SharePoint Saturday Columbus–this Saturday!

 

Time flies when you are having fun, or working too much. Our next regional SharePoint Saturday is this weekend, 8/23/14, in Columbus. I will be speaking on SharePoint / Office 365 Governance.

See here for schedules and registration: http://www.spsevents.org/city/columbus/columbus2014

And don't forget the Cincinnati and the Louisville SharePoint Saturdays in October!

 

SharePoint Office 365 Governance... Should you do it? Can you do it?

Track: IT Pro, End-User, Business

SharePoint’s greatest strengths – flexibility and ease of use – can also become its greatest weaknesses if you don’t adequately plan for tremendous growth and proliferation of SharePoint sites/usage. Office 365 greatly expands the governance challenges as it is so easy for anyone to create a new 365 subscription.

Topics will include:
• SharePoint Governance – the core issues are the same
• You must have a policy for the cloud, even if it’s just “don’t go there!”
• The unique issues of cloud based SharePoint
• The backup, auditing and security management challenges
• Dealing with external users

My Goals:
• To get you thinking
• To get you concerned
• To convince you to get started on a plan

The takeaways:
• More questions than answers! (homework!)
• A list of things to be concerned about.
• A motivation to have a plan.
• Most of your existing governance still applies.
• Office 365 is a moving target!
• The need to communicate the plan to the users of SharePoint.
• That a plan will never be complete, it will evolve as you integrate SharePoint into your enterprise, and as SharePoint Online evolves.

See you there!

 

.

SharePoint 2010 Limited Access Information Leaks

 

In a recent PowerShell SharePoint Auditing class we got side tracked on a discussion about security and the Limited Access Permission Level. I mentioned that even the names of lists and libraries can leak confidential information and that users with Limited Access permissions can often see these names. That led to a mandatory demo of the issue and a promise of a blog article with complete demo steps…

 

The Summer Co-Op said what?

You granted permissions to an innocent library like Sales Training Materials to a summer co-op. Later they ask you about plans to acquire a competitor. In a panic you check every document in that library for anything about the other company or about acquiring anything. You find nothing. You finally ask the co-op how they heard about that and they just answer "I saw it in SharePoint while looking for the training materials".

More fun security stuff!

How did they discover it? In the Quick Launch on the page for the training materials library there's a link named "Confidential: XYZ Acquisition Documents". How did they even get to see that? Limited Access.

Even worse… when they clicked the link they went to the library's page and there could the verbose description that was added by the person who created the list!

What about SharePoint 2013? 2013 has similar issues, but does hide the Quick Launch. I'll follow up with a 2013 specific article.

 

Demonstration:

Test setup:

• Create a new site collection. (just so everything is "clean")
• Go to Site Actions, Site Permissions, click Check Permissions and confirm that your test user currently has no access to the site.
• Create a new library or two so you have at least two for testing. Give them fun names like "Training Documents", "Top Secret", "Department Layoff Documents", and "Confidential Mergers and Acquisitions".

• Break inheritance on one of the more confidential libraries (Stop Inheriting Permissions button).
  • Remove all access except for the Owners group.

You now have a site with all content visible to your Owners, Members and Visitors groups… except for your test library, which only the Owners can see.

 

Test 1 – Grant a user access to the site

• Go to Site Actions, Site Permissions and click Grant Access
• Add your test user to the members group
• Open a browser and login as your test user.
  • Best ways to test (in order or preference):
    • Logon from a different computer as your test user.
    • Open a different brand of browser (Firefox, Chrome, etc.) using "Run as different user".
    • Open a different brand of browser. (Firefox, Chrome, etc.)
    • In Internet Explorer use File, New Session.
• Visit the site as the test user
  • In Quick Launch and All Site Content you should see all site content, except for the library where you broke inheritance. This user will not know that the secured library even exists. (This is probably what you expected with security trimming.)
  • If you copy and paste a URL that goes directly to the confidential library, or a file in the library, then you should get an Access Denied message.

Results:

• User can't discover the secured content.
  • Actually a good hacker can discover that the library exists. If they type or copy and paste the URL to a real library then they will get "Access Denied". They at least now know that the library exists. If they type a URL to a library that does not exist they will get a 404 Not Found error.
• Users using the REST web services (see later in this article) won't discover the secured lists.

 

Test 2 – Grant a user only access to a library with broken inheritance

• Remove any permissions granted in Test 1. Use Check Permissions to confirm that they do not have access to the site.
• Grant access to your test user to just the library  (don't add to one of the site groups!) Grant permissions to your test user and grant "Contribute".
  • Visit the library, click the Library ribbon, click Library Settings and click Permissions for this document library
  • Break Inheritance
  • Grant the Contribute Permission Level to your test user.
• Open a browser for your test user (see the info in Test 1) and paste in the the URL to the secured library. The user should be able to see the library and the library contents.
• Note the Quick Launch menu… All of the lists and libraries are visible!
• Click on any of the libraries listed in Quick Launch. The user will see the library's page, but no content. While the content is secure, the user now knows that the library exists. They can see both the list title and description.

Results:

• User can't discover the secured content., but the user can discover the names all of the lists and libraries in Quick Launch.
• The user will get Access Denied when accessing the home page.
• The user will see all custom links and content added directly to the master page.

 

Why?

Limited Access.

If you return to the browser where you are logged on as a Site Owner and visit the libraries you will see that the user with only access to a single library actually has the Limited Access permission level to all lists and libraries.

Why does Sam have Limited Access to this library? Sam was given "Limited Access" to the site when he was given Contribute to the library so he could see the master page and other resources needed to display the pages for the one library he was granted access to. All of the lists and libraries currently inherit their permissions from the site, therefore they inherit Sam's Limited Access permissions.

Side effects of granting permissions to a List, Library, Folder or Item, but not to the Site:

• User gets access to the List, Library, Folder or Item where they were directly granted permissions.
• User can see links to all lists and libraries in Quick Launch and other links. (I.e. no security trimming in Quick Launch.)
• User cannot see the content of the List, Library, Folder.
• User can hand enter a URL to any list or library and confirm that the item exists. (I.e. Gets to the list or library pages, but not to the items in the list or library.)
• User cannot visit the Site Content page. But that link is listed in their Quick Launch area and in their Site Actions. Clicking the link will display Access Denied.
• User cannot visit any page stored in the Site Pages library. Your home page is Site Pages.
• Your site icon may not display properly as they are often stored in Site Assets or other library. The same is true for any image, CSS or JavaScript stored in libraries.

 

 

What about all of the other lists not in Quick Launch?

Are they discoverable by the Limited Access user? Yes, if they can Google or Bing! SharePoint 2010 has a RESTful web service that exposes lists. While this is security trimmed, the user in the above scenarios has access to the list's name through the inherited Limited Access permissions. I.e. this is not a bug with Quick Launch, it's a "feature" of Limited Access! Here's what the user will discover from a web search:

         http://yourserver/sites/yoursite/_vti_bin/ListData.svc

That link will display via XML the list of lists and libraries!

SharePoint 2013 includes the above REST service plus a more generalized version.

         https://yourserver/sites/yoursite/_api/web/lists

 

The Fix?

To prevent the accidental discovery of other lists and libraries when using unique permissions on a single list or library you will need to break inheritance on every list and library and grant the appropriate access.

You will need to:

• Break inheritance on all content lists and libraries and grant access to the appropriate groups and users. If you do this after you have granted unique permissions to a user, you will need to remove the Limited Access users from each list and library.
• Grant View access to everyone to the Site Access library (or where ever you store site logos, CSS and other support files) so your icons and custom branding will display correctly. "Everyone" could be a group unique to your site or department or "NT AUTHORITY\Authenticated Users" for everyone who can logon to your networks. Granting access in anyway to "NT AUTHORITY\Authenticated Users" is not generally a good practice!

 

There's no end to learning SharePoint!

 

.

SharePoint PowerShell–Find all Broken Inheritance

The following applies to both SharePoint 2010 and SharePoint 2013 on premises, but not to Office 365.

One of the common SharePoint tasks when you need to do a security audit, document security or cleanup a farm before an upgrade, is to try to figure out where the Site Owners have broken inheritance and created unique permissions. You could visit every site, list, library, folder, list item and document, or you could let PowerShell do the work for you.

The following is one of the many scripts found in SharePoint® 2010 Security for the Site Owner and my PowerShell class "MS-55095 SharePoint 2010 and 2013 Auditing and Site Content Administration using PowerShell". (Sign up for the July class and get a free copy of the book!)

 

First find all of the Webs with broken inheritance:

Get-SPSite http://yourSiteUrl  | 
Get-SPWeb -Limit All | 
Where { $_.HasUniquePerm -AND $_.ParentWeb -NE $Null } | 
Select ServerRelativeUrl, {$_.ParentWeb.ServerRelativeUrl}

 

Then find all of the Lists and Libraries with broken inheritance:

Get-SPSite http://yourSiteUrl  | 
Get-SPWeb -Limit All | 
Select -ExpandProperty Lists |
Where { $_.HasUniqueRoleAssignments -AND -NOT $_.Hidden } | 
Select Title, ParentWebUrl

 

Then find all of the folders with broken inheritance:

Get-SPSite http://yourSiteUrl  | 
Get-SPWeb -Limit All | 
Select -ExpandProperty Lists | 
Select -ExpandProperty Folders | 
Where { $_.HasUniqueRoleAssignments } | 
Select Title, {$_.ParentList.ParentWebUrl + "/" +$_.ParentList.Title}

 

Then find all of the items with broken inheritance:

Get-SPSite http://yourSiteUrl  | 
Get-SPWeb -Limit All | 
Select -ExpandProperty Lists | 
Select -ExpandProperty Items | 
Where { $_.HasUniqueRoleAssignments } | 
Select Name, {$_.ParentList.ParentWebUrl + "/" +$_.ParentList.Title}

 

What if we wanted a nice single list as the output?

Each of the scripts above return different kinds of columns. As PowerShell is a bit picky about what it will merge into a single column we will have a little more work to merge everything into a single list. One solution is to build an array or collection in memory, but this could get quite large. Another solution is to dump everything in to a CSV file and then open the result in Excel.

Note: The following script uses Export-CSV with the –Append parameter, which is not available in PowerShell 2.0.

Changes to the script:

• Add something to the Selects to identify the source.
    Select "List Item", Url, {$_.Web.Url}
• Create custom columns so all of the results have the same column names.
• Output the results to a CSV file.
    | Export-CSV "c:\test\BrokenInheritanceReport.csv" –Append
• Read them back and apply any needed sorting.

The following is all one script!

---

$siteUrl = "http://urlToYourSite"
$savePath = "c:\test\BrokenInheritanceReport.csv"

Get-SPSite $siteUrl  | 
  Get-SPWeb -Limit All | 
  Where { $_.HasUniquePerm -AND $_.ParentWeb -NE $Null } | 
  Select @{Label="Securable"; Expression={"Web"}}, 
         @{Label="Item"; Expression={$_.ServerRelativeUrl}}, 
         @{Label="Parent"; Expression={$_.ParentWeb.ServerRelativeUrl}} |
  Export-CSV $savePath

Get-SPSite $siteUrl  | 
  Get-SPWeb -Limit All | 
  Select -ExpandProperty Lists | 
  Where { $_.HasUniqueRoleAssignments -AND -NOT $_.Hidden } | 
  Select @{Label="Securable"; Expression={"List"}}, 
         @{Label="Item"; Expression={$_.Title}}, 
         @{Label="Parent"; Expression={$_.ParentWebUrl}} |
  Export-CSV $savePath -Append

Get-SPSite $siteUrl  | 
  Get-SPWeb -Limit All | 
  Select -ExpandProperty Lists | 
  Where { -NOT $_.Hidden -AND $_.EntityTypeName -NE "PublishedFeedList" } | 
  Select -ExpandProperty Folders | 
  Where { $_.HasUniqueRoleAssignments } | 
  Select @{Label="Securable"; Expression={"Folder"}}, 
         @{Label="Item"; Expression={$_.Title}}, 
         @{Label="Parent"; Expression={$_.ParentList.ParentWebUrl + "/" +$_.ParentList.Title}} | 
  Export-CSV $savePath -Append

Get-SPSite $siteUrl  | 
  Get-SPWeb -Limit All | 
  Select -ExpandProperty Lists | 
  Where { -NOT $_.Hidden -AND $_.EntityTypeName -NE "PublishedFeedList" } | 
  Select -ExpandProperty Items | 
  Where { $_.HasUniqueRoleAssignments } | 
  Select @{Label="Securable"; Expression={"Item"}}, 
         @{Label="Item"; Expression={$_.Name}}, 
         @{Label="Parent"; Expression={$_.ParentList.ParentWebUrl + "/" +$_.ParentList.Title}} | 
  Export-CSV $savePath -Append


Import-CSV  $savePath | Sort Parent | Select *

# or open the CSV file in Excel and sort there.

---

SharePoint Cincy 2013 is this week!

 

Don't forget… SharePoint Cincy 2013 is coming soon! April 19th (That's this Friday!)

Third Annual SharePoint Cincy Event!

Register NOW!  http://www.sharepointcincy.com/

 

I've been asked to bring back my SharePoint Governance presentation, "SharePoint Governance… It May Not Be What You Think It Is…". I've updated it to include SharePoint 2013 and Office 365. Governance was a big topic, its gotten bigger! (and still only an hour allotted!)

 

Choose From Multiple Tracks:

This conference promises to have something for every level of your organization and every IT professional who has an interest in SharePoint. Here's this years tracks:

• Driving Business Value with SharePoint
• Application Development in SharePoint
• SharePoint Implementation and Administration
• Business Intelligence and Data Management
• Site Owners, Content Managers & Power Users
• Bonus Track: Exploring What's New With SharePoint 2013

 

The tracks:

Track 1: Driving Business Value With SharePoint

Subject: Converting an Email Culture into a SharePoint Culture
Presenter: Robert Bogue – President, Thor Projects, LLC and SharePoint MVP
 
Subject: SharePoint: Driving Business Value Through Data Centralization
Presenter: Adam Solzmon – PCMS Datafit, SharePoint Practice Leader

Subject: How to Manage Business 'Transformation' Using SharePoint as the Engine
Presenter: Rich Kurz – Ascendum, General Manager, Solutions

Track 2: Application Development in SharePoint

Subject:  Updating Your Developer’s Skill Set for the New App Model
Presenter: Sean McDonough – Bitstream Foundry - Owner
 
Subject: F5 Tornado – A Whirlwind Introduction to SharePoint 2010 Development
Presenter: Patrick Tucker – Strategic Data Solutions, Principal Consultant SharePoint

Subject: Unleashing the Power of the Content Query Web Part
Presenter: Peter Serzo – High Monkey Consulting, SharePoint Practice Architect

Subject: Claims Based Authentication and SharePoint
Presenter: Justin Kobel – KiZAN Technologies, Principal SharePoint Consultant
 

Track 3: SharePoint Implementation and Administration

Subject: SharePoint 2013 Administration
Presenter: Tom Resing - SharePoint911/Rackspace, Consultant SharePoint MVP

Subject: Managed Metadata A to Z – Plan, Implement, Make it a Success!
Presenters: Stacy Deere-Strole – Focal Point Solutions, CEO, Stephanie Donohue – Focal Point Solutions, SharePoint Solutions Architect
 
Subject:Advanced SharePoint Troubleshooting
Presenter: Clint Richardson – Applied Information Sciences, Infrastructure Consultant

Subject: Integrating SharePoint with Office Web Apps (WAC) Server
Presenter: Brian Jackett – Microsoft, Premier Field Engineer - SharePoint

Track 4: Business Intelligence and Data Management

Subject: SharePoint BI – A Parable of Choices and Choosing Wisely
Presenter: Peter Serzo – High Monkey Consulting, SharePoint Practice Architect
 
Subject: Managing Your Business With Dashboards and Disparate Sources
Presenter: Chris Murphy – Ascendum, SharePoint/BI Solutions Delivery Manager

Subject: Integrate External Data with Business Connectivity Services
Presenter: Tom Resing - Rackspace, SharePoint MCM and MVP

Subject: Now I Have SharePoint. Where's the BI?
Presenters: Jim Klosterman – PCMS Datafit, Senior Consultant, Harold Loyd – PCMS Datafit, Senior Consultant

Track 5: Site Owners, Content Managers, & Power Users

Subject: The Secret Sauce for Building Sophisticated Applications as an End-User with SharePoint
Presenter: Bill Crider – Sogeti, Senior Manager

Subject: Lists: Used, Abused and Underappreciated
Presenter: Wes Preston–TrecStone, LLC, Owner/Principal Consultant and SharePoint MVP
 
Subject: Branding In SharePoint 2013
Presenters: Matthew Tallman – Cardinal Solutions, Principal Consultant David M. Ginn – Cardinal Solutions, Principal Consultant

Subject: ECM on SharePoint - 13 Ways to Make it Rock!
Presenter: Jeremy Minich – KnowledgeLake, Systems Engineer
 

Bonus Track: Exploring What's New With SharePoint 2013

Subject: Where is SharePoint Headed and Why Should You Care? (a panel discussion)
Potential Panelists: Sean McDonough, Wes Preston, Shane Young...
 
Subject: Build Your SharePoint 2013 Lab in the Cloud with Azure… for FREE!
Presenter: Keith Mayer – Microsoft, Senior Technical Evangelist

Subject: Re-Introduction to Workflow
Presenter: Robert Bogue – President, Thor Projects, LLC and SharePoint MVP
 
Subject: Combining your BI collateral with PerformancePoint Services - A Working Session
Presenter: Tavis Lovell – SharePoint 911/Rackspace, Senior SharePoint Consultant

 

Who should attend?

• Application/Software Developers
• Information Architects
• SharePoint Administrators
• IT Business Leaders
• Knowledge Workers
• IT Professionals

SharePoint 2013 Site Members Can Create and Delete Lists!

 

Have you noticed that when you create a new site collection or subsite with unique permissions that your team members can:

• Create new lists and libraries (now called Apps)
• Customize lists and libraries
• DELETE LISTS AND LIBRARIES!
• The Help button on a site also says "With the proper permissions – Full Control, Design, or Edit – you can activate or deactivate specific features for your site", but my testing shows that users with Edit cannot enable/disable features. (Now that would be scary!)

In SharePoint 2007 and 2010 the default members group was assigned the Contribute permission level. Contribute permitted them to add, edit and delete content, but not lists and libraries. In SharePoint 2013 the members group is now assigned the new Edit permission level, which adds the "Manage Lists" permission.

What can you, or should you, do?

If you don't like team members deleting lists then consider one or more of the following:

• Ask your team members to please not add, edit or delete "Apps" (Lists and Libraries)   :-)
• In each Site Collection edit the Edit permission level an remove the "Manage Lists" permission
• Update your governance plan to deal with this interesting little issue
• Enable Auditing at the site collection level so you at least know who did the damage

 

.

SharePoint 2007 PowerShell cmdlets

 

This article includes the 2007 functions to emulate the SharePoint 2010 cmdlets used in my series of articles in SharePoint Pro Magazine. The first article, Exploring and Inventorying SharePoint Using PowerShell, is here: http://www.sharepointpromag.com/article/sharepoint-server-2010/exploring-inventorying-sharepoint-using-powershell-144834 . Part 2 is here: http://sharepointpromag.com/sharepoint/windows-powershell-scripts-sharepoint-info-files-pagesweb-parts with part 3 to follow.

Check back over the next week or two as I expand this content and add links to download the PowerShell module…

While this little project will in no way include all of the 500 SharePoint 2010 cmdlets, it will provide a core set of cmdlets needed to run my auditing and inventorying SharePoint 2010 PowerShell scripts. These cmdlets are implemented as PowerShell functions so you can study them and enhance them or even use them as models to create additional cmdlets. There will also be links to a download you can simply load them as a PowerShell module.

 

As a teaser… here's a starter set…   (check back in a few days for the full article)

Save the following as SP2007cmdlets.psm1:

#Notes:
# The scripts below are from http://TechTrainingNotes.blogspot.com 
# These scripts may be used in your projects but may not be republised in any form
# Formatting data found in SP2007cmdlets.format.ps1xml  (optional)

function Get-SP2007help
{
"Currently implemented cmdlets:"
"  Get-SPFarm"
"  Get-SPWebApplication"
"  Get-SPSite"
"  Get-SPWeb"
"  Get-SP"
}

[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")


function Get-SPFarm()
{
  [Microsoft.SharePoint.Administration.SPFarm]::Local
}


function Get-SPWebApplication ($url)
{
  begin
  {  $foundit=$false
     if ($url -ne $null) { 
       $foundit=$true; 
       [Microsoft.SharePoint.Administration.SPWebApplication]::Lookup("$url") }
  }
  process
  {
  }
  end
  {
    if ($foundit -eq $false)
    {
       [Microsoft.SharePoint.Administration.SPWebService]::ContentService.WebApplications
    }
  }
}



function Get-SPSite ([string]$Identity, [string]$ContentDatabase)
{
<#
.SYNOPSIS
 Returns all site collections that match the given criteria.
.PARAMETER computername
  The computer name to query. Just one.
.DESCRIPTION
 The Get-SPSite cmdlet returns either a single site that matches the Identity parameter, or all the sites that match the Filter parameter for the specified scope. The scopes are the WebApplication, ContentDatabase , and SiteSubscription parameters. If none of these scopes is provided, the scope is the farm. If the scope is specified with parameter, all sites in that scope are returned.
.PARAMETER Identity 
 Specifies the URL or GUID of the site collection to get. The type must be a valid URL, in the form http://server_name or http://server_name/sites/sitename, or a valid GUID (for example, 12345678-90ab-cdef-1234-567890bcdefgh).
.PARAMETER ContentDatabase
Specifies the GUID of the content database from which to list site collections.

The type must be a valid database name, in the form  SPContentDB01, or a valid GUID (for example, 12345678-90ab-cdef-1234-567890bcdefgh).
#>

  begin
  {  $foundit=$false
     if ($Identity -ne "" -or $ContentDatabase -ne "") { 
       $foundit=$true;
       if ($ContentDatabase -ne "")
       {
         if(Test-TTNIsGuid($ContentDatabase))
         {
          Get-SPWebApplication | select -ExpandProperty ContentDatabases | where { $_.id -eq "$ContentDatabase"} | get-spsite
         }
         else 
         { 
          Get-SPWebApplication | select -ExpandProperty ContentDatabases | where { $_.name -eq "$ContentDatabase"} | get-spsite
         }
       }
       else
       {
         if ($Identity.toLower().StartsWith("http"))
           { New-Object Microsoft.SharePoint.SPSite("$Identity") }
         else 
           { New-Object Microsoft.SharePoint.SPSite([guid]"$Identity") }
       }
     }
  }
  process
  {
    if ($_ -ne $null)
    {
      $foundit=$true;  $_.Sites
    }
  }
  end
  {
    if ($foundit -eq $false)
    {
       Get-SPWebApplication | Get-SPSite
    }
  }
}


function Get-SPWeb ($url)
{
  begin
  {
     if ($url -ne $null) { (New-Object Microsoft.SharePoint.SPSite("$url")).OpenWeb() }
  }
  process
  {
     $_.AllWebs
  }
}


function Test-TTNIsGuid ($guid)
{
  # TechTrainingNotes helper function
  ($guid -match "^[A-Fa-f0-9]{32}$|({|\()?[A-Fa-f0-9]{8}-([A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}(}|\))?$|^({)?[0xA-Fa-f0-9]{3,10}(, {0,1}[0xA-Fa-f0-9]{3,6}){2}, {0,1}({)([0xA-Fa-f0-9]{3,4}, {0,1}){7}[0xA-Fa-f0-9]{3,4}(}})$")
}

Save the following as SP2007cmdlets.format.ps1xml: 

( file to be posted with the complete article )

. 

SharePoint: Force the New button to show Content Type choices

 

Note: The following only applies to SharePoint 2007, but I'm looking into a similar fix for 2010.

 

Content Types add a lot of value to SharePoint, if you can get your users to use them. When you upload a document to a library where you have Content Types enabled the user is always asked to pick a content type.

   

But when a user is working with a list, such as Tasks, and clicks the New button they always get the default Content Type. If they knew about the option, and they remembered the option, they could click the little dropdown arrow next to new and pick a Content Type.

   

 

But what if they don’t know about the dropdown options? When they mouse over the “New” button they see a tip that implies clicking New will open a menu. But, it does not. It just creates the default Content Type.

   

Want to fix the new button?

To fix the New button you will need to edit every page that has a New button (that you want changed) or edit the site’s master page. (To see how to add this JavaScript to a single page or to the master page see http://techtrainingnotes.blogspot.com/2012/05/adding-javascript-and-css-to-sharepoint.html)

 

Here’s the script:

<script type="text/javascript">
var ttnNewMenu;

//get all tables
var ttnNewMenuTables = document.getElementsByTagName("TABLE");
//find the NewMenu table
for (var i=0;i<ttnNewMenuTables.length;i++)
{
  if (ttnNewMenuTables[i].id.indexOf("_NewMenu_t")>0)
  {
    ttnNewMenu = ttnNewMenuTables[i];
    break;
  }
}

//if we found it, copy the dropdown JS into the New onclick attribute
if (ttnNewMenu != null)
{
  var ttnDropDownJS=ttnNewMenu.childNodes[0].childNodes[0].childNodes[1].onclick;
  ttnNewMenu.childNodes[0].childNodes[0].childNodes[0].onclick = ttnDropDownJS;
}
</script>

 

.

SharePoint Governance Training

 

Creating a SharePoint governance plan, correctly, can be a real challenge as SharePoint governance is only partially about SharePoint. Because SharePoint is (too) easy to use it attracts content, user, compliance and best practices problems. Without a plan… well you know what you’ve got.

There are several approaches to creating your governance plan. One is to download one of the sample plans and do a little quick editing, and call it done! The second is to pay a consultant to write one for you, copied from their generic templates, which you can then file away and call it done. The third is to attend training to learn how you can create a proper plan unique to your company. The training I offer through MAX Technical Training is available in two formats, private training for your team, and public training. Which is best? I would recommend both. Ideally your future governance team leader(s) would first attend a public class. There they would discover the full scope of governance and learn about the issues and concerns from the other attendees, things that they had never considered . After the public training they would know enough about governance to assemble a proper governance team and schedule a private training / consulting session to start writing a proper governance plan.

The next public class is next week and there are still openings available. This is your opportunity to both discover the full scope of SharePoint content and user governance, and to learn from the experiences of other governance teams.

The next class is Thursday, May 10th, 2012 at MAX Technical Training.

MA-1040 - SharePoint Governance 2007 and 2010
http://www.maxtrain.com/Classes/ClassInfo.aspx?Id=741

For information about private governance team training contact MAX at 1-513-322-8888.

 

.

Last Chance to Sign Up for SharePoint Cincy 2012!

 

 

SharePoint Cincy – March 16th, 2012

Northern Kentucky University’s Center for Applied Informatics and MAX Technical Training are bringing a major SharePoint event to the Cincinnati area! SharePoint Cincy will be held at the METS Center located in Erlanger, KY. The METS center is near the Cincinnati airport (CVG) and has lots of free parking.

You’ve got to be registered to attend and it’s filling up fast. Last year was a sell out and this year is a bigger and better event!

See the site for the agenda, speakers and registration: http://www.sharepointcincy.com

 

SharePoint Cincy – This Friday - March 16th, 2012

 

 

SharePoint Cincy – March 16th, 2012

Northern Kentucky University’s Center for Applied Informatics and MAX Technical Training are bringing a major SharePoint event to the Cincinnati area! SharePoint Cincy will be held at the METS Center located in Erlanger, KY. The METS center is near the Cincinnati airport (CVG) and has lots of free parking.

Only a few days left!

You’ve got to be registered to attend and it’s filling up fast. Last year was a sell out and this year is a bigger and better event!

See the site for the agenda, speakers and registration: http://www.sharepointcincy.com

 

 

Lots of great speakers will be there! (And I will be speaking there too :-) )

• Robert Bogue, Thor Projects LLC.
• Mike Buob, Sogeti, USA
• Steve Caravajal, Ph.D, Microsoft Corporation
• Bill Crider, Ascendum
• Jorge Guerreiro, K2
• Brian T. Jackett, Microsoft
• Tavis Lovell, Ascendum
• Tony Maddin, Ascendum
• Jennifer Mason, SharePoint 911
• Sean P. McDonough, Idera
• Chris Murphy, Ascendum
• Nitin Nagar, Ascendum
• Ted Perrotte, Aspect Software
• Mark Rackley, Juniper Strategy, LLC
• Raveen Rajavarma, Ascendum
• Clint Richardson, Ascendum
• Larry J. Riemann, CBTS/Indigo Integrations
• Jeffrey Segebarth, NewsGator Technologies
• Peter Serzo, High Monkey Consulting
• Mike Smith, MAX Technical Training
• Adam Solzsmon, Ascendum
• Matthew Tallman, Ascendum
• Eric Weissmann, Ascendum
• Shane Young, SharePoint 911

.

SharePoint Cincy – Two weeks from Today!

 

SharePoint Cincy – March 16th, 2012

Northern Kentucky University’s Center for Applied Informatics and MAX Technical Training are bringing a major SharePoint event to the Cincinnati area! SharePoint Cincy will be held at the METS Center located in Erlanger, KY. The METS center is near the Cincinnati airport (CVG) and has lots of free parking.

Only two weeks left!

You’ve got to be registered to attend and it’s filling up. Last year was a sell out and this year is a bigger and better event!

See the site for the agenda, speakers and registration: http://www.sharepointcincy.com

Lots of great speakers will be there! (And I will be speaking there too :-) )

 

 

.

10 Reasons Not to Brand SharePoint

 

I wrote a magazine article! While that was fun, I’m really surprised at the follow up it received. It’s gotten some interesting comments via Twitter, a discussion over at LinkedIn and even a couple of articles about the article! Some folks strongly agree, some strongly disagree and one even thinks it’s funny. As long as I got people interested in the topic, I‘m happy!

 

So do me a favor… I’d love to know what my “regulars” think of the article. Take a look at it and post your comments there, here or any where. I’d love to know what you think either way.

http://www.sharepointpromag.com/article/sharepoint-server-2010/branding-sharepoint-141137

 

Twitter comments:

http://twitter.com/#!/search/%2210%20reasons%20not%20to%20brand%20sharepoint%22

http://twitter.com/#!/search?q=%23SPRebrand

http://twitter.com/#!/kerriabraham

 

The LinkedIn discussion:

http://www.linkedin.com/groups/10-Reasons-Not-Brand-SharePoint-43166.S.78580029?qid=b4fadd71-ea5a-49a1-bba6-86ecb14d0844&trk=group_most_popular-0-b-cmr&goback=.gmp_43166

 

Even some articles about the article:

http://sharepointsemantics.com/2011/11/why-you-should-not-brand-your-internal-microsoft-sharepoint-sites/

http://sharepoint-geek.com/2011/11/03/interesting-arguments-against-branding-internal-sharepoint-sites/

 

.

SharePoint Saturday Cincinnati is ... well this Saturday!

 

Cincinnati’s first SharePoint Saturday is in three days! Are you registered yet? If not, go here now: http://www.sharepointsaturday.org/cincinnati/default.aspx

With twenty different presentations you can’t miss!

 

I will be giving two presentations:

  SharePoint Governance... It may not be what you think it is...

and

  SharePoint 2007, 2010 and Office 365 for Site Owners and Power Users

 

 

                                Tweet it! (#SPSCincinnati)

                                     Blog it!

                                         Be there! 

                                             and Learn!

                                                                and remember… it’s FREE!

.

Searching and Auditing SharePoint with PowerShell

 

Last week I gave a presentation to the Dayton SharePoint user group on using PowerShell to search and audit SharePoint. In this article, and one or two follow ups I’ll expand on that presentation.

So what’s here?

• An overview of permissions needed to use PowerShell with SharePoint
• How to use PowerShell with both SharePoint 2007 and 2010
• The SPFarm object and a few of its properties
• The SPService object

 

Goals:

• Find info that cannot be found with the out of the box tools
• Find info that can not be conveniently found with the out of the box tools
• Collect data for reports
• Do nothing that is not undoable
• Do nothing (or as little as possible) that impacts server performance

In this article we are not:

• Doing administration
• Doing installs
• Doing Backups and Restores

PowerShell can do all of this, but those are for other sessions (and other presentors)

 

Permissions:

Not everyone who can start PowerShell can access SharePoint data using the SharePoint 2010 PowerShell cmdlets! PowerShell does not avoid SharePoint security, and actually adds an additional requirement or two.

• You can use the “setup account” that was used to install SharePoint as it has the rights listed below (but this is not the best practice!)
• You must be a member of the SQL SharePoint_Shell_Access role
• You must be a member of the WSS_Admin_WPG local security group on each server
• You can configure both of the above using one SharePoint PowerShell cmdlet:
      Add-SPShellAdmin –Username “domain/user” -Database “databasename”

For SharePoint 2007, just think about which permissions would be needed to otherwise get to the desired content. You will need the same permissions when using PowerShell. Access to the Farm object will require admin permissions. Access to a Site Collection will require Site Collection Administrator, Site Owner, or for some data, Visitor permissions.

 

Memory Management (and possible “manglement!)

 

First the bad news: You have to manage memory. If you don’t, you can crash your SharePoint server by creating objects that are not immediately disposed of. As you drill down into the SharePoint hierarchy you can potentially create thousands of objects.

Different PowerShells, different memory defaults

If running a PowerShell other than the SharePoint 2010 Management Shell, such as the Integrated Scripting Environment (ISE), each command line (each press of the Enter key) runs on a different thread.

         $site = Get-SPSite http://intranet/sites.training
         $site.Dispose()

When the above is run in the ISE the $site object is not been immediately disposed as the request was made on a different thread.

Starting the SharePoint 2010 Management Shell runs this:
      $ver = $host | select version
      if ($ver.Version.Major -gt 1)
          { $Host.Runspace.ThreadOptions = "ReuseThread“ }
      Add-PsSnapin Microsoft.SharePoint.PowerShell
      Set-location $home"

“ReuseThread” causes all commands to now run in the same thread.

 

Memory tools

 

If you would like to track the memory being used by PowerShell you can check the running processes on your PC. PowerShell includes a cmdlet, Get-Process (gps for short) just for this, and it also keeps track of its own process ID in a variable named $PID. You can check the current memory being used with this command:

      gps -id $pid

 

Here’s a sample test:

      `create 100 subsites
      gps -id $pid; 
      for ($i=0; $i -lt 100; $i++) 
      { 
        $s = new-spweb http://intranet/sites/training/PS$i ; 
      } 
      gps -id $pid;

 

Here’s a sample test with dispose:

      `create 100 subsites 
      gps -id $pid; 
      for ($i=0; $i -lt 100; $i++) 
      { 
        $s = new-spweb http://intranet/sites/training/PS$i ;
        $s.dispose(); 
      } 
      gps -id $pid;

 

Sometimes you need to force the garbage collection process if you need to immediately free up RAM. Do not do this excessively as it will be very slow. That said, the following is not best practice!

      `create 100 subsites 
      gps -id $pid; 
      for ($i=0; $i -lt 100; $i++) 
      { 
        $s = new-spweb http://intranet/sites/training/PS$i ;
        $s.dispose(); 
        [System.GC]::Collect());
      } 
      gps -id $pid;

 

Memory - helper functions

If you plan to do much memory usage testing then you may want to create a function or two to save some typing:

PowerShell Process memory:
      function psm
      {
        (Get-Process $pid).PrivateMemorySize/1024/1024
      }

 

Run the garbage collector:
      function cg
      {
        [System.GC]::Collect()
      }

 

Is PowerShell just for SharePoint 2010? Or will it work in SharePoint 2007?

 

SharePoint 2010 includes nearly 600 PowerShell cmdlets. With these you can quickly get a hold of common SharePoint objects with a simple command. Here is how you can get a Site Collection object in one line:

      $site = Get-SPSite http://intranet/sites/training

 

There are no SharePoint PowerShell cmdlets for SharePoint 2007! But that is not too much of a problem as PowerShell can directly access DLLs, including the SharePoint DLLs.

First you will need to load the SharePoint DLL:

      [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")

Then you can use the SharePoint API to create SharePoint objects such as a Site Collection object. The following creates the exact same object as the cmdlet above, and it will work in both 2007 and 2010.

$site = New-Object Microsoft.SharePoint.SPSite(“http://intranet/sites/training”)

 

The SharePoint Hierarchy

 

When looking for a single object in SharePoint (site, list, item, etc) you will often be able to use a single PowerShell cmdlet or API object. But when you want to find all Word documents in all libraries in all site collections in all sites in all web applications, then you will need to drill down through the SharePoint object Hierarchy. Here are the primary objects we will be working with in these articles:

 

SPFarm (the config database)

  SPWebService (Excel services, etc)

    SPWebApplication (IIS app plus a SQL DB)

      SPSite (Site collection)

        SPWeb (a single site)

          SPList & SPLibrary (a single list)

            SPListItem (a single list item)

              SPField (a single property)

 

Each of these objects have their own collections of properties that we can browse through using PowerShell.

 

The Farm

 

As a start, let’s take a look at the top most object in the SharePoint hierarchy, the SPFarm object. Note that the Farm is the Config database, not the collection of physical servers. In fact, the collection of server objects is just one of many properties of the Farm.

For SP 2010:
      Get-SPFarm returns the farm object    (actually the SharePoint Config database)

Or for SP 2007:
      $farm = [Microsoft.SharePoint.Administration.SPFarm]::Local

Get the farm:
      $farm = Get-SPFarm

Get the version:
      $farm.BuildVersion              or (Get-SPFarm).BuildVersion

Get the list of servers:
      $farm.Servers                       or Get-SPServer

Get a list of installed Features
      $farm.FeatureDefinitions | sort scope                  or Get-SPFeature

Get a list of installed Solutions
      $farm.Solutions                     or Get-SPSolution

 

Get a list of installed products (or SKUs)

       $farm.Products

This returns a list of GUIDs of the installed products.

Value	Product
84902853-59F6-4B20-BC7C-DE4F419FEFAD	Project Server 2010 Trial
ED21638F-97FF-4A65-AD9B-6889B93065E2	Project Server 2010
BC4C1C97-9013-4033-A0DD-9DC9E6D6C887	Search Server 2010 Trial
08460AA2-A176-442C-BDCA-26928704D80B	Search Server 2010
BEED1F75-C398-4447-AEF1-E66E1F0DF91E	SharePoint Foundation 2010
1328E89E-7EC8-4F7E-809E-7E945796E511	Search Server Express 2010
B2C0B444-3914-4ACB-A0B8-7CF50A8F7AA0	SharePoint Server 2010 Standard Trial
3FDFBCC8-B3E4-4482-91FA-122C6432805C	SharePoint Server 2010 Standard
88BED06D-8C6B-4E62-AB01-546D6005FE97	SharePoint Server 2010 Enterprise Trial
D5595F62-449B-4061-B0B2-0CBAD410BB51	SharePoint Server 2010 Enterprise
926E4E17-087B-47D1-8BD7-91A394BC6196	Office Web Applications 2010

More info here:

http://blogs.technet.com/b/vedant/archive/2010/10/05/detecting-installed-sku-of-sharepoint-2010-and-upgrading-editions.aspx

 

 

The Services

 

While looking at the SPFarm object let’s take a look at the SPServices object. SharePoint 2010 seems to have an endless list of services. Which are installed on your farm?

SharePoint 2010 does not have a “Get-SPServices” cmdlet, so we will have to get the services object SPFarm object.

      $farm = Get-SPFarm    (or   $farm = [Microsoft.SharePoint.Administration.SPFarm]::Local )

      $farm.Services | select TypeName

Note that the web applications (SPWebApplication) are a special kind “service” (Microsoft SharePoint Foundation Web Application) and can be retrieved using Get-SPWebApplication or by looping through all of the SPService objects and checking the type of service.

 

Next

 

In the next installment we will start looking at, and start exploring, the “everyday” objects such as Site Collections, Webs, Items and Users.

• Get a list of all site collections
• Get a list of all sites of type “abc” (blog, Team Site, etc)
• Get a list of all groups and their users
• Get a list of all users
• Get a list of all permissions
• Get a list of all lists that use Content Type “abc”
• and a few more...

.

SharePoint MVP chat; Wednesday, June 22nd at 9am PDT (Noon in Cincinnati!)

 

June 22nd, 12 Noon, online and live!

 

Do you have tough technical questions regarding SharePoint for which you're seeking answers? Do you want to tap into the deep knowledge of the talented Microsoft Most Valuable Professionals?  The SharePoint MVPs are the same people you see in the technical community as authors, speakers, user group leaders and answerers in the MSDN and TechNet forums.

By popular demand, we have brought these experts together as a collective group to answer your questions live.  So please join us and bring on the questions! This chat will cover WSS 3.0, MOSS, SharePoint Foundation 2010 and the SharePoint Server 2010. Topics include setup and administration, design, development and general question.

Please join us on Wednesday June 22nd at 9am PDT to chat with MVPs from around the world. Learn more and add these chats to your calendar by visiting the MSDN event page http://msdn.microsoft.com/en-us/events/aa497438.aspx

 

.

Microsoft Office 365 is Now in Public Beta!

 

It’s more than just SharePoint “in the cloud”!  Go take a look, and sign up!

http://www.microsoft.com/en-us/office365/online-software.aspx

 

.

If you missed SharePoint Cincy 2011…

 

SharePoint Cincy 2011

If you missed SharePoint Cincy 2011 then you missed out on a full day of everything SharePoint! Two fantastic keynote presentations from Microsoft and Kroger, twenty breakout sessions with speakers from all over the country and a fantastic group of sponsors. I have not forgotten the most important group… the attendees! There was networking and social collaboration going on in every room and around every table.

SharePoint Cincy 2012 – March 16th 2012

Add March 16th, 2012 to your calendar.  Towards the end of the day I was frequently asked “when is this going to be done again?”  During the 5:00 update the SharePoint Cincy team announced that due to the success of this first event that they are going to do it again. So, see you in March 2012.

 

Thanks to the speakers

(Notice how many of these are local talent. The Cincinnati area has a strong base of SharePoint expertise!)

Fred J. Studerstuder, Microsoft Corporation
Catherine AllshouseCatherine, The Kroger Company
Tim Beamer, Dell
Scott Brickey, Strategic Data Systems
Mike Buob, Sogeti, USA
Steve Caravajal, Ph.D., Microsoft Corporation
Bill Crider, Ascendum
Mario Fulan, Information Control Corp (ICC)
Rob Joy, K2
Pat Kern, Procter & Gamble, Global Shared Services
Rob Kerr, BlueGranite
Sean McDonough, Idera
Jonathan Mast, SharePoint 911
Matt Morse, PointBridge
Raveen Rajavarma, Ascendum
Mike Smith, MAX Technical Training
Matthew Tallman, Sogeti, USA
Tom Washek, Microsoft
Eric Weissmann, DSC Consulting
Shane Young, SharePoint 911

Thanks to the sponsors and exhibitors

Without these people the event could not happen…

Ascendum
AvePoint
BrainStorm Inc.
CBTS
Center for Applied Informatics @ NKU
Dell
Information Control Corporation
K2
MAX Technical Training
Microsoft
PCMS IT Advisor Group
SDS - Strategic Data Systems
Sogeti
The Circuit

The Cincinnati SharePoint User Group
The Dayton SharePoint User Group

 

.

SharePoint Cincy – Last Chance to Sign Up!

Only one day left! You’ve got to be registered to attend.

SharePoint Cincy – March 18th, 2011

 

Northern Kentucky University’s Center for Applied Informatics and MAX Technical Training are bringing a major SharePoint event to the Cincinnati area! SharePoint Cincy will be held at the METS Center located in Erlanger, KY. The METS center is near the Cincinnati airport (CVG) and has lots of free parking.

See the site for the agenda, speakers and registration: http://www.sharepointcincy.com

 

Lots of great speakers will be there! (And I will be speaking there too :-) )

 

 

.

SharePoint Cincy 2011 presenter list has been posted

 

Register now!  There is limited space available at the METS Center.

 

Speakers

The speaker list is not complete yet. See here for the current list: http://www.sharepointcincy.com/presenter-information

KEYNOTE SESSIONS:

• Microsoft Executive, Fred Studer, has P&L responsibility for a $6B portfolio of Information Worker (IW) products.  Come hear Fred discuss the strategic importance and future direction of SharePoint.

• Kroger IT leader, Catherine Allshouse, will share how they use SharePoint to deliver as many as 2 million customer interactions/day on Kroger’s websites.

 

One SharePoint MCM, at least two SharePoint MVPs and at least one MCT!

And a lot of Microsoft Certified “fill in the blank”  (too long to list)

 

Sessions

The session list is not complete yet, but these are currently listed sessions:

 

(Up-to-date list here: http://www.sharepointcincy.com/session-information)

Breakout Session Tracks/Topics

Core topics/sessions are confirmed, remaining sessions will be added based on demand/input from Registrants.

TRACK 1: Driving Business Value With SharePoint

Subject:  Top 10 Ways to Leverage the Value of your SharePoint Investment
Presenter:   Steve Caravajal – Microsoft Corporation, Principal Architect

Subject:  SharePoint Governance
Presenter:   Mike Smith– MAX Technical Training, Senior Instructor and SharePoint MVP

Subject:  Key “Lessons Learned” from Successful SharePoint Projects
Presenter:   TBD

TRACK 2: SharePoint Development and Site Customization

Subject:  Does it Make Sense to Use SharePoint 2010 as an Application Development Platform?
Presenter:   Mario Fulan – ICC, SharePoint Practice Leader and SharePoint MCM

Subject:  How to Develop and Deploy SharePoint Applications and Solutions
Presenter:   Matthew Tallman – Sogeti USA, Manager Enterprise Collaboration Group

Subject:  Integrating Applications with the SharePoint Platform using Business Connectivity Services (BCS)
Presenter:   Jonathan Mast – SharePoint911, Senior SharePoint Developer

TRACK 3: SharePoint Implementation and Administration

Subject:  SharePoint Administration – Deep Dive
Presenter:   Shane Young – SharePoint911, Principal Consultant and SharePoint MVP

Subject:  SharePoint Disaster Recovery and High Availability
Presenter:   Sean McDonough – Idera, SharePoint Products Manager

Subject:  SharePoint Sizing and Capacity Planning
Presenter:   Shane Young – SharePoint911, Principal Consultant and SharePoint MVP

TRACK 4: Business Intelligence and Data Management

Subject:  Data Visualization and Business Intelligence Solutions Using SharePoint 2010
Presenter:   Raveen Rajavarma – Ascendum, SharePoint Practice Leader

Subject:  Case Study: SharePoint’s Role in P&G’s Business Intelligence Solutions
Presenter:   Pat Kern– Procter & Gamble, IT Director

Subject:  Implementing Dashboard Solutions using PerformancePoint Services and SQL Reporting Services in SharePoint 2010
Presenter:   TBD

 

 

.

SharePoint 2010: Disabling “I Like It” and “Tags & Notes”

 

In my SharePoint governance classes I often say that you should not release a SharePoint feature until you have a plan for it…

• is governance required (is there a risk through misuse)?
• who will support it”
• how will you train users?
• what’s the impact on performance?

So what about:

   

 

In SharePoint 2010 this topic often comes up around the new social features, including “I Like It” and “Tags & Notes”. So until you have a “plan”, how can you disable these features?

 

Hide the Ribbon Links

One step might be to disable the “I Like It” and “Tags & Notes” in the ribbon. Just keep in mind that this is done at the farm level, so you will be removing it for everyone. This part of the ribbon is implemented as a feature named “Social Tags and Note Board Ribbon Controls”, so all you need to do is disable the feature from Central Administration or by using PowerShell. See the following TechNet article for details:

http://technet.microsoft.com/en-us/library/ee721062.aspx

 

Disable the feature for selected users and groups

A better option might be to disable “I Like It” and “Tags & Notes” for selected users by changing a permission. I had expected to find this “permission” in the list of user and group permissions, but this one is part of Profile Services.

Here’s the TechNet article:

http://technet.microsoft.com/en-us/library/ee721064.aspx

 

Central Administration

–> Application Management section

    –> Manage service applications

      –> User Profile Service Application link.

         –> in the People section, click Manage User Permissions.

 

 

Note system administrators will still see the “I Like It” and “Tags & Notes”. Users, Site Owners and  Site Collection Administrators will not, unless granted access in Profile Services.

.