeates throughout all of the network environment. Applications, computers, file shares all utilize AD for permissions for starters. AD when it comes to SharePoint can be looked at in two parts. The user and the security group. Just like the Cheshire Cat can detach its head from its body. These two parts indeed make up the one.
SharePoint Security Groups: White Rabbit. Zoom! Did you see that white streak? Apparently the white rabbit is late for a very important date… Again. SharePoint Security groups can be a fast answer. But… Zoom! if you try and control these fast moving targets you could be coming up with empty arms.
SharePoint Permission Levels: Mad Hatter. Approximately 10/6 of the time you will be using the out of box permission sets. Yes, now you know why that card in the Mad Hatters Brim means. There will be times where you will be absolutely mad not to use a custom designed permissions set.
Zones: Caterpillar. Yes, as completely mind boggling and mysterious as the hookah smoking caterpillar is, Zones seem to have the same effect on people. Most people don’t realize the power of Zones and what can be accomplished. The question is Who… Are… U?
AD (Cheshire Cat): Most companies have well defined security groups in their Active Directory. Please note, email distribution groups are NOT security groups and cannot be used as such in SharePoint. AD groups must be security groups in order to be used as security within the SharePoint environment. Did I reiterate? Yes. Did I need to? From experience? Yes. The reason using AD security groups are such a good tool in helping to lock down security is because of the familiarity with them. Many users know which groups they belong to. They see them when they use the infamous file servers. They know they can only see the finance department folder on the file server because they are part of the “finance team” (read Finance AD Security group). They also know about security groups when it comes to applications. Sally from HR can edit information in Our Persons HR application. The reason why she has read/write access is because she is part of the HR Our Persons security group with only one other from the HR department to be sure the information is locked down.
Another bonus about AD is the fact its a controlled environment. There is probably only a handful of people that are allowed to make any kind of changes to your AD. This is very good. The control will allow you to keep a consistency that might not otherwise be as achievable if opened to the masses. Lets face it, when it comes to security, the less hands that can touch the security environment, the more secure it would indeed be. The individuals who are in control of AD are well aware of the potential pitfalls and hazards that come with the adding of users into security groups, or better yet embedded security groups. (Read: Security groups that are held in security groups.) The assurance of a safe and accurate security groups certainly is a good thing. Warms the heart like a Cheshire Cat’s smile.
Using AD security groups to grant sweeping permissions to large numbers of people is a very good point to bring up. I think of the concentric rings in an archery target when I talk about granting permissions. Lets use a company portal, its pages and sub-sites as an example. One site collection with all the company wide information. Lets say that the bull's-eye in center is the the company portal. The first ring that circles the bull’s-eye is the read only permission set. This is pretty much everyone in the corporation. The portal is a place for your employees get information to help them with their jobs and be “on the know”. This is not really a place where you want anyone and everyone to be able to add, change or delete content. Using the power of SharePoint inheritance of security, you can very easily add AD security groups to the out of box SharePoint group Portal Visitors. This will grant view permissions to all your employees with ease.
Lets take that a step further. Lets move out to the next ring. This would be your contributors. Very few are desired. The executive AD security group is selected. We could place the security group in the out of box SharePoint Group Portal Members. This will enable your CXX’s be able to post information that is targeted to the company as a whole. A way to replace the never read email blasts your company currently uses
Moving to the next circle out we are going to create a AD security group called Portal Designers. This group could be placed in the SharePoint group Portal Designers. This is to allow a limited number of individuals who have extensive web design background to be able to add, change and delete content, look and feel and style of the Portal.
Lastly, one more step out in our concentric rings we come to the circle that encompasses the entire environment. This is our administrators. For our fictitious company we will say the AD security group Internal IT is used. This group could be placed inside the out of box SharePoint group called Portal Owners.
And the coup-de-grace, using AD security groups as well as individual accounts is a Best Practice! Granted there are trade-offs. These are covered in depth in the book that inspired the whole reason to hold the SharePoint Best Practice Conference. Microsoft Office SharePoint Server 2007: Best Practices published by Microsoft Press. You will find in depth analysis of the pros and cons of using groups versus individual accounts on pages 152 – 156.
I hope this teaser whets your appetite for more. I would love to see you all at the Best Practice conference. If you want more information on the conference, just click the banner below and know the information you will receive there is worth more than … 1 MILLION DOLLARS… Ok… so I like Austin Powers Movies a little too much, but the value of this conference is unbelievable. The caliber of the speakers is top notch, not to mention includes the two gentlemen who wrote the book! See you there!
Published: June 09, 2009 17:06 PM by
|The first day of summer is coming on June 21st. People from the northern part of the United States and Canada are now able to strip off a few layers of clothing thanks to the cool spring we have had. It also beings the most exciting count down toward the arrival of the third SharePoint Best Practices Conference. This is going to prove to be even bigger, better, faster, stronger… (oh wait no, that is the 1970’s show the Bionic Man) then again, it may just be a close match! Not only SharePoint Best Practices but SQL experts are being brought in as well. If you either have never heard of the Best Practice Conference or never have attended the conference this is the place you want to be. There are a lot of books out there on how to do configuration and administrations of SharePoint and SQL, but only one book about SharePoint Best Practices. This one book has spawned the SharePoint Best Practices conference as the popularity of the book quickly climbed up the charts at the same time trigger numerous other questions, what if scenarios and requested additional information. The question that we seem to learn to ask at a very early age, WHY?! This is the reason for the conference, why do you need to do certain things in your environment. These are the Best Practices to make your SharePoint environment not be just another application in your company, but a solution that your company could not be with out. A solution that will help your company become more streamlined, more productive, and more organized. All these thing turns out to become money saved, which in these economic times is a welcome benefit. |
Whether you are looking to bring SharePoint into your environment or have been using SharePoint for the last five years this conference is a must attend. The wealth of knowledge that you will gain from the conference will more than make up for the nominal investment to attend. The caliber of speakers is unbelievable. I have attended the first two, and will be at this one as well. The two authors of the book that launched this conference, Ben Curry and Bill English will be there, but that is far from being it. So many of the leaders in the SharePoint community will be there and it is going to absolutely rock! If I had the voice I would do a sound bite like the guy who does monster truck announcements on T.V. Ok enough gushing, I think you have gotten the idea.
And now for a shameless plug. I have received an invitation to rub elbows and be a speaker at this great event. I am both humbled and honored at this invitation and look forward to meeting all of you who do attend. I will be doing two different presentations. Here is a couple of tasty morsels to help you to decide to come.
SharePoint Planning: A Labyrinth of Choices
SharePoint is easy to get up and running, BUT the choices made before the install, during the install, after the install, and after its been in use for time What if you make this choice, what ramifications will happen due to that choice? SharePoint is indeed a collaboration environment, but becomes so much more to many companies. Choices made throughout the life of your SharePoint environment will affect things down the road that may not even be thought of when the original choice was being made. I will look at multiple permutations of the various paths a company could follow.
SharePoint Security: Through the Looking Glass
Journey with myself and Alice as we go into the world of SharePoint security. What to do with the AD Queen of Hearts and the SharePoint Groups Cheshire cat. There is the good, the bad and the ugly in this world. You have to be careful with the solutions of security you use. What makes sense, how to tackle different scenarios, how to combat security schema deterioration. This could be a chance to actually win back and know what your people are allowed to see and not see. Sometimes files servers become so complex, there are possibilities of accidents happening where an end user is given permissions to documents that may not be desired. Not to mention the government is starting to get involved with legislation of what we are supposed to hold on to, what needs to be audited etc. A lot of times, security seems to be a lot of smoke and mirrors, this talk is going to help bring a solid understanding to security within a SharePoint environment.
David J. Pileggi Jr.
Published: April 03, 2009 14:04 PM by
|Another post about a governance document? Absolutely. I have worked with many clients and this has seemed to boil to the surface more often than not. Well over 90% of the companies that I consult who are planning a SharePoint environment or already have a SharePoint environment do not have a governance document. There are a lot of reasons as to why there is a lack of these documents. I will try to cover a few of these reasons during this post. One of the things as the economic times are a bit more trying then usual, IT departments are being whittled down to skeleton crews at best. Their budgets are being slashed and yet they are expected to continue to run the company infrastructure and applications as well as continue to work on projects adding to their environment. If something happens in the SharePoint environment the possibility for a knee jerk reaction from upper management is a high possibility. A reaction that could be detrimental to the environment. This calls for a bulletproof shield. This calls for a governance document. A document, when created had buy in from the higher ups as well as all the stakeholders. A document that has the steps documented on how to handle situations in a logical manner, leaving the knee jerk reactions to the way side. A governance document is more than a bulletproof shield (protect) it is also to server. It is to serve as a map, a blueprint, a guideline for your SharePoint environment. A document to help mold and guide this unbelievable application into a well oiled, viable tool that solves specific business problems brought to the IT Department from multiple areas in the company. The governance document is also there to server your user community to facilitate in direction and focus. |
- One of the biggest, if not THE biggest reasons companies do not create governance documents is because of the price tag attached to SharePoint. It’s cheap! It is very cheap compared to other collaboration and document management systems. Your Documentum’s and your P8 (Filenet’s) out there have massive price tags. (Please understand, I am not bashing these systems. They are very good at what they do. They have also seen the value of SharePoint as they both have created web parts to tie into SharePoint) A good example of price tag is WSS 3.0. Its free, yet it has a lot of functionality and versatility. Having a tool that has little or no cost usually flies under the radar as something that would have a large business impact, or for that matter, become a mission critical application.
- The second reason that comes to mind, is the ease of deployment. SharePoint easy one button install makes it very appealing to install as well. Chose the stand alone radio button and let the installer do everything for you. Even get SQL Lite thrown in. Most companies use this deployment because it is easy and works quite well.
- Another reason is SharePoint is tenacious. Pieces of SharePoint can be miss configured or even out right non functional, yet the end users don’t even realize it as they are still able to use the environment to upload documents etc.
- The fly under the radar has been something I have encountered quite a bit as of recent. This is where a employee, usually a new employee has used SharePoint in their past place of employment and know the benefits and features of SharePoint. They usually ask for SharePoint from their IT, who more often than not, don’t really understand what SharePoint is. They throw SharePoint out of box install onto a server and let the user at it due to the #1 reason in this list. Well he tells his friends who tell their friends, and so on and so on. The next thing IT knows is when it goes down this application turns out to be mission critical.
Very likely, one or more of the reasons I listed may have affected you one way or another. If you are of the 10% who do have a governance document well done. There are numerous symptoms that come with an environment that does not have a governance document or any formal planning what-so-ever. These symptoms may include:
| || |
- No clear owners of the application as a whole
- No site structure or hierarchy
- No information architecture
- Only one content database
- No (or) 1 service account running the entire application
- Security is completely ad hoc
- No Disaster Recovery Plan (DR)
- No Business Continuity Plan (BCP)
- Search “doesn’t work”
- Navigation is atrocious
There is a lot more that can fall into the list, but for the sake of you not getting carpal tunnel syndrome from all the scrolling you would have to do, I will behave and keep the list to 10. The problems that come with lack of planning point to the fact that SharePoint is a “legitimate” application. Not some free piece of shareware, that is nice to have. SharePoint is indeed a contender in the content management arena. SharePoint also has a very strong end user adoption rate due to its ease of use. This is why I chuckle when I hear a company tell me, we have this SharePoint proof of concept up for the last 2 months, I have to laugh. I tell them, you mean its been in production for the last seven weeks then. SharePoint is viral…. highly infectious and will spread through out a company like a fire in a gasoline and match factory.
It never is too late to put a governance document together. If you don’t have a governance document, you want to start planning on creating one. If your SharePoint environment is in planning or it has been deployed since 2003 you want to build one. You may very well find that you will need to remediate your current environment or even build a second farm under the guidance of our governance document then migrate (Carefully!) the content and data from the first SharePoint environment to the new one. There are many companies out there that can help facilitate you in the building of the governance document as well as the remediation of your current environments if you find your IT staff spread thin already. I go through the paces with each client I work with to help facilitate them in this regard. When I first started in the consulting end of SharePoint, I tired to tell them of all the pitfalls and things to avoid, but never actually defined a document. I go back to the client a few months later and heard things like I know you said “not to Blah” but I did, or I don’t remember you telling me that. SharePoint has been a growing process for everyone it has touched. It will touch millions of other lives in time as well as it continues to grow more popular.
One thing you must be sure of is that all the stakeholders have a say, even at a token level as to what is in the governance document that pertains to them and their role. This will ensure a solid document that is backed up by the company as a whole. This will also give the IT team or whomever is designated as the owners of the SharePoint application/environment a bulletproof shield during those high energy knee jerk reactions. The bullets may fly, but the protection will be there. The ability to say, “We understand your pain point, we have a document that will help us get through this without causing other problems. Please remain calm.” – PRICELESS
I could go into what needs to be in a governance document but that is another blog post all together. There is a lot of good information out there of what needs to be in it. I wanted to give you the reasons behind why you need it. I love to talk as you probably well figured, and tend to be long winded at that so I best quit here before this turns into something that rivals War and Peace.
David J Pileggi Jr.
Published: March 26, 2009 15:03 PM by
I was working on a proof of concept with a client. They used SharePoint 2003 and were looking at a new farm for 2007. There was one catch however. They had a complex change control workflow they wanted to implement. Out of box functionality was out of the question, and as you know from my post on developing in SharePoint and if it is necessary, I like to try to use out of box functionality, or at most SharePoint designer to design solutions. This keeps a SharePoint environment as close as one can to an out of box install which in the future will save the company both time and money when a new version of SharePoint is released and the desire and time to upgrade is present.
I have heard a lot… ok, a LOT! of bashing SharePoint Designer workflows. Some of the arguments are indeed valid, however, it should not devalue the ability of workflow creation for SharePoint lists and libraries. There are also simple workarounds for some of the complaints. Yes, workarounds are not always fun or start to make one feel sketchy, as if we just ran through the exit door of a movie theater to crash a movie. (No I am not condoning this behavior) When you see the true power of it all, that feeling will go away pretty quickly. I am digressing… as usual. You will find I love bunny trails. I will try and stay focused on my blog topics. Or I may actually put it in a side bars.
I will change names to protect the innocent. The client, Recksalot Cars has a change request workflow. After talking with the Lead I was working with, we were able to understand the workflow. Being a large car company with lots of computers, they had a large IT staff. They were split into many teams, networking and DBA’s are an example. To create a change on one of the server would require several people to sign off and accept the change, or accept being put onto duty the day that the change was to take place. The size of the IT department was roughly 150 users. What made this workflow extremely complex was the fact that there was clear cut path between the people. One time could have four people part of the workflow, the next two and the following seven. Pile on to that fact, different people could be called on through each workflow, trying to map out every permutation would be painful at best. Mapping a beginning to end workflow was not feasible. Trying different ways with SharePoint designer it seemed that I would have to go against my out of box soapbox and break out Visual Studio’s .NET. When I was sitting in my other office (don’t ask) I had an epiphany. Less is more. Think of the workflow in sections like a caterpillar. Instead of a complex workflow with multiple steps, break it down into one step workflows. Tie that along with the ability to cascade workflows you have the power of a full solution. To define cascade workflows, one workflow can trigger a second workflow which must be completed, before the first workflow can complete.
First you have the head. You need a place to begin. In this case Recksalot Cars started the workflow in a customized Calendar out of box template on the creation OR modification of a list item. The workflow creates a task in the task list. This triggers the second workflow that is a part the task list. So now our little caterpillar looks like:
The task not only asks for approval, but information about who is next in line for the particular process the change order is trying to accomplish. The email is sent out to the task owner and the second workflow waits for resolution. Once the end user enters in the necessary information it finishes the Task Workflow and goes back to the Custom List Workflow. The Custom List Workflow process the information makes the necessary changes to the item that initially began the workflow then completes. The change of course triggers the Custom List Workflow to fire again. It sees, the item is still on route, so it creates another task. Our little caterpillar friend grows yet again.
The creation of the task fires off the Workflow Task requesting information from the next in line indicated by the previous ‘approver’. The workflow then waits for the information from that person. This brings our growing buddy to look like this.
When the Task Workflow completes, the Custom List Workflow picks back up and process the information. This cycle will continue until one of the directors specified in the workflow give their approval. When this happens the next time the Custom List Workflow triggers, it knows to stop immediately, stopping the cascading effect. And our happy little caterpillar has created a very complex, multiple permutation possible workflow, into a manageable workflow.
When working with workflows, understanding your workflows is a big part of it. Many times, companies don’t realize that their processes and workflows can be inefficient (causes wasted company resources), riddled with exceptions (degrades the integrity of the process), or incomplete (a layoff took out a middle man in the workflow causing the process to be broken, not allowing thing that enter to finish the process at all). SharePoint is a very powerful tool, as is SharePoint Designer, but if the proper planning is not a part of deploying the solution it will just become part of the problem you are trying to solve.
David J. Pileggi Jr.
Published: December 16, 2008 16:12 PM by
This blog entry may raise some blood pressures if I do not give some of my history. I have been around computers since the early 80's. I self taught how to program on a C64. (Love that computer) I dabbled in programming for quite some time until I figured out it was actually a career. In the late 90's I finished college with a degree from the University of Central Florida. (Bachelors of Computer Science) During my classes, they talked about this code reusability concept at this time; libraries of code that would make programming easier. Java was to be the amazing step in that direction. It certainly pushed the programming community in the right direction. I, however, was a developer after all. Any time a problem came up, the solution was charge into development. I want to program! Must code, will code for food, and every other cliché you can think of here. I ended up getting laid off twice due to that mentality. Maybe the professors were right, maybe I shouldn’t blow five days to create a program that adds 2+2 when calculator programs out there were available. After my last programming job with Kaegan Corporation in Orlando, I was pretty much ready to torch the "develop it!" standard I carried so proudly after graduation. There indeed was something that was said for code reusability. Enter SharePoint.
I have said and will continue to say that about 90% of the development that is being done for "SharePoint" is unnecessary. (Now you understand why I had to start with a history lesson to show where I have come from) I have been using SharePoint for over four years now, and it continues to amaze me. The power of out of box functionality is absolutely amazing and grossly underestimated. Microsoft doesn't even know what it has its hands on, and that is proven when you go to the SharePoint pages on their web site. SharePoint is so much more than just a collaboration tool now. Even so with SharePoint Portal server 2003 with the right amount of understanding and Office 2003 Pivot Table web parts. As a former developer (I still code in an online game just because I do enjoy to code) I am constantly amazed at the ability and flexibility of SharePoint's out of box functionality. The ability to create some solid solutions to business problems I have come across at clients in different verticals. This out of box ability if pursues is more robust then many give SharePoint credit for. I have come across several scenarios, where I have seen custom development work that almost mirrored the out of box functionality. It reminds me of myself when I came out of college. The depth of SharePoint is much deeper than one would think at first glance. The thing is you need to spend time working with SharePoint, playing around with it, and sometimes twisting it until it breaks. Before you gasp, breaking it is very rare when you are just using out of box functionality and twisting it to what you need.
As versitile as the out of box functionality is, there are situations where it does not have the ability to do what is needed. Time to develop... right? NO! It’s time to do some research. There are some excellent Microsoft Partners who create web parts, templates, web solutions and SharePoint plug in's that may do what you’re looking for. Some of these companies that I have used or suggested are AvePoint, Syntergy, Bamboo Solutions and Quest. No I am not getting paid for plugging them, nor would I want to be. This blog is for the sole purpose of helping SharePoint users and potential users to become more equipped with knowledge. The fact I am trying to point out in this post is, Development in a SharePoint environment is happening much too often considering the tools and resources out there.
I also left our SharePoint Designer. I am impressed with this new generation revamp of the old and not too loved FrontPage. Not only can you build workflows with a sharp though not always intuitive GUI, but there are other goodies that come with it as well. One of which is the very powerful data grid and other webparts that can allow someone with development abilities create some unique out of box solutions. Going with office applications, InfoPath is another area where solutions could really become possible with out of box functionality. May still need to make a custom SQL database now and then for back end repositories for your information, but that is database administration, not developing in the SharePoint environment.
Is there room for development in the world of SharePoint? Absolutely. However, go through the paces and know SharePoint before you jump onto the development bandwagon. There are a lot of nasty side effects that can stem from development. Functionality of SharePoint may not work as it should, the inability to upgrade easily to newer versions of SharePoint to be released later, introduction of memory leaks into a stable environement are just some of the possible side effects that comes with development. Again, I love programming, but it's amazing: I think I have all possible scenarios covered and one flies under the radar and I write over the kernal. I am going to use this platform of communication to give examples of how to use out of box functionality in SharePoint to solve business problems. If you have an idea, please feel free to sent me an email and ask, or just post a note on one of my blog entries.