Professional Documents
Culture Documents
MICROSOFT
LEARNING
PRODUCT
10174A
Configuring and Administering
Microsoft SharePoint 2010
Volume 1
ii
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part
of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted
in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for
any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory,
regarding these manufacturers or the use of the products with any Microsoft technologies. The
inclusion of a manufacturer or product does not imply endorsement of Microsoft of the
manufacturer or product. Links may be provided to third party sites. Such sites are not under the
control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link
contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for
webcasting or any other form of transmission received from any linked site. Microsoft is providing
these links to you only as a convenience, and the inclusion of any link does not imply endorsement
of Microsoft of the site or the products contained therein.
2010 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us
/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies.
All other marks are property of their respective owners.
updates,
supplements,
support services
for this Licensed Content, unless other terms accompany those items. If so, those terms apply.
By using the Licensed Content, you accept these terms. If you do not accept them, do not use
the Licensed Content.
If you comply with these license terms, you have the rights below.
1. DEFINITIONS.
a. Academic Materials means the printed or electronic documentation such as manuals,
workbooks, white papers, press releases, datasheets, and FAQs which may be included in the
Licensed Content.
b. Authorized Learning Center(s) means a Microsoft Certified Partner for Learning Solutions
location, an IT Academy location, or such other entity as Microsoft may designate from time to time.
c. Authorized Training Session(s) means those training sessions authorized by Microsoft and
d. Course means one of the courses using Licensed Content offered by an Authorized Learning
Center during an Authorized Training Session, each of which provides training on a particular
Microsoft technology subject matter.
e. Device(s) means a single computer, device, workstation, terminal, or other digital electronic or
analog device.
f.
Licensed Content means the materials accompanying these license terms. The Licensed
Content may include, but is not limited to, the following elements: (i) Trainer Content, (ii) Student
Content, (iii) classroom setup guide, and (iv) Software. There are different and separate
components of the Licensed Content for each Course.
g.
Software means the Virtual Machines and Virtual Hard Disks, or other software applications that
may be included with the Licensed Content.
h. Student(s) means a student duly enrolled for an Authorized Training Session at your location.
i.
Student Content means the learning materials accompanying these license terms that are for
use by Students and Trainers during an Authorized Training Session. Student Content may include
labs, simulations, and courseware files for a Course.
j.
Trainer(s) means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer
and b) such other individual as authorized in writing by Microsoft and has been engaged by an
Authorized Learning Center to teach or instruct an Authorized Training Session to Students on its
behalf.
k. Trainer Content means the materials accompanying these license terms that are for use by
Trainers and Students, as applicable, solely during an Authorized Training Session. Trainer Content
may include Virtual Machines, Virtual Hard Disks, Microsoft PowerPoint files, instructor notes, and
demonstration guides and script files for a Course.
l.
Virtual Hard Disks means Microsoft Software that is comprised of virtualized hard disks (such as
a base virtual hard disk or differencing disks) for a Virtual Machine that can be loaded onto a single
computer or other device in order to allow end-users to run multiple operating systems concurrently.
For the purposes of these license terms, Virtual Hard Disks will be considered Trainer Content.
m. Virtual Machine means a virtualized computing experience, created and accessed using
Microsoft Virtual PC or Microsoft Virtual Server software that consists of a virtualized hardware
environment, one or more Virtual Hard Disks, and a configuration file setting the parameters of the
virtualized hardware environment (e.g., RAM). For the purposes of these license terms, Virtual Hard
Disks will be considered Trainer Content.
n.
you means the Authorized Learning Center or Trainer, as applicable, that has agreed to these
license terms.
2. OVERVIEW.
Licensed Content. The Licensed Content includes Software, Academic Materials (online and
electronic), Trainer Content, Student Content, classroom setup guide, and associated media.
License Model. The Licensed Content is licensed on a per copy per Authorized Learning Center
location or per Trainer basis.
either install individual copies of the relevant Licensed Content on classroom Devices only for
use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided
that the number of copies in use does not exceed the number of Students enrolled in and the
Trainer delivering the Authorized Training Session, OR
ii. install one copy of the relevant Licensed Content on a network server only for access by
classroom Devices and only for use by Students enrolled in and the Trainer delivering the
Authorized Training Session, provided that the number of Devices accessing the Licensed
Content on such server does not exceed the number of Students enrolled in and the Trainer
delivering the Authorized Training Session.
iii. and allow the Students enrolled in and the Trainer delivering the Authorized Training Session to
use the Licensed Content that you install in accordance with (ii) or (ii) above during such
Authorized Training Session in accordance with these license terms.
i.
Separation of Components. The components of the Licensed Content are licensed as a single
unit. You may not separate the components and install them on different Devices.
ii. Third Party Programs. The Licensed Content may contain third party programs. These license
terms will apply to the use of those third party programs, unless other terms accompany those
programs.
b. Trainers:
i.
Trainers may Use the Licensed Content that you install or that is installed by an Authorized
Learning Center on a classroom Device to deliver an Authorized Training Session.
ii. Trainers may also Use a copy of the Licensed Content as follows:
A. Licensed Device. The licensed Device is the Device on which you Use the Licensed Content.
You may install and Use one copy of the Licensed Content on the licensed Device solely for
your own personal training Use and for preparation of an Authorized Training Session.
B. Portable Device. You may install another copy on a portable device solely for your own
personal training Use and for preparation of an Authorized Training Session.
4. PRE-RELEASE VERSIONS. If this is a pre-release (beta) version, in addition to the other provisions
in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not
contain the same information and/or work the way a final version of the Licensed Content will. We
may change it for the final, commercial version. We also may not release a commercial version.
You will clearly and conspicuously inform any Students who participate in each Authorized Training
Session of the foregoing; and, that you or Microsoft are under no obligation to provide them with
any further content, including but not limited to the final released version of the Licensed Content
for the Course.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, you give to
Microsoft, without charge, the right to use, share and commercialize your feedback in any way and
for any purpose. You also give to third parties, without charge, any patent rights needed for their
products, technologies and services to use or interface with any specific parts of a Microsoft
software, Licensed Content, or service that includes the feedback. You will not give feedback that is
subject to a license that requires Microsoft to license its software or documentation to third parties
because we include your feedback in them. These rights survive this agreement.
c. Confidential Information. The Licensed Content, including any viewer, user interface, features
and documentation that may be included with the Licensed Content, is confidential and proprietary
to Microsoft and its suppliers.
i.
Use. For five years after installation of the Licensed Content or its commercial release,
whichever is first, you may not disclose confidential information to third parties. You may
disclose confidential information only to your employees and consultants who need to know
the information. You must have written agreements with them that protect the confidential
information at least as much as this agreement.
ii.
protective order or otherwise protect the information. Confidential information does not
include information that
you received from a third party who did not breach confidentiality obligations to
Microsoft or its suppliers; or
d.
Term. The term of this agreement for pre-release versions is (i) the date which Microsoft informs
you is the end date for using the beta version, or (ii) the commercial release of the final release
version of the Licensed Content, whichever is first (beta term).
e.
Use. You will cease using all copies of the beta version upon expiration or termination of the beta
term, and will destroy all copies of same in the possession or under your control and/or in the
possession or under the control of any Trainers who have received copies of the pre-released
version.
f.
Copies. Microsoft will inform Authorized Learning Centers if they may make copies of the beta
version (in either print and/or CD version) and distribute such copies to Students and/or Trainers. If
Microsoft allows such distribution, you will follow any additional terms that Microsoft provides to you
for such copies and distribution.
Software.
ii. Virtual Hard Disks. The Licensed Content may contain versions of Microsoft XP, Microsoft
Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 2000 Advanced
Server and/or other Microsoft products which are provided in Virtual Hard Disks.
A. If the Virtual Hard Disks and the labs are launched through the Microsoft
Learning Lab Launcher, then these terms apply:
Time-Sensitive Software. If the Software is not reset, it will stop running based upon the
time indicated on the install of the Virtual Machines (between 30 and 500 days after you
install it). You will not receive notice before it stops running. You may not be able to
access data used or information saved with the Virtual Machines when it stops running and
may be forced to reset these Virtual Machines to their original state. You must remove the
Software from the Devices at the end of each Authorized Training Session and reinstall and
launch it prior to the beginning of the next Authorized Training Session.
B. If the Virtual Hard Disks require a product key to launch, then these terms
apply:
Microsoft will deactivate the operating system associated with each Virtual Hard Disk.
Before installing any Virtual Hard Disks on classroom Devices for use during an Authorized
Training Session, you will obtain from Microsoft a product key for the operating system
software for the Virtual Hard Disks and will activate such Software with Microsoft using such
product key.
C. These terms apply to all Virtual Machines and Virtual Hard Disks:
You may only use the Virtual Machines and Virtual Hard Disks if you comply with
the terms and conditions of this agreement and the following security
requirements:
o
You may not install Virtual Machines and Virtual Hard Disks on portable Devices or
Devices that are accessible to other networks.
You must remove Virtual Machines and Virtual Hard Disks from all classroom Devices at
the end of each Authorized Training Session, except those held at Microsoft Certified
Partners for Learning Solutions locations.
You must remove the differencing drive portions of the Virtual Hard Disks from all
classroom Devices at the end of each Authorized Training Session at Microsoft Certified
Partners for Learning Solutions locations.
You will ensure that the Virtual Machines and Virtual Hard Disks are not copied or
downloaded from Devices on which you installed them.
You will strictly comply with all Microsoft instructions relating to installation, use,
activation and deactivation, and security of Virtual Machines and Virtual Hard Disks.
You may not modify the Virtual Machines and Virtual Hard Disks or any contents
thereof.
You may not reproduce or redistribute the Virtual Machines or Virtual Hard Disks.
ii. Classroom Setup Guide. You will assure any Licensed Content installed for use during an
Authorized Training Session will be done in accordance with the classroom set-up guide for the
Course.
iii. Media Elements and Templates. You may allow Trainers and Students to use images, clip
art, animations, sounds, music, shapes, video clips and templates provided with the Licensed
Content solely in an Authorized Training Session. If Trainers have their own copy of the
Licensed Content, they may use Media Elements for their personal training use.
iv. iv Evaluation Software. Any Software that is included in the Student Content designated as
Evaluation Software may be used by Students solely for their personal training outside of the
Authorized Training Session.
b. Trainers Only:
i.
Use of PowerPoint Slide Deck Templates. The Trainer Content may include Microsoft
PowerPoint slide decks. Trainers may use, copy and modify the PowerPoint slide decks only for
providing an Authorized Training Session. If you elect to exercise the foregoing, you will agree
or ensure Trainer agrees: (a) that modification of the slide decks will not constitute creation of
obscene or scandalous works, as defined by federal law at the time the work is created; and
(b) to comply with all other terms and conditions of this agreement.
ii. Use of Instructional Components in Trainer Content. For each Authorized Training
Session, Trainers may customize and reproduce, in accordance with the MCT Agreement, those
portions of the Licensed Content that are logically associated with instruction of the Authorized
Training Session. If you elect to exercise the foregoing rights, you agree or ensure the Trainer
agrees: (a) that any of these customizations or reproductions will only be used for providing an
Authorized Training Session and (b) to comply with all other terms and conditions of this
agreement.
iii. Academic Materials. If the Licensed Content contains Academic Materials, you may copy and
use the Academic Materials. You may not make any modifications to the Academic Materials
and you may not print any book (either electronic or print version) in its entirety. If you
reproduce any Academic Materials, you agree that:
The use of the Academic Materials will be only for your personal reference or training use
You will not republish or post the Academic Materials on any network computer or
broadcast in any media;
You will include the Academic Materials original copyright notice, or a copyright notice to
Microsofts benefit in the format provided below:
Form of Notice:
2010 Reprinted for personal reference use only with permission by Microsoft
Corporation. All rights reserved.
Microsoft, Windows, and Windows Server are either registered trademarks or
trademarks of Microsoft Corporation in the US and/or other countries. Other
product and company names mentioned herein may be the trademarks of their
respective owners.
6. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed
Content. It may change or cancel them at any time. You may not use these services in any way that
could harm them or impair anyone elses use of them. You may not use the services to try to gain
unauthorized access to any service, data, account or network by any means.
7. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you
more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that
only allow you to use it in certain ways. You may not
install more copies of the Licensed Content on classroom Devices than the number of Students and
the Trainer in the Authorized Training Session;
allow more classroom Devices to access the server than the number of Students enrolled in and the
Trainer delivering the Authorized Training Session if the Licensed Content is installed on a network
server;
copy or reproduce the Licensed Content to any server or location for further reproduction or
distribution;
disclose the results of any benchmark tests of the Licensed Content to any third party without
Microsofts prior written approval;
reverse engineer, decompile or disassemble the Licensed Content, except and only to the extent
that applicable law expressly permits, despite this limitation;
make more copies of the Licensed Content than specified in this agreement or allowed by applicable
law, despite this limitation;
access or use any Licensed Content for which you (i) are not providing a Course and/or (ii) have not
been authorized by Microsoft to access and use;
use the Licensed Content for commercial hosting services or general business purposes.
Rights to access the server software that may be included with the Licensed Content, including the
Virtual Hard Disks does not give you any right to implement Microsoft patents or other Microsoft
intellectual property in software or devices that may access the server.
8. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and
regulations. You must comply with all domestic and international export laws and regulations that apply
to the Licensed Content. These laws include restrictions on destinations, end users and end use. For
additional information, see www.microsoft.com/exporting.
9. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or Licensed
Content marked as NFR or Not for Resale.
10. ACADEMIC EDITION. You must be a Qualified Educational User to use Licensed Content marked as
Academic Edition or AE. If you do not know whether you are a Qualified Educational User, visit
www.microsoft.com/education or contact the Microsoft affiliate serving your country.
11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you
fail to comply with the terms and conditions of these license terms. In the event your status as an
Authorized Learning Center or Trainer a) expires, b) is voluntarily terminated by you, and/or c) is
terminated by Microsoft, this agreement shall automatically terminate. Upon any termination of this
agreement, you must destroy all copies of the Licensed Content and all of its component parts.
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-
based services and support services that you use, are the entire agreement for the Licensed
Content and support services.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws
of that country apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the
laws of your country. You may also have rights with respect to the party from whom you acquired the
Licensed Content. This agreement does not change your rights under the laws of your country if the
laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. The Licensed Content is licensed as-is. You bear the risk of
using it. Microsoft gives no express warranties, guarantees or conditions. You may have
additional consumer rights under your local laws which this agreement cannot change. To
the extent permitted under your local laws, Microsoft excludes the implied warranties of
merchantability, fitness for a particular purpose and non-infringement.
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT
RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL,
INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to
anything related to the Licensed Content, software, services, content (including code) on third party
Internet sites, or third party programs; and
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in
this agreement are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute
utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre
garantie expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont
exclues.
LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES
DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de
dommages directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation
pour les autres dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de
bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers ; et
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel
dommage. Si votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages
indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne
sappliquera pas votre gard.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits
prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de
votre pays si celles-ci ne le permettent pas.
Welcome!
Thank you for taking our training! Weve worked together with our Microsoft Certied Partners
for Learning Solutions and our Microsoft IT Academies to bring you a world-class learning
experiencewhether youre a professional looking to advance your skills or a
student preparing for a career in IT.
We wish you a great learning experience and ongoing success in your career!
Sincerely,
Microsoft Learning
www.microsoft.com/learning
IDC, Value of Certication: Team Certication and Organizational Performance, November 2006
xiii
Acknowledgment
Microsoft Learning would like to acknowledge and thank the following persons for
their contributions towards developing this title. Their efforts at various stages in
the development have ensured that you have a good classroom experience.
xiv
xv
xvii
Contents
Module 1: Introducing SharePoint 2010
Lesson 1: Evaluating the Features of SharePoint 2010
Lesson 2: Preparing for SharePoint 2010
Lesson 3: Installing SharePoint 2010
Lesson 4: Advanced Installation of SharePoint 2010
Lab: Installing SharePoint 2010
1-3
1-36
1-59
1-76
1-87
2-4
2-14
2-50
2-64
3-3
3-10
3-24
3-61
3-74
4-3
4-29
4-40
4-54
4-98
xviii
5-3
5-24
5-34
5-40
6-3
6-20
6-32
6-41
7-3
7-14
7-30
7-38
7-43
7-49
L1-1
L2-17
L3-25
L3-35
L4-39
L4-53
L5-57
L5-65
L6-71
L7-83
L7-89
L7-97
Course Description
This five-day instructor-led course teaches students how to install, configure, and
administer Microsoft SharePoint and also how to manage and monitor sites and
users by using Microsoft SharePoint 2010.
Audience
This course is intended for IT professionals who are experienced Windows Server
2003 or 2008 administrators and are interested in learning how to administer
SharePoint 2010. The course is also intended for part-time Business Application
Administrators (BAAs) who are engaged in administering Line of Business (LOB)
applications in conjunction with internal business customers.
Student Prerequisites
In addition to their professional experience, students who attend this training
should have experience:
Administering Active Directory by creating and managing user and group
accounts, delegation of administration, and configuring Group Policy
Administering network infrastructureDNS and TCP/IP connectivity
General conceptual awareness of Microsoft .NET Framework as it relates to
SharePoint 2010
Administering Microsoft SQL Server 2005 or 2008 through creating logons,
assigning roles and using Microsoft SQL Server Management Studio
One years experience using Windows PowerShell cmdlets
General security and authentication practices
Course Objectives
After completing this course, students will be able to:
Administer SharePoint using the user interface, the command line, and
Windows PowerShell.
Course Outline
This section provides an outline of the course:
Module 1, Introducing SharePoint 2010, enables students to prepare for and
install the first server in a SharePoint 2010 farm.
Module 2, Creating a SharePoint 2010 Intranet, shows students how to
configure and administer the fundamental components of a SharePoint farm,
including its configuration, logical structure, user-facing features, and underlying
engine.
ii
iii
iv
Course Materials
The following materials are included with your kit:
Course Handbook. A succinct classroom learning guide that provides all the
critical technical information in a crisp, tightly-focused format, which is just
right for an effective in-class learning experience.
Lessons. Guides you through the learning objectives, and provides the key
points that are critical to the success of the in-class learning experience.
Labs. Provides a real-world, hands-on platform for you to apply the knowledge
and skills learned in the module.
Lab Answer Keys. Includes answer keys in digital form to use during lab time.
Note: To open the Web page, insert the Course CD into the CD-ROM drive, and
then in the root directory of the CD, double-click StartCD.exe.
Course evaluation. At the end of the course, you will have the opportunity to
complete an online evaluation to provide feedback on the course, training
facility, and instructor.
Role
10174A-CONTOSO-DC-A
10174A-CONTOSO-DC-B
10174A-CONTOSO-DC-C
10174A-CONTOSO-DC-D
10174A-CONTOSO-DC-E
10174A-CONTOSO-DC-F
10174A-CONTOSO-DC-FINAL
10174A-SP2007-WFE1-F
10174A-SP2007-WFE1-G
10174A-SP2010-WFE1-A
10174A-SP2010-WFE1-B
10174A-SP2010-WFE1-C
10174A-SP2010-WFE1-D
10174A-SP2010-WFE1-E
10174A-SP2010-WFE1-FINAL
Software Configuration
The following software is installed on the virtual machines:
Course Files
There are files associated with the labs in this course. The lab files are located on
the student computers.
Classroom Setup
Each classroom computer will have the same virtual machine configured in the
same way.
vi
1-1
Module 1
Introducing SharePoint 2010
Contents:
Lesson 1: Evaluating the Features of SharePoint 2010
1-3
1-36
1-59
1-76
1-87
1-2
Module Overview
1-3
Lesson 1
SharePoint 2010 is the business collaboration platform for the enterprise and the
Internet. Behind this simple value proposition is a complex and powerful platform
that delivers rich functionality to address a vast range of business needs. In this
lesson, you learn just how much technology is wrapped up by those 13 words, and
you dissect the technical capabilities and features that are driving enterprises
around the world to adopt SharePoint 2010.
After completing this lesson, you will be able to:
1-4
The value proposition for SharePoint is, SharePoint is the business collaboration
platform for the enterprise and the Internet. Microsoft invested heavily in the
development of SharePoint Server 2010 to deliver features that enable an
enterprise to do the following:
Cut costs with a unified infrastructure. SharePoint 2010 performs roles that
have been, in many enterprises, provided by other disparate systems. Now
those roles can be consolidated on to SharePoint 2010.
1-5
1-6
The Microsoft .NET Framework provides the framework for SharePoint, which
is a .NET application running within Internet Information Services (IIS).
1-7
SharePoint uses identity services that can include the Active Directory
directory service or other Claims-based authentication providers. Some of
these identity services, such as forms-based authentication, rely on the .NET
Framework.
1-8
SharePoint Server 2010 for Intranet Scenarios, which is licensed with Standard
or Enterprise features. The features provided by SharePoint Foundation 2010
and SharePoint Server 2010 are detailed later in this module.
SharePoint Server 2010 for Internet Sites, which is licensed for access by large
numbers of users and by nonauthenticated users.
Office Web Apps, which are discussed in Module 11, Implementing Office
Web Apps.
1-9
FAST Search for SharePoint 2010 for Internet Sites, which is licensed for
access by large numbers of users and by nonauthenticated users.
Search Server 2010 and Search Server Express 2010, which provide the search
functionality of SharePoint Server.
1-10
Sites
The sites capability includes functionality that delivers and personalizes content to
users, provides manageability and scalability to administrators, enables developers
to customize and extend SharePoint, and allows an enterprise to implement
SharePoint along with other solutions or to consolidate the functionality provided
by disparate collaboration solutions into SharePoint.
Content Delivery
The sites capability offers the following components, features, and functionality to
deliver content to users:
1-11
Multiple browsers
Mobile browsers
SharePoint Workspace
Content structures such as Web applications, site collections, and sites, are
discussed in Module 2, Creating a SharePoint 2010 Intranet.
SharePoint is compliant with WCAG 2.0 accessibility standards out of the box.
SharePoint 2010 offers a variety of modalities through which users can interact
with content, including Office client integration, SharePoint Workspace and
other applications that provide offline access to SharePoint, and Office Web
Apps, which enable browser-based viewing, editing, and coauthoring of
documents.
1-12
Content Personalization
The sites capability offers the following components, features, and functionality to
support personalizing the delivery of content:
My Sites
User tagging
Content targeting
Multilingual support
One user may not need, want, or be allowed to see the same content that
another user sees. The SharePoint sites capability delivers functionality to
individualizeto personalizethe user experience.
My Site is a users individual Web page, exposing that users profile, shared
information and documents, expertise, organizational relationships, and social
activities to other users. Additionally, a users My Site can provide a
personalized navigation and view of enterprise resources.
1-13
Central management
Operations management
Capacity
Topology
Performance
High availability
1-14
Codeplex: http://www.codeplex.com
Themes and branding features support customizing the look and feel of
SharePoint sites.
You can deliver rich functional solutions using out of the box solutions,
templates, and Web Parts.
SharePoint is a platform on which you can easily create and deploy solutions
from simple, no-code solutions to more complex solutions developed with
Visual Studio.
There is a vast ecosystem of community and ISVs who support and extend
SharePoint.
Interoperability
Platform consolidation
1-15
Additional Reading
1-16
Communities
Enterprise Collaboration
The communities capability offers the following components, features, and
functionality to enable collaboration between users:
Lists
1-17
Libraries
Document routing
My Sites
User profiles
Organizational relationships
SharePoint teams
1-18
My Sites are the social networking hub for interacting with individuals in an
organization, designed to help build relationships between users and to
connect people in an organization.
User profiles are a collection of attributes that can be synchronized with Active
Directory and other sources. Users can also define their own attributes. A
users My Site exposes the users profile, and SharePoint enables the
organization and the individual to manage the visibility of profile attributes to
various audiences.
Expertise can be defined centrally and by the user through the Ask Me About
section of their profile.
SharePoint can discover and suggest areas of expertise by mining the users
memberships, contacts, e-mail communication patterns, and e-mail content.
User-generated content
User feedback
1-19
Tags
Ratings
Social bookmarking
Following are some important points related to user-generated content and user
feedback:
User feedback encompasses activities and channels through which users give
input on content. User feedback information can help users discover and
make use of content based on what others think of the content.
The note board is similar to the wall in Facebook. A users My Site has a note
board, but any site, library, list, or document can also have a note board.
Business Communities
By combining the power of collaborative capabilities with social computing
technologies, SharePoint enables an organization to achieve the goals of both the
customer (user base) and manager (IT) of the technology.
1-20
Extensibility
Enterprise social networking with SharePoint is manageable, secure, and
compliant.
1-21
Content
Documents
Records
1-22
Web content
Viewing
Editing
Coauthoring
Following are some important points related to support for content and interaction
with content:
Users can store just about any type of content in SharePoint, including content
that has been traditionally stored in distinct systems.
Document sets
Location-based policy
1-23
Document and records management features are integrated into every site.
You can specify document routing rules that allow documents to be dropped
into a library and then automatically moved to the appropriate library based
on metadata and business logic.
You can create document sets, which are collections of documents that can be
treated as a unit, with a collective version history and metadata that applies to
the collection.
You can specify metadata, retention schedules, record declarations, and legal
holds and apply them consistently. SharePoint provides for multistage
disposition of documents. Policies can be location-based.
Question: What are the business outcomes supported by SharePoints support for
a variety of content types and modalities of interaction with the content?
1-24
Multilingual metadata
Use of metadata
Metadata-driven navigation
Search refiners
Following are some important points related to definition of content and metadata:
The MMS also deploys content types across sites, site collections, Web
applications, and farms so that an enterprise can maintain better control over
the definition of and metadata associated with content, as well as information
management policies for that content.
You can use metadata (tags) in numerous ways, and SharePoint 2010 provides
a variety of methods with which to tag content and view tags. You can even
have tags applied to content automatically, based on the items location or
other rules. Additionally, you can use metadata to create dynamic navigation
and to provide search refiners.
1-25
Manageability
The MMS and other services related to the content capability are manageable
and governable across your entire enterprise.
SharePoint can store content in remote systems, including the file system,
using remote BLOB storage.
Additional Reading
1-26
Search
Communications
Behaviors
Relationships
1-27
Search
Following are some important points related to people and expertise search:
You can connect with people and expertise by using search skills, tools, and
experiences that you typically apply to searching for content.
With people and expertise search, you can unlock the knowledge that is not
stored in traditional content and the value that is found in people-to-people
connections and social behavior.
In addition to looking for people and expertise, you can use people and
expertise metadata to improve the relevance and refine the results of
traditional content searches.
Eighty-five languages
Query
Search scopes
1-28
Following are some important points related to content sources, indexing, and
query:
The query experience is rich and is supported with features that significantly
improve your ability to find the information you are looking for.
Results are presented in context to the user and the users profile.
Social distance
Related searches.
Users see only results for content to which they have access.
SharePoint search results are federated, meaning that you see a unified list of
results from all query services.
1-29
Search results are relevant, presented using algorithms that include clickthrough behavior, usage, history, the users own profile, and social distance.
SharePoint even lists related searches along with search results, thereby
pointing you toward search queries that may help you find the information
you need.
Results
Hit highlighting
Results summaries
Visual search
Thumbnails
Previews
View in browser
Search results are rich, with hit highlighting, summaries, and visual search
features including thumbnails, previews, and view-in-browser.
Users can search SharePoint from the desktop using Windows 7 federated
search, from one of several browsers on several platforms, or from a Windows
mobile device.
1-30
Infrastructure
FAST integration
Manageability
Extensibility
FAST enhances the out of box SharePoint search experience with numerous
performance-enhancing and value-added features.
Additional Reading
1-31
Insights
The insights capability encompasses functionality that you can use to connect to
data sources and present the data in meaningful ways that support decision
making. It is the capability that most closely aligns with what the industry refers to
as business intelligence.
Information Sources
The insights capability offers the following components, features, and functionality
to connect with information from a broad range of data sources:
SharePoint
1-32
Excel Services
With self-service access to information, users can discover and manage their
aspect of the business with access to the right information.
Business Connectivity Services connects you with external data and systems.
With Excel Services, you can secure, manage, and use Excel workbooks as
interactive reports rendered in the browser. You can embed workbooks in
applications, blogs, and wikis and on the desktop. New programmability
features include JavaScript object model and REST API.
PowerPivot and SQL Analysis Services provide powerful reporting and analysis
of very large data sets.
Presentation of information
Dashboards
Scorecards
1-33
Decomposition tree
Chart Web Part generates charts from Excel workbooks, Business Connectivity
Services, or SharePoint lists.
Rich analytics and visualizations provide root cause analysis and the
decomposition tree.
Additional Reading
1-34
Composites
1-35
Manageability
Additional Reading
1-36
Lesson 2
As you learned in the previous lesson, SharePoint 2010 is a platform that itself
relies on a wide range of other Microsoft technology platforms. Before you can
install SharePoint 2010, you must prepare your hardware and software
environment to support the dependencies and interactions with SharePoint
products and technologies.
After completing this lesson, you will be able to:
1-37
1-38
A SharePoint farm consists of one or more servers playing one or more roles.
The Web front-end (WFE) role renders content to users, and therefore hosts the
Web applications (Web sites) with which users interact.
The content of those Web sites is stored in a SQL Server database, which is
therefore another role, the database role.
A number of services and applications provide functionality, such as search, and
administrative and management capabilities, such as Central Administration. Each
of these is a distinct role, and a server hosting one of these back-end services or
administrative sites is referred to as playing an application server role.
The roles can be consolidated on a single server or spread across multiple servers
in a variety of topologies. These topologies are summarized on the slide and are
detailed in Module 12, Installing and Upgrading to SharePoint 2010.
1-39
Infrastructure Requirements
SharePoint Server 2010 is a powerful platform that can scale to meet the most
demanding enterprise scenarios. As such, the hardware requirements for
SharePoint begin with a minimum hardware base with at least four processor cores
running 2.5 GHz and 8 GB of RAM.
SharePoint 2010 is a 64-bit platform, and therefore you must use 64-bit versions of
the operating system on each SharePoint server and for SQL Server. Windows
Server 2008 with Service Pack 2 (64-bit) or Windows Server 2008 R2 (which is
only 64-bit) is required.
SQL Server is the required database platform. SharePoint Server 2010 requires one
of the following:
SQL Server 2005 Service Pack 3 (SP3) with Cumulative Update 3 (64-bit)
1-40
It is highly recommended that you use the latest versions of the operating system
and SQL Server to take advantage of the maximum number of features. For
example, you need SQL Server 2008 R2 to take advantage of failover, Power Pivot,
and Access Services reporting features.
If you are investing in infrastructure for Microsoft Office SharePoint Server 2007,
invest in 64-bit to reduce the number of steps required to migrate to SharePoint
Server 2010. Migration from 32-bit to 64-bit platforms is detailed in Module 12.
Additional Reading
1-41
Infrastructure Options
The Windows Vista operating system with Service Pack 2 or later (64-bit).
You can also access SharePoint through a hosted service such as one of several
offerings from Microsoft and its partners, including the following:
Microsoft Online, which offers the Business Productivity Online Suite (BPOS),
a per-user subscription to SharePoint as well as to Microsoft Exchange and
Microsoft Office LiveMeeting. Microsoft Online also offers dedicated
SharePoint hosting to large customers.
Microsoft will offer customers the ability to host their public-facing Web sites
on SharePoint Server 2010. Details are not available at the time of publication.
1-42
Microsofts consumer and small business services, Windows Live and Office
Live, provide some SharePoint functionality. For example, at the time of
publication Windows Live SkyDrive allows users to edit Excel and PowerPoint
documents in the browser, which is functionality provided by Office Web
Apps.
You can mix and match internally hosted farms with externally hosted services to
meet varied business requirements.
Additional Reading
1-43
1-44
Additional Reading
1-45
1-46
Additional Reading
Details and links to all prerequisites can be found at Hardware and software
requirements" (SharePoint Server 2010) at
http://go.microsoft.com/fwlink/?LinkID=196879&clcid=0x409.
1-47
Installing Prerequisites
You must install SQL Server prior to installing other SharePoint prerequisites.
1-48
The Preparation Tool scans for each prerequisite. If a prerequisite is not found, the
tool downloads, installs, and configures the prerequisite.
If there is an error, for example, if downloading the prerequisite fails, the tool stops
and produces an error message that indicates which prerequisite failed. You can
find details of the failure in the error log, which is located in the %TEMP% folder.
The tool displays a link to the log. After you have remediated the problem, rerun
the tool.
Repeat the process until all prerequisites have been installed and configured
successfully.
1-49
Optional Prerequisites
Two prerequisites are optional: Microsoft Server Speech Recognition Language and
Microsoft SQL Server 2008 R2 Reporting Services Add-in for SharePoint
Technologies (SSRS). If the Preparation Tool cannot find or install these
prerequisites, it generates an error, but you can continue to the next step in
installing SharePoint Server 2010.
Question: Does your organization allow servers to access the Internet directly. If
not, why not?
1-50
Additional Prerequisites
You must install and configure several prerequisites manually. Use the information
on this slide as a checklist of prerequisites to evaluate in the context of your
enterprise and your SharePoint implementation. After class, read about these items
and determine whether they are necessary in your environment.
The ADO.NET Data Service Update is used by services like REST Web services.
If you use Claims-based authentication, you need to apply KB979917
(http://go.microsoft.com/fwlink/?LinkID=196882&clcid=0x409) for ASP.NET.
The third prerequisite is to disable loopback checking. Windows Server 2008 (and
Windows Server 2008 R2) blocks access to a Web site if the request for the Web
site originates on the server itself. This prevents you from using a browser on a
SharePoint server to browse to a site on the same server farm. Of course, it is not
recommended that you log on to a SharePoint server and use a browser in the
production environment, but this scenario may be more common in a
development, testing, or training environment.
1-51
Additional Reading
You receive error 401.1 when you browse a Web site that uses Integrated
Authentication and is hosted on IIS 5.1 or a later version, at
http://go.microsoft.com/fwlink/?LinkID=196884&clcid=0x409.
1-52
SharePoint has close relationships with and dependencies on SQL Server and
Active Directory.
Active Directory provides identity and authentication services. In other words, it
stores user accounts (user names and passwords) and validates account logons.
These services support users logging on to SharePoint sites. They also support the
accounts used by SharePoint and SQL services themselves.
SQL Server stores almost all of the configuration and content of a SharePoint farm.
SQL Server services, like all Windows services, run using an identity.
SharePoint services also run with Active Directory credentials. The credentials are
used by SharePoint to access data in SQL Server. These accounts must have SQL
logins so that SQL can authorize the access. These SQL logins are created
automatically by SharePoint during setup and the creation of Web applications.
1-53
Service Accounts
Before installing SharePoint, you must ensure that there are appropriate accounts,
logins, and permissions to support the interdependencies between SharePoint,
SQL Server, Active Directory, and the SharePoint server itself.
1-54
During setup and configuration, SharePoint creates SQL databases and logins, and
modifies the server itself (for example, creating local groups). SharePoint setup and
configuration uses the credentials of SP_Admin to perform such tasks, so
SP_Admin must be a securityadmin and dbcreator on the SQL server, and must be
a member of the local Administrators group.
The only SQL login that you must manually create is the login for the setup user,
SP_Admin, who actually performs the initial setup of the farm.
1-55
1-56
SharePoint 2010 generates most of its content using Web-standard XHTML that
renders well across most browsers. Microsoft categorizes browsers into two
categoriesLevel 1 and Level 2to help customers align browser choice with the
desired level of functionality.
1-57
Level 1 browsers support ActiveX and all SharePoint functionality on user and
administrative pages.
Operating System
Browser
Windows XP
Windows Vista
Windows 7
Browser
Leopard
Windows XP
Windows Vista
UNIX/Linux 8.1
1-58
Other standards-based browsers work with SharePoint with the same limitations as
Level 2 browsers, however Microsoft has not done extensive testing on browsers
other than those listed and does not support use of other browsers. If you want to
use a browser other than one listed in the preceding tables, you should perform
testing to ensure that the browser delivers an acceptable user experience.
For published sites, page designers can apply Web Content Management features
to control markup and styling so that published sites are compatible with
additional browsers, including Microsoft Internet Explorer 6. However, it is the
page designers responsibility to create pages that target the browsers that are
designated for support. Page designers and content authors must use a standardsbased browser, such as Internet Explorer 8 or Firefox 3.5, to author content.
SharePoint-compatible applications can provide a rich, client-side interaction with
SharePoint. Microsoft Office 2003 and later are compatible with SharePoint.
Additional Reading
1-59
Lesson 3
You can use several methods to install and upgrade a SharePoint 2010 farm. In this
lesson, you learn how to install SharePoint by using the wizard-driven setup and
configuration tools, which make it easy to create a simple farm. In the next lesson,
you learn about methods to automate installation, and in Module 12, you learn
about ways to upgrade an existing farm to SharePoint 2010.
After completing this lesson, you will be able to:
1-60
You can perform each phase using user interface tools or commands or scripts. In
the following topics and lesson, you learn how to perform each of these steps.
1-61
Before you install SharePoint Server 2010, you must collect information that is
required during the installation. Use the following items as a preinstallation
checklist:
You must know the user name and passwords for the accounts discussed in
the previous lesson.
You must know the SQL Server server name and instance name.
You will be prompted for a port on which to host Central Administration. You
must determine this.
1-62
You will be prompted for a farm passphrase. You must determine this.
You use the farm passphrase when making certain changes to the farm, for
example, when adding a new server to the farm. With the farm passphrase, an
administrator can perform farm-level changes without needing to know the
password for the SharePoint farm account (SP_Farm). The farm passphrase
should be long, complex, unique and should not be the same as the password
used by any of the SharePoint administrative or service accounts. Be sure to
document the password and store it in a physically secure location.
You must know the product key or trial key. You must enter the product key
during setup, but you can change it later in Central Administration.
1-63
The following steps walk you through the manual installation of SharePoint Server
2010 binaries. During this step, program files are installed, components are
registered, security settings are applied, and services are configured but not
enabled.
Installation with the user interface is wizard-driven. As long as you know the
configuration information presented earlier in this lesson, installation is very
straightforward.
1.
2.
1-64
4.
Click Yes.
5.
Enter your product key or a trial key. You can change it later.
1-65
1-66
6.
7.
1-67
If you select a Server Farm installation, you can specify the location of the
SharePoint binaries and the SharePoint Root (formerly known as the 12 Hive,
now the 14 Hive) in the File Location tab.
1-68
8.
Select Complete.
The Stand-alone option presented on this page of the installation wizard
creates a single-server farm with all components and roles. It is not possible to
add another server to a farm that was installed with the Stand-alone option.
This option is identical to the Standalone installation option discussed in an
earlier step.
Installation proceeds.
1-69
At the end of the installation phase, the Setup application offers you the
chance to proceed to the Configuration phase.
9.
Clear the Run the SharePoint Products Configuration Wizard now check
box.
1-70
After installing the SharePoint binaries, you can configure the server and, in the
process, create a SharePoint farm or add the server to an existing farm.
Configuration with the user interface is wizard-driven. As long as you know the
configuration information presented earlier in this lesson, installation is very
straightforward.
1.
2.
Run the SharePoint Products Configuration Wizard, which you can find in the
Microsoft SharePoint 2010 Products program group on the Start menu.
3.
Click Next.
You are warned that IIS and SharePoint services will be restarted.
1-71
1-72
4.
Click Yes.
5.
1-73
6.
Enter the configuration for the SQL Serverthe name of the Database server
(SERVER\instance if you are connecting to a specific instance of SQL Server)
and the Database name.
7.
1-74
8.
9.
1-75
1-76
Lesson 4
1-77
1-78
Many organizations do not allow servers to have direct access to the Internet. The
Preparation Tool can be directed to install prerequisites from a specific location,
rather than downloading prerequisites from the Downloads Center at
Microsoft.com.
First, you must download all prerequisites. You can find links to prerequisites by
using one of the following two options:
Run the Preparation Tool and examine the log for error messages that are
generated when the tool attempts to download each prerequisite. The URL to
the attempted download is listed.
1-79
Open Notepad and enter all switches on a single line. Save the file as
PrerequisiteInstallerArguments.txt in the same folder as
PrerequisiteInstaller.exe. Then, run PrerequisiteInstaller.exe. It automatically
looks for the arguments file, called PrerequisiteInstallerArguments.txt, in the
working directory.
1-80
1-81
<Configuration>
<Package Id="sts">
<Setting Id="LAUNCHEDFROMSETUPSTS" Value="Yes"/>
</Package>
<Package Id="spswfe">
<Setting Id="SETUPCALLED" Value="1"/>
</Package>
<Logging Type="verbose" Path="%temp%" Template="SharePoint
Server Setup(*).log"/>
<PIDKEY Value="36BY2-DVVJY-6426X-PXWVQ-BM342" />
<Display Level="none" CompletionNotice="no" />
<Setting Id="SERVERROLE" Value="APPLICATION"/>
<Setting Id="USINGUIINSTALLMODE" Value="0"/>
<Setting Id="SETUP_REBOOT" Value="Never" />
<Setting Id="SETUPTYPE" Value="CLEAN_INSTALL"/>
</Configuration>
The following sample Config.xml files are available in the Files folder in the
SharePoint distribution:
Configuration File
Description
Setup\Config.xml
SetupFarm\Config.xml
SetupFarmSilent\Config.xml
SetupFarmUpgrade\Config.xml
SetupSilent\Config.xml
SetupSingleUpgrade\Config.xml
1-82
You can automate the Microsoft SharePoint 2010 Products Configuration Wizard
using a Windows PowerShell script. Windows PowerShell is discussed in Module
3, Administering and Automating SharePoint, so it is beyond the scope of this
topic to explain Windows PowerShell. The cmdlets (pronounced command-lets)
listed on this slide are for reference purposes.
However, in the lab for this module, you have the option of using a preexisting
Windows PowerShell script to automate the configuration of the farm.
Additional Reading
1-83
Language Packs
Installation Process
The process by which you install language packs is described in the following
sections.
1-84
You can install Windows language files by using the Regional And Language
Settings application in Control Panel.
2. Install SharePoint
You must install SharePoint before installing a SharePoint language pack. The
language of the SharePoint installation becomes the default language for the farm
and the language of administrative interfaces such as Central Administration.
As you learned in the previous lesson, to install SharePoint you must first install
the SharePoint binaries.
1-85
Upgrade Alert
The following issue applies in only rare and specific situations, but it is important
to raise the issue to the attention of administrators it affects.
1-86
If you are upgrading from SharePoint 2007 and you are using Group Approval
(eApproval) features with Chinese (Simplified), Chinese (Traditional), Japanese, or
Korean languages, you must do the following before running the SharePoint
Products Configuration Wizard:
1.
2.
3.
Additional Reading
1-87
Scenario
You have been asked to deploy a SharePoint farm to support Contosos strategic
initiatives related to enterprise collaboration. This single-server farm will act as a
prototype, and executives, developers, and end users will use it to evaluate the new
features of SharePoint Server 2010.
Start 10174A-CONTOSO-DC-A.
2.
1-88
2.
3.
2.
3.
Expand the contoso.com domain and then in the SharePoint OU, create the
following user accounts. For each account, set the password to Pa$$w0rd,
clear the User must change password at next logon check box, and select the
Password never expires check box.
Full Name
4.
User Logon
Name
Description
SharePoint
Administrator
SP_Admin
SharePoint
Administrator
and Setup User
SP_Admin @contoso.com
SharePoint Farm
Service
SP_Farm
SharePoint
Farm Service
SP_Farm@contoso.com
SharePoint
Service
Applications
SP_ServiceApps
SharePoint
Service
Applications
SP_ServiceApps@contoso.com
1-89
2.
3.
4.
2.
Results: After this exercise, you should have accounts for SharePoint administration,
services, and database access, each of which has been delegated the least privilege
permissions required to install and configure SharePoint.
1-90
2.
3.
4.
2.
Run D:\Software\SharePointServer2010\default.hta.
3.
4.
2.
Find the first instance of the text 976462. Observe the lines in the log file that
indicate that the prerequisite installer checked for the existence of Hotfix for
Microsoft Windows (KB976462).
3.
1-91
Find the next instance of the text 976462. Observe the lines in the log file that
indicate that the prerequisite installer attempted to download Hotfix for
Microsoft Windows (KB976462) from microsoft.com. Observe the URL that
was used.
You can use this URL to download the prerequisite manually. Click Cancel
and then close the log file.
4.
Close the Microsoft SharePoint 2010 Products Preparation Tool and the
SharePoint Server 2010 Start page.
Open Notepad. Type the following, on one line, with spaces between each
switch:
/SQLNCli:PrerequisiteInstallerFiles\sqlncli.msi
/ChartControl:PrerequisiteInstallerFiles\MSChart.exe
/KB976462:PrerequisiteInstallerFiles\Windows6.1-KB976462-v2x64.msu
/IDFXR2:PrerequisiteInstallerFiles\Windows6.1-KB974405-x64.msu
/Sync:PrerequisiteInstallerFiles\Synchronization.msi
/FilterPack:PrerequisiteInstallerFiles\FilterPack.msi
/ADOMD:PrerequisiteInstallerFiles\SQLSERVER2008_ASADOMD10.msi
/ReportingServices:PrerequisiteInstallerFiles\rsSharePoint.msi
/Speech:PrerequisiteInstallerFiles\SpeechPlatformRuntime.msi
/SpeechLPK:PrerequisiteInstallerFiles\MSSpeech_SR_en-US_TELE.msi
3.
Close Notepad.
4.
1-92
5.
Step through the Microsoft SharePoint 2010 Products Preparation Tool. When
installation has completed successfully, click Finish to close the tool.
Results: After this exercise, you should have installed and configured all SharePoint
Server 2010 prerequisites.
1-93
2.
On the Permissions page, select the I accept the terms of this agreement
check box, and then click Continue.
On the Choose the installation you want page, click Server Farm.
On the Server Type page, select the Complete option, and then click
Install Now.
Installation proceeds for approximately 710 minutes.
3.
4.
On the SharePoint installation splash screen, click Exit, and then close the
Windows Explorer window that displays the contents of the
SharePointServer2010 folder.
1-94
Edit D:\Software\SharePointServer2010\Files\SetupFarmSilent
\config.xml.
2.
5.
6.
Type the following command on one line, and then press ENTER:
"D:\Software\SharePointServer2010\setup.exe" /config
"D:\Software\SharePointServer2010\Files\SetupFarmSilent\
config.xml"
You can monitor the progress of the SharePoint installation using any of these
methods:
Click Start, type %temp%, and then press ENTER. Open the log named
SharePoint Server Setup*.log.
8.
1-95
Clear the Run the SharePoint Products Configuration Wizard now check
box and then close the Run Configuration Wizard page.
Results: After this exercise, you should have installed SharePoint Server 2010.
1-96
2.
1-97
4.
5.
2.
4.
5.
Results: After this exercise, you should have configured SharePoint Server 2010 as a
single-server farm with the Central Administration application on port 9999.
1-98
2.
Observe the list of service applications that will be created by the Farm
Configuration Wizard. Clear the check box next to User Profile Service
Application and then proceed with the wizard by clicking Next.
Farm service applications are created and started. This takes several minutes.
Optionally, you can open SQL Server Management Studio to follow the
progress of the service application database creation.
When the configuration is complete, the Create Site Collection page opens.
3.
Click Skip.
You create an intranet in the following exercises.
4.
Results: After this exercise, you should have a SharePoint farm and service
applications configured with default settings.
1-99
2.
3.
2.
3.
Click Continuer.
The language pack installs.
4.
5.
Click Fermer.
2.
3.
Confirm that SP2010-WFE1 has the Language Pack for SharePoint, Project
Server, and Office Web Apps 2010 - French/Franais installed.
1-100
2.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
3.
1-101
Review Questions
1.
What are the most salient benefits of SharePoint 2010 to your enterprise and
to you as an IT professional?
2.
3.
4.
5.
What new configuration setting has been added to the setup of a SharePoint
Farm?
1-102
Troubleshooting Tip
Real-World Scenarios
1.
2.
IT security policy dictates that servers shall have no direct connectivity to the
Internet. However, you need to be able to install SharePoint prerequisites.
What can you do to achieve your goals while maintaining compliance with
security policy?
3.
A remote office requires team sites to support its collaboration. The remote
office is connected to the datacenter with a slow connection that will not
provide adequate performance against a team site hosted on the farm at the
datacenter. How would you propose addressing the remote office
requirements while minimizing additional software costs?
1-103
Best Practices
Supplement or modify the following best practices for your own work situations:
Follow best practice, least privilege best practices in your planning and
implementation of the user accounts required for SharePoint.
Tools
Tool
Use for
Where to Find It
SharePoint Server
2010 Start page
Starting prerequisite
installation and
SharePoint installation
Default.hta
Prerequisite installer
Installing and
configuring SharePoint
prerequisites
PrerequisiteInstaller.exe
SharePoint
Installation Wizard
Installing SharePoint
binaries
Setup.exe
SharePoint Products
Configuration
Wizard
Configuring SharePoint
services and features
2-1
Module 2
Creating a SharePoint 2010 Intranet
Contents:
Lesson 1: Performing Initial Farm Configuration
2-4
2-14
2-50
2-64
2-2
Before starting this module, start and log on to the virtual machines.
1.
Start 10174A-CONTOSO-DC-B.
2.
3.
2-3
Module Overview
After installing your Microsoft SharePoint farm, you are ready to begin
establishing content, such as an organizational intranet site. In this module, you
will create a SharePoint-based intranet and, as you do so, you will learn key
concepts and skills related to the logical architecture of SharePoint including Web
applications, site collections, sites, and content databases.
2-4
Lesson 1
After you have installed Microsoft SharePoint 2010 on your first server in the farm,
and after you have run the SharePoint Products Configuration Wizard, you still
must configure services, accounts, and settings on the farm itself. In this lesson,
you'll use the Configure Your Farm Wizard to automate the process of initial farm
configuration, and you'll begin the exploration of SharePoint's components,
technologies, and features by examining the high-level tasks that the wizard
performs.
After completing this lesson, you will be able to understand the high-level
structure, components, and functioning of the farm.
2-5
2.
3.
4.
On the Configure your SharePoint farm page, click Start the Wizard.
5.
In the Service Account section, take note of the existing managed account.
6.
Observe the list of service applications that are selected or can be selected.
2-6
7.
Click Next.
Farm service applications are created and started. This takes several minutes.
Optionally, you can open SQL Server Management Studio to follow the
progress of the service application database creation.
When the configuration is complete, the Create Site Collection page opens.
8.
9.
2-7
The Farm Configuration Wizard applies the default settings for services, proxies,
proxy groups, and accounts.
The wizard makes it easy to get a farm up-and-running using out of the box
defaults. It is particularly well suited to configuring a SharePoint farm for testing,
training, or development when there are no requirements for farm or service
customization.
In most production environments, however, business requirements lead to farm
topology designs and configuration that is not the same as SharePoint's out-of-box
defaults. Therefore, it is generally recommended to configure the farm manually in
a production environment.
You will learn, through the modules in this course, how to configure services,
service applications, proxies, application proxy groups, managed accounts, and
other farm components.
2-8
Service Application
A service application provides specific functionality, such as search, that may be
required by a Web application. In the end, Web applications connect to and
consume the service provided by a service application.
Examples of service applications are:
The User Profile Service, which synchronizes user profile attributes from
Active Directory and other sources.
2-9
Architecture
Service applications are part of SharePoint Foundation 2010. This means that the
architecture is part of the platform, in contrast to SharePoint 2007 in which SSPs
were introduced by Microsoft Office SharePoint Server 2007 and not by Windows
SharePoint Services v3.
In SharePoint 2010, most new services are built on the Windows Communications
Framework (WCF), which means they have optimization built into their protocol,
using binary streams instead of XML to transfer data.
2-10
Flexible Topology
A service application provides a single set of functionality. A Web application can,
through application connection groups, connect to one or more service
applications based on the needs of the Web app. This is in contrast to the SSP in
SharePoint 2007, which contained a bundle of services and a Web application that
was connected to the SSP and incurred the overhead of all services in the SSP.
A service app can also be published so that it can be consumed by applications on
another farm.
Whiteboard Diagram
SharePoint server
Service application, for example, the instance of the Search Service application
Web application
Additional Reading
2-11
2-12
Service accounts are user accounts used by a service to log on to Windows. When
you configure a service, you associate an identitya user name and passwordwith
the service. When the service starts, it authenticates using that account just as a
user authenticates when logging onto a system. The service account must have
sufficient permissions for the service to perform its tasks.
Traditionally, service accounts have been difficult for enterprises to manage,
because when you change the password of the service account in Active Directory,
you must then reconfigure the service with the new password, otherwise it will be
denied logon. Because of this challenge, enterprises have typically sacrificed
security best practices and have configured service accounts with passwords that
never expire.
SharePoint 2010 introduces the concept of managed accounts. Managed accounts
are service accounts with which SharePoint services run. Unlike traditional service
accounts, however, SharePoint is able to perform password resets on the accounts
in Active Directory, and it can update the service with a new password. All of this
can be done automatically, without administrative intervention.
2-13
A managed account starts like any service account: a domain user account is
created in Active Directory.
You then register the account as a managed account using SharePoint 2010
Central Administration. At that time, you enter both the username and password of
the account.
When you configure a service application, application pool, or any other
component that requires an identity, you can specify which managed account
should be used. In this way, SharePoint is able to maintain a database of
associations between managed accounts and services.
Additionally, and in contrast to SharePoint 2007, when you assign an identity to a
service application, SharePoint 2010 configures any permissions or rights required
for the identity.
When it comes time to change the password of a managed account, you do so with
SharePoint Central Administration, rather than with Active Directory Users and
Computers. SharePoint is able to change the password of the account in the
domain, and it can reconfigure the services associated with that identity to allow
the use of a new password.
You can also configure SharePoint to change passwords automatically based on the
domain password expiration and complexity policies. In this way, the managed
account passwords are known only to the farm, and cannot be used by an
administrator, accidentally or intentionally, to cause damage to the farm.
The managed account credentials are encrypted. The encryption process begins
with the farm passphrase that is specified during SharePoint configuration. The
farm passphrase is stored in a secure key of the Registry. The farm passphrase
encrypts a private key that is stored in the SharePoint Config database. Private keys
are used to encrypt account credentials.
Additional Reading
2-14
Lesson 2
Now that the SharePoint farm is installed and configured, you can turn your
attention to the creation of Web applications, site collections, sites, and content
databases. These are the primary components of the SharePoint logical structure.
In this lesson, you will learn how to create the architecture for a simple SharePoint
intranet and, along the way, come to understand the characteristics of and issues
related to each of these logical components.
After this lesson, you will be able to:
Configure quotas
Manage sites
2-15
2-16
The diagram shown on the slide above represents the logical structure of
SharePoint.
A Web application is the highest level component of the logical structure within
a farm. A farm can have one or more Web applications.
Within a Web application are one or more site collections. Site collections have
a URL that is a managed path.
A site collection contains one or more sites. When you create a site collection,
you also create the top-level site in that site collection. Below that top-level site
can be one or more additional sites, often referred to as subsites or subwebs.
2-17
A site collection and all of its content is hosted in a content database. There
can be one or more content databases associated with a Web application.
An important element of the diagram shown above is that when you create a site
collection, you also create a top-level site. They are two separate components, but
they always go hand-in-hand. You cant have a site collection without a top-level
site, and you cant have a top-level site without also having a site collection.
2-18
The top-level logical component within a farm is the Web application. A Web
application in SharePoint corresponds to a site and Internet Information Services
(IIS).
To understand the configuration parameters you must provide when you create a
Web application, it is helpful to understand how a clienta Web browser, for
exampleconnects to a site.
This slide illustrates the process with which a browser retrieves a page from a
SharePoint site.
The URI includes a protocol, such as http: and an address, typically specified
as a domain name system (DNS) name, such as intranet.contoso.com. Often,
the URI also includes a path or page that specifies a resource within the target
site, such as /default.aspx.
2-19
The request must be sent to the server hosting the Web site. Therefore, the
DNS name of the server must be resolved to its IP address. The client sends a
query to its DNS server requesting a lookup of the Web servers DNS name,
intranet.contoso.com.
The DNS server resolves the query and returns the IP address of the server, for
example, 10.0.0.11.
The client can now send the request to the Web server using the servers IP
address. The request is sent to a specific port on the server based on the
protocol or a port specified in the URI. For Web requests, port 80 is used
unless otherwise specified.
IIS on the server receives the request and must hand the request to the correct
site. The server knows which site should get the request based on the sites
bindings. A site can be bound to a specific IP address or port. Typically,
however, a Web server hosts multiple sites and it is not efficient or sometimes
even possible to assign a unique IP address or port to each site. Therefore, it is
typical to see a Web server hosting multiple sites all bound to the same IP
address and port.
How then can the server know which site should handle the inbound request?
While the inbound request targets a specific IP address and port, the request
itself contains the DNS name of the Web site in a field called the host header.
Sites on the server can be bound to the host headers that correspond to the
DNS name of the site. Therefore, while requests for different sites may be
coming into the same IP address and port, IIS is able to forward requests to
the correct sites based on the host header.
At each point in the process, security controls can be applied to ensure that
users can get only to the content they need.
2-20
A Web application is a logical unit that contains one or more site collections. A
Web application is associated with an IIS Web site, but can have up to five IIS Web
sites with which it is associated. Each Web applications IIS Web site runs in the
context of an application pool.
You use Web applications to isolate content, processes, features, and users.
You can separate content that is accessible by anonymous users from content
that is accessed by authenticated users, or content that is accessible by
partners from content that is accessible by employees, by hosting the content
in separate Web applications.
Each Web application has a unique domain name, which helps to prevent
cross-site scripting attacks.
You can assign a unique application pool to a Web application, which isolates
its processes.
When you create a new Web application, you also create a new content
database that defines the authentication method used by the application pool
to connect to the database.
2-21
When you create a new Web application, you specify the authentication
method used to connect to the IIS Web site.
SharePoint Server 2010 provides a set of service applications that are available
for each Web application. You can select which service applications you want
to use for each Web application that you create by associating the Web
application with a proxy group or by specifying a custom set of service
applications for the Web application. For more information, see Module 8,
Configuring and Securing SharePoint Services and Service Applications.
Service applications are associated with Web applications.
Policy can be specified uniquely for each Web application. For more
information, see Module 6, Securing Content.
2.
3.
4.
5.
In the IIS Web Site section, in the Port box, type 80.
Note: The default port number for HTTP access is 80, and the default port number
for HTTPS access is 443. If you want users to access the Web application without
typing in a port number, they should use the appropriate default port number.
2-22
6.
In the Host Header box, type the unique DNS name for the Web application,
for example, intranet.contoso.com.
This field is used so that a server can host more than one Web application on
the same port. If the server is hosting only one Web application on the
specified port, this field can be left blank.
7.
In the Name box, type a descriptive name for the Web application, for
example, Intranet intranet.contoso.com.
SharePoint populates the Name box automatically, based on the port and host
header. You should always use a meaningful, descriptive name for the Web
site.
Use the naming standards of your organization to determine the name.
8.
In the Application Pool section, ensure that Create new application pool is
selected.
Microsoft supports up to ten application pools per Web server, however the
limit is dependent largely upon the amount of RAM allocated to front-end
servers and the workload that the farm is serving: the user base and its usage
characteristics.
9.
10. Under Select a security account for this application pool, in the
Configurable list, select the managed account that will be used as the identity
for the application pool, for example, CONTOSO\SP_ServiceApps.
11. In the Database Name and Authentication section, in the Database Name
box, type a name for the database, for example, WSS_Content_Intranet.
You should always use a meaningful name for your content databases.
Use the naming standards of your organization to determine the name.
12. Click OK.
The Web application and content database will be created. When this process
is complete, the Application Created page appears.
2-23
Tip: Be sure that you have created a host record (A or AAAA) in DNS for the Web
application.
Where:
<ApplicationPoolAccount> is the user account that this application pool will run
as.
<Port> is the port on which the Web application will be created in IIS.
Additional Reading
2-24
Load Balancing
When you create a Web application, you specify the load balanced URL, for
example, intranet.contoso.com:80.
Load-balancing is a technology that allows the distribution of requests across more
than one Web front end.
Windows Server 2008 can provide load-balancing, but it is common for
organizations with more than one Web front end to utilize hardware-based load
balancers.
A load balancer is assigned the IP address associated with the DNS name of the
Web site. Each Web front end has a unique IP address that is known to the load
balancer. The load balancer receives the clients request, then forwards the request
to one of the Web front ends based on the logic applied by the load balancer.
2-25
A site collection is a group of SharePoint Web sites that share common ownership
and administrators, as well as common settings, such as quotas, locks, site use
confirmation and deletion, and self-service site creation.
When you create a site collection, you also create a top-level site in the site
collection. The top-level site can be configured to use a template, also called a site
definition.
2.
3.
In the Web Application section, ensure that you are focused on the Web
application in which you want to create a site collection.
If necessary, click the Web application picker, and then click Change Web
Application. Click the correct Web application.
2-26
4.
5.
In the Template Selection section, select the site definition you want to apply
to the top-level site of the new site collection.
6.
In the Primary Site Collection Administrator section, in the User name box,
type the user name of the site collection administrator.
7.
Click OK.
The site collection is created, and the Top-Level Site Successfully Created page
appears.
8.
Click OK.
When you create a site collection, you also create a top-level site within that site
collection. The top-level site is typically created using a site definition, for example,
Team Site or Publishing Site, but it is also possible to create a blank top-level site
that can then be customized later.
Where:
The -Template parameters value specifies the site definition for the top-level
sitein this example, STS#0, the Team Site template.
2-27
2.
3.
On the Delete Site Collection page, expand the Site Collection list, and then
click Change Site Collection.
Use the Select Site Collection page to select a site collection:
1.
In the Web Application drop-down list, click the down arrow, and then
click Change Web Application.
The Select Web Application dialog box appears.
2.
Click the name of the Web application that contains the site collection that
you want to delete.
Relative URLs of sites in the site collections of the Web application that
you have selected appear on the Select Site Collection dialog box.
3.
Click the relative URL of the site collection that you want to delete, and
then click OK.
4.
Read the Warning section and verify that the site collection information is
correct.
5.
Where:
The -GradualDelete parameter specifies that you use gradual deletion, which
reduces the load on the system during the deletion process.
2-28
Additional Reading
2-29
After creating the site collection, you should configure site collection settings. In
Central Administration, this is done on the Application Management page.
2-30
2.
Confirm that the Web Application list displays the Web application that
contains the site collection for which you want to assign ownership.
If not, expand the Web Application list, and then click Change Web
Application. On the Select Web Application page, click the Web
application.
2.
3.
Click OK.
3.
In the Primary site collection administrator box, type the name of the
primary owner, using the format, DOMAIN\username.
4.
In the Secondary site collection administrator box, type the name of the
secondary owner, using the format, DOMAIN\username.
5.
Click OK.
Where:
<SiteCollection> is the URL of the site collection to which you want to add a site
collection administrator.
<DOMAIN\User> is the name of the user whom you want to add as a site
collection owner.
2-31
In the top-level site of a site collection, click Site Actions, and then click Site
Settings.
2.
3.
In the Site Collection Administrators box, type the names of the site
collection administrators, separated by semicolons.
4.
Click OK.
Whereas you can assign two site collection owners in Central Administration, you
can assign more than two site collection administrators within the site collection.
2.
Click the name of a group to which you want to add members, for example,
Contoso Intranet Visitors.
2-32
3.
Click New.
The Grant Permissions page opens.
4.
In the Users/Groups box, type the name of users or groups that you want to
add to the selected SharePoint group, and then click OK.
To give all authenticated users the ability to browse a site, add the Domain Users
group to the Visitors group of the site.
Additional Reading
Quotas
One of the important site collection settings is the quota template associated with
the site collection.
A quota template specifies the maximum storage permitted for each site in a site
collection. Quotas also define the resource utilization limits for Sandboxed
Solutions. Sandboxed Solutions are discussed in Module 7, Managing SharePoint
Customizations.
Quotas define the following:
The storage warning level at which site collection owners (primary and
secondary site collection administrators) are notified that the site is
approaching its storage limit. This value must be lower than the storage limit.
Resource usage warning level at which site collection owners (primary and
secondary site collection administrators) are notified that the site is
approaching its resource usage limit. This value must be lower than the
resource usage limit.
2-33
2.
You can create, modify, or delete a quota template from the Quota Templates
page.
3.
2-34
4.
5.
In the Storage Limit Values section, specify the values that you want to apply
to the template.
If you want to modify the amount of data that can be stored in the
database, select the Limit site storage to a maximum of check box, and
type the new storage limit, in megabytes, in the text box.
In the Sandboxed Solutions With Code Limits section, set the values for a
template for Sandboxed Solutions.
If you want to limit the resource usage of Sandboxed Solutions in the site
collection, select the Limit maximum usage per day to check box, and
then type the daily resource usage limit, in points, in the text box.
6.
Click OK.
2.
2-35
3.
If you want to change the selected site collection, in the Site Collection
section, expand the Site Collection list, and then click Change Site
Collection. Use the Select Site Collection page to select a site collection.
4.
On the Site Collection Quotas and Locks page, in the Site Quota
Information section, expand the Current quota template list, and then select
the new quota template to apply.
5.
Click OK.
Updating Quotas
If you update a quota template, or update the site collection quota, the change does
not apply to existing sites. To update quotas on existing sites, you can use
Windows PowerShells Set-SPSite cmdlet with the -MaxSize parameter.
2-36
The following table describes the locking options that are available in Microsoft
SharePoint Server 2010.
Option
Description
Not locked
No access
2.
3.
If you want to change the selected site collection, in the Site Collection
section, on the Site Collection menu, click Change Site Collection. Use the
Select Site Collection page to select a site collection.
4.
On the Site Collection Quotas and Locks page, in the Site Lock Information
section, select one of the following options:
Not locked. To unlock the site collection and make it available to users.
5.
6.
Click OK.
2-37
Where:
<SiteCollection> is the URL of the site collection that you want to lock or
unlock.
Additional Reading
2-38
Subsites
A site collection can contain one or more sites. Below the top-level site, you can
create additional sites, also called subsites or subwebs.
The preceding diagram shows subsites for HR and Engineering. The URL for HR
would be http://intranet.contoso.com/HR. The site hierarchy can be even deeper,
but be aware of the 260-character URL length limit.
2-39
2-40
Managed Paths
To create a new site collection within a Web application, there must be a managed
path at which to create the site collection.
A managed path is a portion of the URI namespace where the site collections exist.
A managed path is not directly mapped to content within the Web application.
Instead, it is used by SharePoint as a namespace (path) node where site collections
can be created.
An explicit managed path is useful for creating only a single site collection, at the
exact URL specified. For example, the default (root) managed path for our intranet
site is http://intranet.contoso.com/ and a single site collection can be created at
that exact URL.
A wildcard managed path, for example, http://intranet.contoso.com/sites/
indicates that child URLs of the path are site collections. A wildcard managed path
such as sites/ allows for unlimited number of site collections to be created directly
under the provided path. It is important to note that a site collection (and
therefore, a Web site) cannot be created at this explicit URL.
2-41
The default managed path, created when you create any new Web application, is
sites/. However, you can define managed paths with other descriptive names such
as depts (for departments), teams, clients, or projects.
Managed paths allow a SharePoint server to receive a request in the form of a URI
and to determine which part of the URI corresponds to a site collection, by looking
at the list of managed paths for a given Web Application. SharePoint can then go to
the correct content database of the site collection to retrieve the content based on
the remaining portion of the URI.
This means that SharePoint has to look at every managed path for each request. So
Microsoft only supports up to 20 managed paths per Web application.
2.
3.
Click the Web application for which you want to manage paths. The ribbon
becomes active.
4.
5.
On the Define Managed Paths page, in the Add a New Path section, type the
path you want to include.
6.
7.
Use the Type drop-down menu to identify the path as either Wildcard
inclusion or Explicit inclusion.
The Wildcard inclusion type includes all URLs that are immediately
subordinate to the specified URL.
The Explicit inclusion type includes only the URL that is indicated by the
specified path.
8.
9.
2-42
2.
3.
4.
5.
On the Define Managed Paths page, in the Included Paths section, click the
check box next to the path that you want to remove.
6.
7.
Where:
</RelativeURL> is the relative URL for the new managed path. The type must
be a valid partial URL, such as site or sites/teams/.
2-43
Where:
<WebApplication> is the URL of the Web application that hosts the managed
path to delete.
Additional Reading
2-44
Content Databases
Scalability
From a logical storage management perspective, it would make sense for each site
to be a separate site collection in a separate content database. However, for
performance reasons, such an approach is often not feasible. In fact, several
scalability guidelines apply to SharePoint Server 2010.
2-45
100 GB per site collection are supported. If a content database contains only
one site collection, then the site collection can be up to 200 GB.
250,000 Web sites per site collection are supported. Up to 2,000 subsites of a
given Web site are supported.
When designing a strategy for content databases, consider your service level
objectives. Include the recovery time objective (how quickly your deleted or
corrupted content is brought back online) and your recovery point objective (how
far back in time are your historical backups maintained)? You must also consider
performance, such as the scalability guidelines mentioned above.
Additional Reading
2.
2-46
3.
4.
5.
In the Database Name box, type a name for the database, for example,
WSS_Content_Intranet_IT.
Use the naming standards of your organization to determine the name.
6.
Click OK.
Where:
<ContentDbName> is the name of the content database that you want to create.
Additional Reading
2-47
Where:
2-48
The preceding slide presents a simple view of the logical infrastructure of a typical
intranet or collaboration Web application.
At the root of the Web application is a site collection with a top-level site that
serves as the home page, and may contain general content that applies across
divisions.
Under a managed path, each division, department, or team gets a unique site
collection. The URL to a divisional site is Web application \ [managed path \] site,
for example, http://intranet.contoso.com/depts./HR.
The divisions site collection scopes the ownership, user and group definitions,
quotas, and other configuration for the site. Site collections also impose functional
boundaries. Features can be activated or deactivated at the site collection level.
You will typically need far more site collections than you would anticipate, because
governance designs typically require more than one set of configuration at the site
collection level.
2-49
Optionally, you can put each divisions site collection in a dedicated content
database to manage storage, backup and restore. Keep in mind, however, that there
are performance-related scalability guidelines that might prevent you from putting
every division in a separate site collection in particularly large or complex
implementations.
2-50
Lesson 3
In the previous lesson, you examined the process where a browser requests and
receives content from a SharePoint site. In this lesson, you will explore in detail the
components of SharePoint, IIS, and Microsoft SQL Server that are responsible for
handling the request on the Web front end.
After this lesson, you will be able to:
web.config
SharePoint Root
SharePoint Databases
2-51
2-52
Traditionally, it has been difficult to troubleshoot and debug 500 errors. Now,
with failed request tracing, you can trace the events that lead to such errors.
You can make changes to IIS configuration settings using a .NET API, which
makes it possible to configure IIS using Windows PowerShell.
2-53
2-54
Key Points
When you create a new SharePoint Web application, several things happen.
A new site is created in IIS. The site is bound to the port and host header
specified by SharePoint.
Virtual directories within the site point to other folders, each with its own
.NET configuration (web.config).
2-55
2-56
web.config
The web.config file is the key component that makes an IIS Web site a SharePoint
Web application. The web.config file is a typical XML-based .NET config file with
several configuration sections added to it.
Several common configuration sections are:
SafeMode. Determines whether pages are allowed to execute inline .NET code
BlobCache. Enables caching various file types in a location on the Web front
end, rather than pulling files from the database for each request
2-57
SharePoint Root
If you open the folder that acts as the root directory of a SharePoint Web
applicationthe Physical Path of the IIS Web siteyou will discover that there are
no .aspx files in the folder. Where, exactly, do SharePoint files and pages reside?
Content that is specific to the individual Web application is stored in the Web
apps content database(s) in SQL Server.
However, a significant amount of content is shared across sites and Web
applications in a SharePoint farm. These files are stored in the folder:
C:\Program Files\Common Files\Microsoft Shared\web server
extensions\14
This folder is called the SharePoint root. You'll also hear it referred to as the 14 hive,
because in SharePoint 2007, the folder was named 12 and was called the 12 hive.
However, the proper name for the folder in SharePoint 2010 is the SharePoint root.
The folder has many subfolders that drive the core functionality of the SharePoint
farm and Web applications.
2-58
Top-level folders
The top-level folders in the SharePoint root include:
BIN. Executables that manage search, timer jobs, upgrade, configuration, and
administration.
TEMPLATE folder
The TEMPLATE folder in the SharePoint root contains files that support content
and functionality across SharePoint sites in a farm.
The TEMPLATE folder includes the following subfolders:
2-59
SQL. Scripts that create configuration, search, and content databases, and to
upgrade older versions of databases.
THEMES. Styles that can be applied to change the look and feel of a
SharePoint site.
Adding themes
2-60
SharePoint Databases
Each Web application stores its content in one or more content databases, in
addition to using shared content in the SharePoint root. Content databases
include content from list and document libraries, document versions,
workflow instances, Web Part properties, audit logs, and sandboxed solutions,
in addition to user names and rights.
As you learned earlier in this module, all the data for a specific site collection
resides in one content database on only one server. A content database can be
associated with more than one site collection.
2-61
AllDocStreams. Stores the document stream and related data for unghosted
pages and documents with content streams stored in the content database.
AllUserData. Stores data for all list and document libraries. The table provides
a fixed number of generic columns in various data types, affording storage for
application-defined variable schemas. A list item may be represented by more
than one row in this table, if its list's schema requires more entries of a
particular data type than are available in a single row. Application-defined
metadata for documents in document libraries also resides in AllUserData, and
it is accessed via joins with the Docs View.
Additional Reading
2-62
Key Points
When you create a site, a special collection of files called the site definition
generates the initial, default content for the site. A subset of this content is the
pages that make up the site, for example, default.aspx, the home page.
The default.aspx page does not reside in the content database itself. Instead, it
resides in the SharePoint root on the file system of the Web front-end servers. All
sites in a SharePoint farm, by default, use the same default.aspx page. Of course,
the home page of each site is typically different. This is supported because the
default.aspx page defines content areas and Web Part zones, but the actual content
and the properties of each Web Part are specific to each site, and are stored in the
site's content database.
2-63
When a page such as default.aspx is pulled from the SharePoint root, it is said to
be uncustomized. In previous versions of SharePoint, this was called ghosted. Using
a tool such as SharePoint Designer, you can customize the page itself. When you
do so, the customized page is saved to the content database. At this point, the
uncustomized version in the SharePoint root is no longer used for that site. Thus,
your customized page is said to be customized. In previous versions of SharePoint,
this was called unghosted.
It is possible to reset a site or page to the site definition, which removes the
customized page.
It is not recommended to modify files directly in the SharePoint root. Among other
problems that could arise: SharePoint updates and service packs may overwrite
your changes.
2-64
Scenario
You have been asked to build an intranet to support communication and
collaboration requirements at Contoso, Ltd. You have recently completed the
installation of SharePoint 2010. You must now configure the farm using the Farm
Configuration Wizard, and create the logical topology to support the initial
business requirements. You are tasked with establishing a SharePoint 2010
intranet site so that business users can review the new features of the publishing
site definition. Additionally, you have been asked to configure sites to meet the
collaboration requirements of several divisions within the organization. You will
begin by creating a site for the Information Technology (IT) department.
Start 10174A-CONTOSO-DC-B.
2.
2-65
2.
3.
Port: 80
Results: After this exercise, you should have created a new Web application,
intranet.contoso.com.
2-66
2.
3.
4.
5.
6.
Configure Permissions.
2-67
Task 3: Add a DNS host record for the new Web application
Start DNS Manager using the Run as different user option. Enter the user
name, CONTOSO\Administrator, and the password, Pa$$w0rd.
Create a new host record in the contoso.com zone with the name, intranet,
and the IP address, 10.0.0.21.
2.
3.
Create a new page on the site with the name, Important Phone Numbers and
with the following page content:
In case of emergency, call 911
2-68
Results: Upon completing this exercise, you should have been able to successfully
create a Contoso intranet Web site.
2-69
2.
3.
2-70
Results: After this exercise, you should have created the intranet Web site for
Contosos Information Technology department.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
2-71
Review Questions
1.
Why would you create more than one content database in a Web application?
2.
If you were to create another site collection in the intranet Web application, in
which content database would it be created?
3-1
Module 3
Administering and Automating SharePoint
Contents:
Lesson 1: Configuring Central Administration
3-3
3-10
3-24
3-61
3-74
3-2
Module Overview
3-3
Lesson 1
In this lesson, you take a high-level look at the available options for administering
SharePoint: Central Administration, Stsadm, and Windows PowerShell. You learn
to configure Central Administration and to identify the various administrative roles
in a SharePoint environment. Later lessons explore Stsadm and Windows
PowerShell in detail.
After completing this lesson, you will be able to:
Describe the administrative roles that you can use to manage SharePoint farms.
3-4
Administrative Options
In addition to SharePoint 2010 Central Administration, you have at least two other
options with which to administer a SharePoint farm: Stsadm and Windows
PowerShell.
Stsadm is a command (Stsadm.exe) located in the folder C:\Program Files
\Common Files\Microsoft Shared\web server extensions\14\BIN.
Windows PowerShell is the administrative framework for SharePoint 2010 and
other Microsoft technology platforms.
SharePoint 2010 Management Shell is the preferred interface for performing taskbased commands and for running scripts. The SharePoint 2010 Management Shell
supports both Stsadm and Windows PowerShell.
In this module, you learn about all three of these administrative options.
3-5
Central Administration
These permissions are assigned automatically if you follow the procedures outlined
earlier in this course. However, if something happens that removes or denies a
required permission, administrative tasks may fail.
3-6
Windows PowerShell. You can use the Set-SPCentralAdministration cmdlet Port parameter to modify the port to which Central Administration is bound.
Set-SPCentralAdministration -Port <PortNumber>
Where:
Stsadm. You can use the setadminport operation to modify the port to which
Central Administration is bound.
stsadm o setadminport <PortNumber>
Where:
Additional Reading
Change the Central Administration Web site port number (SharePoint Server
2010) at http://go.microsoft.com/fwlink/?LinkID=192720&clcid=0x409.
3-7
Administrative Roles
Farm Administrators
The Farm Administrators group represents the accounts that can use the Central
Administration application to perform administrative tasks.
3-8
The Farm Administrators group does not have permissions to access individual
sites or their content, by default. However, members can take ownership of a site
collection by assigning themselves as a site collection owner in Central
Administration. For example, if a site collection administrator leaves the
organization and a new administrator must be added, a member of the Farm
Administrators group can take ownership of the site collection to make the change.
Local Administrators
Members of the Administrators group on the local server are members of the Farm
Administrators group by default. Therefore, members of the Administrators group
on the local server can perform all farm administrator actions and more, including
installing new products or applications, deploying Web Parts and new features to
the global assembly cache, creating new Web applications and new Internet
Information Services (IIS) Web sites, and starting services. Like Farm
Administrators, members of this group on the local server have no access to site
content, by default, but can take ownership of a site collection.
2.
3.
3-9
Site-Level Administrators
The following two roles are administrative roles, but they do not have any
capability to perform tasks in Central Administration:
Additional Reading
3-10
Lesson 2
In this lesson, you move away from the user interface of the Central Administration
Web application and turn to command-line options for administering SharePoint.
You explore Stsadm (Stsadm.exe), which is included with SharePoint 2010 to
support mixed environments, and Windows PowerShell, which is the
recommended tool for administering and automating SharePoint 2010.
After completing this lesson, you will be able to:
3-11
3-12
Stsadm
3-13
You can avoid having to navigate to this deeply nested folder by adding the path to
the folder to the %PATH% environment variable. For example, type the following
command:
set path=%path%;C:\Program Files\Common Files\Microsoft Shared\web
server extensions\14\BIN
Alternately, use the SharePoint 2010 Management Shell, which includes the path to
the \BIN folder in its path variable.
Stsadm exposes functionality through operations. Each operation is invoked with
this syntax:
stsadm o <OperationName> [-parameter <Value> ...]
Where:
To discover the operations that are supported, type the following command:
stsadm -?
3-14
Support for existing scripts and command-line tools. For example, you can
perform most Cmd.exe commands with Windows PowerShell.
3-15
Consistent design. Because cmdlets and system data stores use common
syntax and naming conventions, data can be shared easily and the output from
one cmdlet can be used as the input to another cmdlet without reformatting or
manipulation.
Providers that expose system resources such as the registry, certificate store,
and directory service for simplified navigation by using the same techniques
that users employ to navigate the file system.
Additional Reading
3-16
Click Start, click All Programs, click Microsoft SharePoint 2010 Products,
and then click SharePoint 2010 Management Shell.
Cmdlets
Windows PowerShell commands are called cmdlets, pronounced command-lets.
Type Get-Command.
3-17
Cmdlets are not case sensitive. The following cmdlets are equivalent:
Get-Command
get-command
GET-COMMAND
Cmdlets always follow the Verb-Noun, also called the Action-Object format. The
Noun is always singular.
For example, the cmdlet to list all processes running on a machine is Get-Process.
To list all processes running on a machine:
Type Get-Process.
There are a limited number of verbs, which can be listed with the Get-Verb cmdlet.
Nouns follow naming standards managed by the Windows PowerShell team. For
example, all SharePoint nouns begin with SP.
Additional Reading
Tab Completion
Windows PowerShell supports tab completion, so you can type a few letters and
then press TAB to complete your typing. This applies not only to paths, which is
possible in Command Prompt as well, but also to cmdlets and their parameters.
3-18
2.
3.
4.
5.
6.
7.
Additional Reading
Get-Help
Windows PowerShell cmdlets are well documented with a standard
documentation format.
Type Get-Help <cmdlet>, where cmdlet is the name of the cmdlet about which
you want help.
3-19
-detailed. Shows detailed information about the cmdlet and each of its
parameters. Also shows examples.
Additional Reading
Objects
Unlike Command Prompt, in which commands return text that then must be
parsed and processed as text, Windows PowerShell returns objectsrepresentations
of the component itself.
For example, the Get-Process cmdlet returns objects representing processes on a
computer. Type the following to retrieve all processes on a computer:
Get-Process
To limit the processes, use a parameter of the Get-Process cmdlet. For example, the
-Name parameter limits processes returned based on their name. The following
command retrieves all processes on a computer named iexplore:
Get-Process Name iexplore
3-20
The -Name parameter is the default parameter for the Get-Process cmdlet, so it can
be omitted:
Get-Process iexplore
Pipeline
Windows PowerShell features a pipelinea channel through which the output of a
cmdlet can be passed to the following cmdlet. The pipeline is represented by the
pipe character (|).
For example, type the following to stop all processes named iexplore on a
computer:
Get-Process iexplore | Stop-Process
Additional Reading
3-21
Aliases
Windows PowerShell allows a cmdlet to have aliases, which are alternate names for
the cmdlet. For example, gps and ps are aliases for Get-Process. Also, kill is an alias
for Stop-Process.
Type Get-Alias.
Type Get-Alias -definition <cmdlet>, where cmdlet is the cmdlet for which you
want to list aliases.
If you see a cmdlet that is not following the Verb-Noun syntax, it is certain that the
cmdlet is using an alias. Sometimes it can be difficult to interpret what a command
is doing when an alias is used.
Type Get-Alias <Alias>, where Alias is the alias you want to define.
For example, type the following to list the cmdlet for the alias kill:
Get-Alias kill
Additional Reading
3-22
Variables
As you begin to find and create Windows PowerShell scripts, theres one more
concept you must understand: variables. Variables are memory locations that store
a value or object and are represented in Windows PowerShell by a name that starts
with a dollar sign ($).
To assign a variablethat is, to create and define a variablesimply use the
following syntax:
$variable = value
For example, the following script stops all processes named iexplore:
$process = "iexplore"
Get-Process $process | Stop-Process
The result is the same as the one-liner shown earlier. However, by separating the
name of the process from the line that performs the action of finding and stopping
the process, you can more easily modify the script. Or you could use the Read-Host
cmdlet to prompt a user for the name of a process, instead of hard-wiring the name
of the process into the script.
To assign a string value to a variable, enclose the value in single or double
quotation marks, as shown earlier.
Variables can also store one or more objects. Examine the following script:
$process = Get-Process "iexplore"
$process | Select ID, name, description
$process | Stop-Process
In this example, the variable $process is set to the collection of processes named
iexplore. The variable is then used in two following commands. The first reports
the ID, name, and description of each process in $process. The second stops each
process.
$_
The special variable $_ represents the current object in the pipeline. You see
examples of this later in the module.
3-23
For now, simply imagine that you are looping through a collection of objectsfor
example, each site collection in a Web applicationand you want to do something
to each objectfor example, list the site collection administrators. As you loop
through the collection, you can use the $_ variable to represent the current site
collection.
Again, you learn more about $_ and put it to use later in the module.
Additional Reading
3-24
Lesson 3
Now that you have learned some of the fundamental concepts of Windows
PowerShell, you can turn your attention to how you can use Windows PowerShell
to administer and automate SharePoint 2010.
After completing this lesson, you will be able to:
3-25
3-26
3-27
Sets the PSThread option to ReuseThread. This is a setting that improves the
utilization of memory in Windows PowerShell and reduces the likelihood of
memory leaks. In Windows PowerShell, each lineeach commandis started
in its own thread, or process. When ThreadOptions are set to Reuse Thread,
each command is run in the same thread. If you use Windows PowerShell, you
must run the following command:
$Host.Runspace.ThreadOptions = "ReuseThread"
Additional Reading
3-28
3-29
2.
Use the Add-SPAdmin cmdlet to grant a user the ability to use Windows
PowerShell against that content database. Use the following example:
Add-SPShellAdmin -username <DOMAIN\user> -database
(Get-SPContentDatabase <Content Database Name>)
So, with just one command, youve given the user the SharePoint_Shell_Access role
on the database and added the user to the WSS_ADMIN_WPG local group on each
server in the farm. If the user is currently logged on, the user will of course have to
log off and log back on for the new local group membership to take effect.
To perform this delegation, your account must have the Security_Admin server role
for the SQL Server instance and the db_owner role for the database, and you must
be in the Administrators group of each server in the farm. In other words, you
must be a high-level administrator to delegate to another user the ability to use
Windows PowerShell. Practically speaking, youll likely be administrator of the
SQL Server and of each server in the farm, though technically speaking you dont
need quite that much power.
Where:
3-30
Additional Reading
3-31
Type Get-SPFarm.
Type Get-SPWebApplication.
3-32
Type Get-SPSite.
To prevent runaway memory and processing, the Get-SPSite cmdlet limits the
number of site collections it returns to 20, by default. Add the -limit parameter to
increase this limit, or add -limit all to return all site collections. The Get-SPSite
cmdlet always excludes the Central Administration site collection.
The Get-SPWeb cmdlet limits the number of objects it returns to 200 by default.
Like the Get-SPSite cmdlet, use the -limit parameter to increase this limit, or use limit all to return all Web sites in a site collection.
3-33
The terminology is particularly tricky around the word site. Notice the different
ways in which the word site is used both in describing the components of
SharePoint as shown in the user interface and in the object model.
User Interface and Documentation
Object Model
Farm
SPFarm
Web application
SPWebApplication
Site collection
SPSite
SPWeb
It gets even more tricky when users say something like, I cant access my site. Is
that a site collection (SPSite), Web site (SPWeb), or are they really saying that
theyre typing http://intranet.contoso.com and getting an error, in which case it
may even be the Web application (SPWebApplication) that needs to be examined?
Its recommended that when you discuss SharePoint and particularly when you are
gathering information for troubleshooting that you avoid the word site by itself.
Clarify: Web application, site collection, or subweb.
The Get-SPSite cmdlet, also presented earlier, retrieves all site collections. If you
use an Identity parameter, it retrieves only matching site collections.
For example, the following command retrieves only one site collection:
Get-SPSite "http://intranet.contoso.com"
You can use the site collection returned by Get-SPSite instead of the -Site parameter
of Get-SPWeb:
Get-SPSite "http://intranet.contoso.com"| Get-SPWeb -limit all
3-34
Question: How can you get a list of all site collections in the farm, including
Central Administration, when the Get-SPSite cmdlet always excludes Central
Administration?
Question: How can you get a list of all Web sites in the farm, including Central
Administration, when the Get-SPSite cmdlet always excludes Central
Administration?
Additional Reading
3-35
You can use Windows PowerShell to create logical components of SharePoint, just
as you did by using Central Administration in Module 2.
Note the use of the -Confirm:$false parameter. The -Confirm parameter is common
to all Windows PowerShell commands that have potentially detrimental effects. By
default (-Confirm:$true), the cmdlet will prompt for confirmation. Specifying
Confirm:$false suppresses such prompts.
3-36
You can also use the -WhatIf parameter to simulate a command and report its
effects. The -WhatIf parameter is particularly helpful when you are performing a
command on a variable or collection of objects so that you know exactly what is
being done to which objects.
Where:
<Port> is the port on which the Web application will be created in IIS.
Note that the Get-Help documentation for the cmdlet states that the format for
<HostHeader> is http://server.domain.com. The documentation is incorrect.
<DatabaseName> is the name for the first content database for the Web
application.
For example, the following command creates the intranet Web application with
configuration similar to the intranet that was created by using Central
Administration in Module 2.
New-SPWebApplication -Name "Contoso Intranet" -Port 80 -HostHeader
"intranet.contoso.com" -URL "http://intranet.contoso.com:80" ApplicationPool "SharePoint Web Applications" -ApplicationPoolAccount
(Get-SPManagedAccount "CONTOSO\SP_Service") -DatabaseName
"WSS_Content_Intranet
3-37
Where:
<Content Database Name> is the name of the content database within which the
site collection should be created. This parameter is optional.
<Template> specifies the site definition for the top-level sitefor example,
BLANKINTERNET#1, the Publishing Site, or STS#0, the Team Site.
For example, the following command creates a site collection at the root of the
intranet Web application and creates a top-level site with the Publishing site
definition.
Where:
3-38
For example, the following command creates a content database for the Sales
departments intranet site collection:
New-SPContentDatabase -Name WSS_Content_Intranet_Sales -WebApplication
http://intranet.contoso.com
The command also creates a top-level site in the site collection based on the Team
Site site definition.
Where:
<Template> specifies the site definition for the Web site, for example,
BLANKINTERNET#1, the Publishing Site, BLOG#0, the Blog Site, or STS#0,
the Team Site.
3-39
For example, the following command creates a subweb for blogs beneath the Sales
Web site:
New-SPWeb "http://intranet.contoso.com/sites/Sales/Blogs" -Name "Sales
Blogs" -Template "BLOG#0"
3-40
3-41
For example, the following command lists the properties of the Sales site
collection:
Get-SPSite "http://intranet.contoso.com/sites/sales" | Get-Member MemberType Properties
Additional Reading
3-42
Write-Output
If you type the following command:
Get-SPWeb "http://intranet.contoso.com/sites/sales"
the URL of the Web site is returned. As you know, Windows PowerShell works
with objects, but when a command completesat the end of the pipelinean
implicit Write-Output cmdlet displays the default properties of the object(s) at the
end of the pipeline. In the example shown, the default property is a URL, and the
default display format is a table.
3-43
For example, the following command displays all properties of the sales Web site:
Get-SPWeb "http://intranet.contoso.com/sites/sales"| Select *
Additional Reading
the URL and template of all Web sites in the intranet Web application are
displayed. If you want to sort the results by template, you can use the Sort-Object
cmdlet, the alias of which is Sort.
For example, the following command displays the URL and template of the all
Web sites in the intranet Web application, sorted by template name:
Get-SPWebApplication "http://intranet.contoso.com" | Get-SPSite -limit
all | Get-SPWeb -limit all | Select-Object URL,WebTemplate | Sort
WebTemplate
You can add the -Descending parameter to the Sort cmdlet to sort in descending
order. The default is ascending order, and there is no -Ascending parameter.
3-44
Additional Reading
Note: Using Format-List (or fl) at the end of the pipeline adds an implicit Select *. All
properties are returned. If you want to limit properties returned, add the properties
to the Select cmdlet.
Additional Reading
The GridView
3-45
Export-CSV
To save output to a CSV file, add | Export-CSV <filename> to the end of the
pipeline.
ConvertTo-XML
Add | ConvertTo-XML to the end of the pipeline to convert output to an XML
object. An XML object is not immediately viewable because it is an object, not the
text output of an XML file. Therefore, you must save the pipeline, and thereby save
the XML file.
Follow this example:
( command | ConvertTo-XML ).Save("filename")
For example, the following command creates an XML file consisting of the URL
and template of all the Web sites in the intranet Web application, sorted by
template name:
(Get-SPWebApplication "http://intranet.contoso.com" | Get-SPSite limit all | Get-SPWeb -limit all | Select-Object URL,WebTemplate |
Sort WebTemplate | ConvertToXML).Save("C:\Users\SP_Admin\Desktop\SharePointWebSiteTemplates.xml")
Out-GridView
Windows PowerShell 2.0 includes an Integrated Scripting Environment (ISE),
which provides a datagrid view application. You must make sure that the ISE
feature is installed.
The following example outputs to the datagrid view application:
Get-SPWebApplication "http://intranet.contoso.com" | Get-SPSite -limit
all | Get-SPWeb -limit all | Select-Object URL,WebTemplate | Sort
WebTemplate | Out-GridView -Title "Web Site Templates Report"
Additional Reading
3-46
Filtering Objects
3-47
Notice the use of the $_ variable, which you learned in Lesson 2 represents the
current object in the pipeline. The Where-Object cmdlet operates on each object in
the pipeline, checking each against the filter defined by the expression, which itself
is surrounded by braces. As each object in the pipeline is examined, it is
represented by the $_ variable, and the objects WebTemplate property must be
equal to BLOG for the object to successfully continue down the pipeline.
A limited number of cmdlets support a -Filter parameter, which uses server-side
filtering. In the example shown previously, all objects are retrieved by the GetSPWeb cmdlet, and then the Windows PowerShell client must filter the objects.
You can reduce the burden on the server by using server-side filtering whenever
possible.
The SPWeb object can be filtered server-side for the Title and Template properties.
The SPSite and SPSiteAdministration objects can be filtered server-side for Owner,
SecondaryContact, and LockState.
Because, in this example, you have the option of using server-side filtering, it is
recommended you do so.
For example, the following retrieves the Web sites that are based on the Blog site
definition by using server-side filtering of the SPWeb object:
Get-SPSite -Limit All | Get-SPWeb -Limit All -Filter {$_.Template -eq
"BLOG#0"}
Operators
In the filter expressions shown earlier, you might have noticed the -eq comparison
operator, which means equals. The following operators are commonly used in
expressions:
Comparison Operators
-eq. Equal to
3-48
Logical Operators
-and
-or
Additional Reading
3-49
Typical Pipeline
Filter. Use the Where cmdlet to filter objects so that the only objects
remaining in the pipeline are those with which you want to work.
Select. Use the Select cmdlet to select the properties of objects that you want
to output.
Sort. Use the Sort cmdlet to sort the results, before output.
Output. Use the Format, Export, Out to produce output in the desired format.
If you want to convert the pipeline object(s) to a specific format, you can use
the Convert cmdlet to do so, and then use the Save method of the pipeline to
save an object to a file. An example is shown earlier in which pipeline output is
converted to an XML object, and then saved to an XML file.
3-50
Filters the pipeline so that only Web sites with the Blog site definition remain
Sorts the results by the date at which the last item in the Web site was
modified
3-51
Variables
As you work toward reading and writing more complex scripts, you undoubtedly
begin working with variables.
As you learned already, all variable names are prefixed with the dollar sign ($).
To assign a variable, use this syntax:
$variable = value
To return the current value of a variable, simply type the variable name and press
ENTER.
For example, the following command assigns the value CONTOSO\SP_Admin to
the variable $username:
$username = CONTOSO\SP_Admin"
The following command prompts you to enter the password for the account:
$password = Read-Host "Enter the password: " AsSecureString
3-52
Windows PowerShell cmdlets that require a password do not accept plain text.
Passwords must be contained in a secure string, the contents of which cannot be
displayed.
Windows PowerShell also has built-in variables, including the following:
Additional Reading
3-53
Iteration (Looping)
3-54
Additional Reading
3-55
Iteration in Scripts
Examine the following script, which creates intranet sites for HR and Marketing in
their own site collections and content databases:
$i = ("HR", "Marketing")
ForEach($url in $i)
{
New-SPContentDatabase -Name WSS_Content_Intranet_$url -WebApplication
http://intranet.contoso.com
New-SPSite -Url http://intranet.contoso.com/sites/$url ContentDatabase WSS_Content_Intranet_$url -OwnerAlias CONTOSO\SP_Admin
-Template "STS#0"
}
3-56
This line creates an arraya collection of multiple items. In this case, the items are
string values. The array items are separated by commas. The parentheses around
the items are optional, but make it easier to read.
ForEach($url in $i)
This line starts the iteration. For each item in the array variable $i the script block
that follows, enclosed in braces, is executed. The current object in the array during
each iteration is assigned to the variable $url. During each iteration, $url contains
the current item.
{
The $url variable is used to create a unique content database name for each
departmentit is the last component of the content database name.
New-SPSite -Url http://intranet.contoso.com/sites/$url ContentDatabase WSS_Content_Intranet_$url -OwnerAlias CONTOSO\SP_Admin
-Template "STS#0"
The $url variable is used to create a unique URL for the site collection and to
assign the site collection to the content database created by the previous
command.
}
3-57
Global cmdlets affect the farm as a whole, generally by making changes to the
SQL Server database. For example, when you set the property of a Web
application using Set-SPWebApplication, the property affects all servers
hosting that Web application. You do not need to touch each server. Similarly,
when you create a new site collection with New-SPSite, the site collection is
available to all SharePoint servers.
3-58
Windows PowerShell introduces remoting, with which you can perform Windows
PowerShell commands on remote systems. Remoting is a Windows PowerShell
feature, rather than a feature specific to SharePoint, so it is beyond the scope of this
course.
Additional Reading
3-59
Windows PowerShell scripts are text files saved with a .ps1 file name extension.
Some people overuse aliases, making it difficult for others to make sense of the
script. This is particularly true for single- and double-character aliases such as %
(ForEach-Object), ? (Where-Object).
3-60
Executing Scripts
By default, Windows PowerShell scripts are not allowed to run. This is done to
prevent malicious scripts from damaging your environment.
The Windows PowerShell ExecutionPolicy determines which scripts are allowed to
run. The default ExecutionPolicy is Restricted.
There are, of course, significant security risks by doing so. However, in a test
environment, you may decide that such risks are acceptable.
You can also configure Windows PowerShell to allow the execution of scripts with
specific characteristics, including scripts signed with a trusted digital signature. In
a production environment, you should sign scripts. Code signing is beyond the
scope of this course, but you can learn more in the resources listed in the
Additional Reading section.
Additional Reading
3-61
You are responsible for ensuring that the SharePoint farm can be built consistently
in both lab and production environments, and that the farm can be rebuilt in the
event of a catastrophic failure. Additionally, you are required to produce weekly
reports showing the webs and storage utilization of each site collection in the
production farm. To meet these goals, you must build Windows PowerShell scripts
that can automate SharePoint management tasks.
Start 10174A-CONTOSO-DC-C.
2.
3-62
2.
3.
To identify the assemblies that are currently loaded, type the following
command and then press ENTER:
[AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object {
Split-Path $_.Location -Leaf } | Sort
The output displays GAC, version, and location information for the assembly.
3-63
Tip: You can press the UP key to scroll through previously executed commands.
The output lists the snap-ins that have been added to the current session. The
SharePoint snap-in is not listed.
The output lists the snap-ins that are registered on the system, except for those
that are installed with Windows PowerShell.
The output lists the snap-ins that have been added to the current session. The
SharePoint snap-in is now added.
3-64
To identify the assemblies that are currently loaded, type the following
command and then press ENTER:
[AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object {
Split-Path $_.Location -Leaf } | Sort
Click Start, click All Programs, click Microsoft SharePoint 2010 Products,
and then click SharePoint 2010 Management Shell.
The output lists the snap-ins that have been added to the current session. The
SharePoint snap-in is already added to the session.
To identify the assemblies that are currently loaded, type the following
command and press ENTER:
[AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object {
Split-Path $_.Location -Leaf } | Sort
The listing demonstrates that SharePoint 2010 Management Shell preloads the
SharePoint .dll files.
Results: After this exercise, you will have learned how to run Windows PowerShell
with the ability to administer SharePoint.
3-65
2.
In SharePoint 2010 Management Shell, type the following command and then
press ENTER:
$spsite = Get-SPSite "http://intranet.contoso.com"
To enumerate all of the webs in the site collection, type the following
command and press ENTER:
$spsite | Get-SPWeb
An error appears indicating that login failed. The SP_Admin user account does
not have the permissions required to access the information about the intranet
site collection with Windows PowerShell.
3-66
Start SharePoint 2010 Management Shell using the Run as different user
option. Enter the user name, CONTOSO\Administrator, and the password,
Pa$$w0rd.
Results: After this exercise, you will have delegated SP_Admin the ability to manage
SharePoint with Windows PowerShell.
3-67
2.
3.
4.
Tip: You need to use the Get-SPSite, Get-SPWeb, and Select cmdlets.
3-68
An error indicates that you must run the command with elevated permissions.
3-69
In SharePoint 2010 Management Shell, press the UP arrow several times until
you see the command you typed in Task 2, and then press ENTER to rerun the
command.
Get-SPSite | Select URL, @{Name="Storage"; Expression={"{0:N2} MB"
-f ($_.Usage.Storage/1000000)}}, @{Name="Quota";
Expression={"{0:N2} MB" -f ($_.Quota.StorageMaximumLevel/1000000)}
} | Out-GridView -Title "Sites with Usage"
Type the following command and then press ENTER, which is the same as the
command you executed in the beginning of this task:
Get-SPSite | Select URL, @{Name="Storage"; Expression={"{0:N2} MB"
-f ($_.Usage.Storage/1000000)}}, @{Name="Quota";
Expression={"{0:N2} MB" -f ($_.Quota.StorageMaximumLevel/1000000)}
} | Out-GridView -Title "Sites with Usage"
Results: After this exercise, you will have used Windows PowerShell to produce
reports of your SharePoint environment.
3-70
2.
A site collection and top-level web for the Sales department is created using the
Team Site site definition.
3-71
In SharePoint 2010 Management Shell, create a script with a loop that creates
two new sites called HR and Marketing.
Tip: Refer to the commands from the previous task and the following example of a
loop.
$i = ("A", "B")
foreach($s in $i)
{
Write-Host $s
}
Results: After this exercise, you will have used Windows PowerShell cmdlets and
scripts to create new content databases, site collections, and sites.
3-72
Open the Announcements list, and then observe the title of the only item in
the list.
The list item will be updated. Notice that you did not use a cmdlet to update a
list item. There are things that will require direct access to the object model
and, as such, you need to be careful to dispose of objects you create.
Switch to Internet Explorer and then refresh the Announcements list, and
then observe that the title of the list item has been updated.
Results: After this exercise, you will have updated a list item using a Windows
PowerShell script.
Leave the virtual machines running. You will use them for Lab B.
3-73
3-74
2.
3.
4.
5.
3-75
Examine the output of the command, which includes a list of the numerous
operations supported by Stsadm. Also notice the examples displayed at the
end of the Help documentation.
Use the enumsites operation of Stsadm to list the site collections in the Web
application, http://intranet.contoso.com.
Review the XML response that you get from the command, and note that this
can be used in a Windows PowerShell script to iterate through all your site
collections.
Type the following command, and observe the amount of time it takes for the
command to execute:
Get-SPSite "http://intranet.contoso.com" | Get-SPWeb
Repeat steps 1 and 2, and observe the amount of time it takes for each
command to execute.
3-76
Use the createsite operation of Stsadm to create a site collection and top-level
web for the Operations department, with the URL
http://intranet.contoso.com/sites/Operations. Assign
CONTOSO\SP_Admin as the site administrator with the e-mail address
sharepoint@contoso.com.
Use the createweb operation of Stsadm to create a web for the Maintenance
department with the URL http://intranet.contoso.com/sites/Operations
/Maintenance.
In Internet Explorer, browse to the new site and select the Team Site template.
Access is denied.
Results: After this exercise, you will have executed several Stsadm commands to
create a new Operations site collection and web with a specific site collection
administrator.
3-77
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
3-78
Review Questions
Question: What are the advantages of using Windows PowerShell to manage
SharePoint?
Question: In what scenarios would it be preferable to use Stsadm instead of
Windows PowerShell cmdlets to manage SharePoint?
Question: By default, who can use Windows PowerShell to manage SharePoint?
Question: By default, will Windows PowerShell scripts be allowed to run on a
system?
4-1
Module 4
Configuring Content Management
Contents:
Lesson 1: Optimizing Content Storage and Access
4-3
4-29
4-40
4-54
4-98
4-2
Module Overview
4-3
Lesson 1
In this lesson, you explore the administrative tasks related to lists and libraries, the
two most important containers for content in sites. You then learn about two
important new features of SharePoint Server 2010 with which you can better
manage and govern both the performance and storage of SharePoint content: list
throttling and RBS.
After completing this lesson, you will be able to:
4-4
1.
4-5
2.
Avoid spaces. Spaces in URLs are escaped by browsers and become %20,
for example, http://intranet.contoso.com/Shared%20Documents. The
escaped space is difficult to read and interpret and can be problematic in
certain access scenarios. Avoid spaces in your URLs.
When creating the list or library, configure the Name field to be the URL.
When you create a list or library in the user interface, you are prompted to
enter a value for the Name. Unfortunately, the value you enter in the Name
box is used to create the Tile and the URL of the list or library. If you use bad
practicesfor example, if you include a space in the Namethe space becomes
part of the URL.
The URL is somewhat challenging to change after it has been createdyou
must use Windows PowerShell or SharePoint Designer to change it. The
name can easily be changed.
Therefore, follow these steps when creating a list or library:
1.
Configure the Name so that the result is a URL that follows the rules
discussed previously.
2.
Do not add the list or library to the Quick Launch when creating the list or
library.
4-6
3.
4.
4-7
The following graphic shows a Group Policy shortcut properties setting that is
configured to create a link to the SpecialProjects document library on the
consulting site:
Action: The Update action creates a Favorite if one does not exist and updates
the Favorite if it has changed.
Name: The Name is the user-friendly name of the Favorite, as it will appear in
the users Favorites folder. Using the foldername\Favorites Name format creates
a folder in the Favorites folder. In the preceding figure, a folder named
SharePoint Sites is created or updated with a Favorite called Consulting
Special Projects.
4-8
Additional Reading
2.
Right-click in a blank area of the window, and then click Add a Network
Location.
3.
After you create a network location, you can navigate to the library from the
Computer folder. The network location appears in the Network Locations folder.
In the Open and Save dialogs, click Computer in the Favorite Links bar.
It is easy to deploy network locations to users as long as you know that a network
location is a collection of objects in a folder in the following path: %appdata%
\Microsoft\Windows\Network Shortcuts, for example, c:\users\username
\AppData\Roaming\Microsoft\Windows\Network Shortcuts.
You can copy network locations that you have created to a shared folder on the
network, and then copy the network locations to the Network Shortcuts folders of
other users profiles. You can use Robocopy.exe in a logon script, for example, to
update users Network Shortcuts folders.
4-9
4-10
SharePoint 2010 lists expose important functionality that was not available in
previous versions of SharePoint:
Large lists. SharePoint 2010 lists are supported for up to 50 million items.
This is possible because of performance enhancements and new features such
as multicolumn lists.
Multicolumn indexes. You can create an index that contains more than one
column.
4-11
Related lists also support projected fields. These are fields from the parent list
that can be shown on the child list. For example, an order item that is related
to a customer item can display the customers name, address, email address,
and telephone number.
Data validation. You can perform simple data validation in an out of box
SharePoint list. A list column can have data validation, which ensures that a
columns value meets specified rules. A list can also have unique columns,
which ensures that no two items have the same value in the columns. For
example, you can set the email address column of a contacts list to be unique
so that no two contacts are created with identical email addresses.
4-12
Additional Reading
4-13
Large Lists
SharePoint 2010 can handle tens of millions of items in a list or library. However,
operations involving large numbers of items can reduce performance, limit access
to data, and cause timeouts.
Examples of such operations include the following:
SharePoint 2010 introduces large list throttling, which protects a SharePoint farm
and users accessing the farm from the effects of large operations by other users.
4-14
2.
Click the Web application for which you want to configure list throttling.
3.
On the ribbon, click the General Settings drop-down arrow, and then click
Resource Throttling.
The Resource Throttling page opens.
If list throttling is enabled at the Web application level, you can enable or
disable throttling per list through the object model. Lists and libraries have an
EnableThrottling property.
List throttling is configured separately for what is done in the user interface
versus what is done using the object model.
4-15
List View Threshold. This value configures the maximum number of items
that can be queried by standard users.
The default is 5,000 items. It is strongly recommended that you do not change this
default. If poor-performing queries are used on lists with more than 5,000
items, overall throughput may significantly decrease when raising this limit.
Object Model Override. You can apply a second level of throttling to super
users. The override allows a super user to retrieve a larger number of items. To
configure super user override, you must configure both of the following:
Object Model Override. This option specifies that the list view threshold
for auditors and administrators is in effect.
4-16
Super user override does not allow large list viewsaccess must be through the
object model. Developers can set the QueryThrottleMode property of SPQuery
and SPSiteDataQuery objects to retrieve up to the number of items specified in
the list view threshold for auditors and administrators.
Daily Time Window For Large Queries. You can specify a period of time
during which large queries can be executed. You should ensure that the time
window is configured to minimize the risk of affecting users based on your
usage patterns.
If the user is a member of the Administrators group of Web front end (WFE)
with Read permissions, all items are returned.
If the EnableThrottling property of the SPList object is set to false, all items are
returned. You can do this using the object model, including by using Windows
PowerShell. Doing so allows you to set list throttling settings for a Web
application, and then exempt specific large lists and libraries from throttling.
Several other list throttling settings are available on the Resource Throttling page.
Warning level for administrators. This value configures the warning level
shown on the List Settings page. The default value is 3,000. You can configure
the warning level by using Windows PowerShell, as in the following example:
$sitecol = Get-SPSite http://intranet.contoso.com/sites/IT
$sitecol.WebApplication.MaxItemsPerThrottledOperationWarningLevel
= 2500
List View Lookup Threshold. This value, 6 by default, specifies the number of
Lookup, Person/Group, or Workflow Status fields that a database query can
involve at one time.
4-17
List Unique Permissions. If a list contains too many unique permissions, the
system can experience performance degradation. The default value for this
setting is 50,000. As the number of unique permissions in a list increases,
performance degrades. Reconsider any design in which all or most content in a
large list must be uniquely secured. The throughput difference for operations on
a list between 0 and 1,000 unique permissions is around 20 percent. There is a
configurable default of 50,000 unique permissions per list; however, Microsoft
recommends that you consider lowering this limit to 5,000, and for large lists
consider using a design that uses as few unique permissions as possible. This
aids not only performance but also manageability.
If you are upgrading to SharePoint 2010, and you have a list in SharePoint 2007
that has a default view with a number of items greater than 5,000, after upgrade
the large list will not be available until a new default view is created that returns a
number of items lower than the threshold.
Another upgrade consideration is related to code that returns large numbers of
items. Developers should update their code to account for list throttling. The
EnableThrottling property on the list and the RequestThrottleOverride on the
query must be specified. Developers can find more information about list throttling
on MSDN.
Additional Reading
4-18
Binary large objects (BLOBs) are used to store large binary data such as documents
and media. By default, BLOBs are stored in the Microsoft SQL Server content
database. With Remote BLOB Storage, you can move storage of BLOBs to a
different data store.
BLOBs
BLOBs are fields that contain binary data. Following are examples of BLOBs:
SQL Server stores BLOB data in databases by default. But as BLOB data expands, it
consumes server storage. Additionally, BLOBs use server resources, for example,
cache, that are optimized for database access patterns, not for storing large files.
Therefore, performance can be degraded.
4-19
Database server resources, for example, cache, are freed for database
operations.
Local hard disks only. SharePoint does not support RBS remote storage, such
as network attached storage (NAS).
SQL Server versions. SharePoint 2010 supports RBS on SQL Server 2008
with Service Pack 1 (SP1) and Cumulative Update 2 or SQL Server 2008 R2.
RBS version. You must use the version of RBS that is included with the SQL
Server Remote BLOB Store installation package from the Feature Pack for
Microsoft SQL Server R2.
Additional Reading
4-20
How is content being accessed? RBS is well suited for BLOBs that are less
frequently or infrequently accessed, such as document archives. Frequent
access to many small files in a library can lead to increased latency if RBS is in
place.
What are the characteristics of the RBS provider? You should familiarize
yourself with both the performance and management features of an RBS
provider. For example, the FILESTREAM provider is a simple provider that
effectively moves BLOB storage out of the database to a local folder on the
computer running SQL Server; however, it is not a high-performance provider.
Therefore, it is well suited for infrequently accessed content, such as archives,
but would not be well suited for use in a high-activity environment.
Additional Reading
4-21
Configuring RBS for SharePoint 2010 is a multistep process. In this topic, each step
is detailed. To perform these procedures, you must log in with an account with the
following characteristics:
Account must log in with the Dbcreator and Securityadmin fixed server roles
on the computer running SQL Server.
Enable FILESTREAM
First, you must enable FILESTREAM by using SQL Server Configuration Manager.
4-22
Enable FILESTREAM
1.
2.
3.
4.
5.
6.
Select the Enable FILESTREAM for file I/O streaming access check box.
7.
8.
Click OK.
2.
In Object Explorer, right-click the SQL Server, and then click Properties.
3.
4.
Click Filestream Access Level, click the drop-down arrow, click Full access
enabled, and then click OK.
A message appears indicating that you must restart SQL Server.
5.
In Object Explorer, right-click the computer running SQL Server, and then
click Restart.
A confirmation dialog appears.
6.
Click Yes.
Alternately, you can execute the following query to set the FILESTREAM access
level:
EXEC sp_configure filestream_access_level, 2
RECONFIGURE
4-23
Additional Reading
IMPORTANT: Do not create the folder by using Windows Explorer. Use the
following procedure, and SQL Server will create the folder automatically.
1.
2.
Select the content database for which you want to provision a BLOB store, and
then click the New Query button on the toolbar.
The Query Editor opens a new query in the details pane.
3.
To set the database master key, type the following query into the Query Editor:
use [ContentDBName]
if not exists (select * from sys.symmetric_keys where name =
N'##MS_DatabaseMasterKey##')create master key encryption by
password = N'EncryptionKeyPassword'
Where:
4.
5.
4-24
6.
To enable a new filegroup for your RBS provider, type the following query into
the Query Editor:
use [ContentDBName]
if not exists (select groupname from sysfilegroups where
groupname=N'RBSFilestreamProvider')alter database [ContentDBName]
add filegroup RBSFilestreamProvider contains filestream
Where:
7.
8.
9.
To add a file system mapping for your RBS provider, type the following query
into the Query Editor:
use [ContentDBName]
alter database [ContentDBName] add file (name = RBSFilestreamFile,
filename = 'BlobStorePath') to filegroup RBSFilestreamProvider
Where:
BlobStorePath is the path to the BLOB store folder you want to create, for
example, D:\Blobstore. For best performance, simplified troubleshooting,
and as a general best practice, you should create the BLOB store on a
volume that does not contain the operating system, paging files, database
data, log files, or the Tempdb file.
4-25
2.
Use the following command to install RBS. Do not simply double-click the
package.
msiexec /qn /lvx* <InstallLogFile> /i RBS.msi
TRUSTSERVERCERTIFICATE=true FILEGROUP=PRIMARY
DBNAME="<ContentDbName>" DBINSTANCE="<DBInstanceName>"
FILESTREAMFILEGROUP=RBSFilestreamProvider
FILESTREAMSTORENAME=FilestreamProvider_1
Where:
InstallLogFile is the name and optional path of a log file that will be
generated by the installation, for example, rbs_install_log.txt.
Installation takes a few minutes. You can monitor installation by using Task
Manager. You can also monitor the log file for the text Installation completed
successfully. For example, use the following command:
type rbs_install_log.txt | find "successfully" /i
4-26
Where:
ContentDBName is the name of the content database for which Remote BLOB
Store has been provisioned.
Where:
ContentDBName is the name of the content database for which Remote BLOB
Store has been provisioned.
4-27
Where:
ContentDBName is the name of the content database for which Remote BLOB
Store has been provisioned.
Additional Reading
Install and configure Remote BLOB Storage (RBS) with the FILESTREAM
provider (SharePoint Server 2010) at http://go.microsoft.com/fwlink
/?LinkID=197210&clcid=0x409.
Set a content database to use Remote Blob Storage (RBS) (SharePoint Server
2010) at http://go.microsoft.com/fwlink/?LinkID=197211&clcid=0x409.
4-28
BLOB objects stored with the FILESTREAM provider are stored on the file system
with globally unique identifier (GUID)-based names that provide a unique link
from the RBS tables.
BLOB content is not encrypted. Transparent Data Encryption (TDE), which can
encrypt the content of BLOBs in SQL Server, is not applied to the FILESTREAM
provider. However, you can use NTFS Encrypting File System (EFS): Configure the
Blobstore folder to be encrypted after the folder has been created by SQL Server.
NTFS EFS is transparent to components accessing the NTFS file system.
If you are using RBS, it is important that you consider how you will back up and
restore the BLOB store. If you use the SharePoint built-in tools for backup, RBS
BLOB stores are included in the backup. You can even restore such a backup to a
computer running SQL Server without RBSthe BLOBs will be restored into the
database itself.
The SQL Server backup command does not back up BLOBs in RBS. However, the
procedure for properly backing up both a database and the BLOB store is
straightforward. First, back up the database. Then, back up the file store. To
perform a restore, first restore the file store, and then restore the database.
4-29
Scenario
You have just installed a new SharePoint 2010 server farm at Contoso, Ltd. Your
previous SharePoint 2007 environment included some very large lists that
performed poorly for end users and large document libraries that increased the
size of content databases and therefore the time required to perform backup and
restore operations. Your revised governance policy for SharePoint 2010 requires
that large lists have controls to manage performance and that the size of content
databases be more carefully managed. To support these requirements, you have
been tasked with implementing list throttling and Remote BLOB Storage.
Start 10174A-CONTOSO-DC-D.
2.
4-30
2.
3.
4.
5.
6.
7.
Create a custom list named ComputerInventory. After creating the list, change
its name and description to Computer Inventory (with a space).
Create two single-line text columns named Computer Name and Serial
Number.
Start SharePoint 2010 Management Shell using the Run as different user
option. Enter the user name CONTOSO\Administrator and the password
Pa$$w0rd.
4-31
In SharePoint 2010 Management Shell, create 4,000 items in the new list by
typing the following commands:
$site = Get-SPSite "http://intranet.contoso.com/sites/IT"
$web = $site.rootweb
$list = $web.Lists["Computer Inventory"]
$i = 1
do {
#add item
$newitem = $list.items.Add()
$newitem["Title"] = "Client-" + $i.ToString().PadLeft(4, "0");
$newitem["Computer Name"] = "Client-" + $i.ToString().PadLeft(4,
"0");
$newitem["Serial Number"] = $i.ToString().PadLeft(8,"0");
$newitem.Update()
$i++
}
while ($i -le 4000)
$web.dispose()
$site.dispose()
You can watch the progress of the script by refreshing the Computer Inventory
list page in the IT Web.
Open the List Settings of the Computer Inventory list, and then verify that
the List view threshold message indicates that the list contains 4,000 items.
4-32
You can watch the progress of the script by refreshing the Computer Inventory
list page in the IT Web.
Switch to Internet Explorer and refresh the view of the Computer Inventory
list.
Open the List Settings of the Computer Inventory list, and then verify that
the List view threshold message indicates that the list contains 9,000 items.
Return to the Computer Inventory list, point at the Title column header, and
then click the drop-down arrow that appears.
A message appears: Cannot show the value of the filter. The field may not be
filterable, or the number of items returned exceeds the list view threshold enforced by
the administrator.
4-33
Switch back to the Computer Inventory list. In the Computer Inventory list,
point at the Title column header, and then click the drop-down arrow that
appears. Verify that the Show Filter Choices command is now available.
Open the List Settings of the Computer Inventory list, and then observe the
List view threshold. Verify that the new list threshold of 7,000 items has been
applied.
Results: After this exercise, you should have modified list throttling settings for a
site collection.
4-34
2.
Start SQL Server Configuration Manager using the Run as a different user
option. Enter the user name CONTOSO\Administrator and the password
Pa$$w0rd.
Click SQL Server Services, and then open the properties of SQL Server
(MSSQLServer). In the FILESTREAM tab, select all three check boxes, and
then close SQL Server Configuration Manager.
Start SQL Server Management Studio using the Run as a different user
option. Enter the user name CONTOSO\Administrator and the password
Pa$$w0rd.
Add a filegroup for the RBS provider by executing the following query:
if not exists (select groupname from sysfilegroups where
groupname=N'RBSFilestreamProvider')alter database
[WSS_Content_Intranet_IT]
add filegroup RBSFilestreamProvider contains filestream
Add a file system mapping for the RBS provider by executing the following
query:
alter database [WSS_Content_Intranet_IT] add file (name =
RBSFilestreamFile, filename = 'c:\Blobstore') to filegroup
RBSFilestreamProvider
Results: After this exercise, you should have enabled FILESTREAM and configured
RBS on the computer running SQL Server.
4-35
4-36
2.
3.
4.
In SQL Server Management Studio, refresh the view of the Object Explorer
tree, and then verify that several tables exist in the WSS_Content_Intranet_IT
database that have names that begin with the letters mssqlrbs.
4-37
Open the C:\Blobstore folder, and then observe the number of items in the
folder.
Switch to Windows Explorer and verify that the file has been added to the
Blobstore folder.
Results: After this exercise, you should have configured RBS on the SharePoint farm
and tested its functionality.
4-38
2.
4-39
Results: After this exercise, you should have modified the RBS configuration to store
files larger than 1 Mbyte in the file system.
Leave the virtual machines running. You use them for Lab B.
4-40
Lesson 2
In lists and libraries, users create content. SharePoint Server 2010 offers impressive
content management functionality, which begins with the ability to describe
content with metadata using columns and to define content types. In this lesson,
you learn how to manage site content types and such columns. Although power
users can perform these tasks in certain environments, IT professionals must know
how to support these tasks.
Furthermore, you must have a solid understanding of columns and content types
at the site level before you can take advantage of the managed metadata service, the
topic of the next lesson.
After completing this lesson, you will be able to:
4-41
Content Types
Content types are definitions of types of content that can be stored in lists and
libraries. They are, in effect, a schema for the types of objects that can exist in a site.
Content types are an important component of your information architecture (IA),
which typically refers to both the content type hierarchy and taxonomy.
The sites content type gallery lists available content types and exposes content
type management functionality.
To open to the site content type gallery, complete the following steps:
1.
2.
Content types are scoped to the site in which they are created and all subsites. You
can create content types in any site. However, it is a best practice, when possible, to
create content types in the top-level site of a site collection so that the content types
are available to all sites in the site collection.
4-42
To deploy content types across multiple site collections, you can use Visual Studio
to define and package the content type as a solutions package (.wsp file). This is
possible in both SharePoint 2007 and SharePoint 2010.
SharePoint 2010 introduces the managed metadata service application, which
publishes content types and columns from one site collection across site
collections, Web applications, and farms. You learn more about the managed
metadata service application in the next lesson.
There are two basic steps to make use of content types in a Web site:
1.
2.
These two steps are covered in detail in the next two topics.
4-43
To work with content types in a site, you first create the content type, and then
associate it with a list or library.
1.
Click Site Actions, click Site Settings, and then click Site Content Types.
2.
Click Create.
3.
4-44
Group. When you create a content type, you can put it in a content type
group to make it easier to locate the content type. The group has no
technical impact whatsoeverit is purely organizationalbut it is
recommended to keep custom content types that you create separate from
content types that are built-in or that are created by third-party tools.
4-45
By default, a list contains one type of item, and a library contains one content type:
Document. To use content types in a list or library, you must first enable the
management of content types in the list or library.
On the list or library Settings page, in the General Settings section, click
Advanced settings.
2.
In the Content Types section, click Yes, and then click OK.
On the list or library Settings page, in the Content Types section, click Add
from existing site content types.
2.
Select the content type, click Add, and then click OK.
4-46
If you have more than one content type in a list or library, you can change the
order in which the content types appear on the New menu of the ribbon. Click
Change New Button Order And Default Content Type.
The content type that is listed first is the default content type used if a user clicks
the New button. Other content types appear if a user clicks the New buttons dropdown arrow.
If you are using custom content types and no longer require the default Document
or item content type, you can delete it. In the Content Types list, click Document.
Click Delete This Content Type, and then click OK when prompted to confirm.
4-47
Document Information Panel (DIP). The DIP is a form that appears above
the document in some Microsoft Office client applications, such as Microsoft
Office Word. The DIP displays the properties of the document, giving users a
way to read and modify properties in the client application instead of or in
addition to using the SharePoint Web user interface. The DIP can be
customized by using InfoPath to include business logic, access to other data
sources, and rich interaction.
4-48
4-49
Columns
As you discovered in the previous topic, columns are used to define pieces of
information that can be associated with a document or list item. Synonyms for
columns include fields, attributes, properties, and metadata.
Columns describe content and can thus be used to organize and manage content
in views, reports, and alerts. Columns can also be used as search attributes,
allowing users to locate content more efficiently.
A column is scoped to the site in which it is created and to all subsites. As with
content types, it is recommended you create site columns at the top-level site of a
site collection whenever possible so that it is available to all sites in the site
collection.
To deploy a column across multiple site collections, you can use Visual Studio to
define and package the column as a solutions package (.wsp file). This is possible
in both SharePoint 2007 and SharePoint 2010.
4-50
Site Columns
There are two basic steps to make use of content types in a Web site:
1.
2.
2.
3.
Click Create.
4-51
4-52
4.
Name. The column name, which must be unique at the site level.
Click Site Actions, click Site Settings, and then click Site Content Types.
2.
3.
Click Site Actions, click Site Settings, and then click Site Content Types.
2.
3.
4-53
4-54
Lesson 3
In the previous lessons, you learned how to define metadata and content types at
the list and site levels. In this lesson, you learn how to configure an important new
service application in SharePoint Server 2010, the managed metadata service,
which makes terms and content types available across site collections, Web
applications, and even farms.
After completing this lesson, you will be able to:
Configure taxonomy.
4-55
4-56
Managed terms, which are usually predefined, can be created only by users with the
appropriate permissions and are often organized into a hierarchy.
Enterprise keywords are words or phrases that have been added to SharePoint
Server 2010 items. All enterprise keywords are part of a single, nonhierarchical
term set called the keyword set.
Local term sets are created in the context of a site collection. For example, if you
add a column to a list in a document library and create a new term set to bind the
column to, the new term set is local to the site collection that contains the
document library.
Global term sets are created outside the context of a site collection. For example, the
term store administrator could create a term set group called Human Resources and
designate a person to manage the term set group. The group manager would create
term sets that relate to human resources, such as job titles and pay grades in the
Human Resources term set group.
4-57
First, take a look at managing and using terms, from beginning to end, at a very
high level. This topic focuses on the main tasks involved with creating and using
terms.
2.
4-58
3.
Confirm that the tool is focused on the metadata application that you want to
administer. In the Available Service Applications list, select the correct
metadata application.
Create a Term
To create a term, complete the following steps:
1.
2.
3.
Expand the term group and the term set in which you want to create the term.
4.
Point at the term set or term beneath which you want to create the term, and
then click the drop-down arrow that appears.
5.
6.
Important: A managed metadata column can be associated with only one term set.
4-59
2.
3.
4.
Click Create.
5.
6.
7.
In the Group section, select a column group or create a new column group.
8.
In the Term Set Settings section, expand the term store, expand the term
group that contains the term set, and then click the term set.
9.
Optionally, configure other settings for the column. For example, you can
specify that the column allows multiple values. Also, if the term set is an open
term set, you can configure the column to allow fill-in choices. Click OK.
2.
3.
Click the site content type to which you want to add managed metadata.
4.
5.
In the Select columns from list, select the column group that contains the
managed metadata column.
6.
In the Available columns list, click the managed metadata column, and then
click Add.
7.
8.
4-60
Pick Terms
After adding a managed metadata column to a list, library, or content type, users
can apply terms from the term set as values for the column.
The new and edit forms of an item or document display the managed metadata
control for a managed metadata column, and the user interacts with this control to
enter the columns value.
With the managed metadata control, the user can either type a value or select a
value by hierarchically navigating the term set that is associated with the column. If
the user begins typing a value, the AJAX-driven control displays all terms in the
associated term set that begin with the characters the user has typed. The name of
the term set and the terms position in the hierarchy are indicated along with the
term itself.
If the columns definition allows multiple values, the user can select more than one
term. If both the term set and the columns definition allow new terms to be added,
the user can also create a new term and insert it at the appropriate place in the
term sets hierarchy.
It is important to note the following about the control:
The control consists of a text box, a browse button, and a term selection page.
If you type a term that does not exist in the term store, your entry is displayed
in red with a red dashed underline. You cannot save the change until you
correct the entry.
Click the Browse For A Valid Choice button. The term selection page opens.
The term selection page shows all terms in the term set.
4-61
To select a term, click the term, click Select, then click OK, as shown in the
following graphic:
If the term set has an email address in the term sets Contact property, the
term selection page displays a Send Feedback link. The link is a simple
<mailto:> link that opens the users email client with the To: address
prepopulated with the term set contacts email address.
If the term set is an open term set, the Add New Item link appears. Click the
link, and a new, blank term appears. Type the label for the term, and then
press ENTER.
Typically, terms are tightly managed. Most term sets are usually closed,
meaning that only term set managers and contributors can add, modify, or
delete terms in the term set.
A managed metadata column can expose terms from only one term set.
4-62
Keywords
Often, enterprises want to allow folksonomythe development of terms and
metadata that is driven by users adding tags to content and people. Terms in a
folksonomy are typically unmanagedusers can tag content or people with
whichever words and phrases they want to apply.
Folksonomy in SharePoint Server 2010 is supported by keywords. Keywords are
terms that are stored in a single, nonhierarchical term set called the keyword set.
When content is tagged and a term does not exist, it is added to the keyword set.
There is very little difference, really, between keywords and terms. Both are terms
that can be used to tag content. Both are stored in the term store. The primary
differences are the following:
Terms are highly managed. They have numerous properties, about which you
learn later in this lesson. Terms are structured in term sets and term groups
and can be reused across term sets and term groups.
Term sets are typically closed. The keyword set is typically openusers can
add keywords to the keyword set when they tag content with words or phrases
that do not already exist in the keyword set.
2.
3.
Click the site content type to which you want to add managed metadata.
4.
5.
In the Select columns from list, select the column group that contains the
managed metadata column.
6.
7.
8.
4-63
The control consists of a text box, a browse button, and a term selection page.
You can type a word or phrase that does not already exist as a keyword, and it
will be added to the keyword set. This is the default behavior of the enterprise
keywords column; however, SharePoint can be configured to prevent adding
new keywords to the keyword set.
Create a Keyword
Keywords are often created by users when they tag content with a word or phrase
that is not already in the keyword set. However, if you want to add a keyword
directly to the keyword set, you can do so by following this procedure:
1.
2.
3.
Point at the Keywords, and then click the drop-down arrow that appears.
4.
5.
4-64
Manage Terms
Now that you understand the end resulthow terms are incorporated into items
and documentsyou can learn how to administer managed metadata, from the
bottom up, starting at the terms themselves.
Term Properties
Terms are more than simply words or phrases. They are objects with a variety of
properties.
Modify a Term
To modify the properties of a term, follow this procedure:
1.
2.
3.
4.
Click Save.
4-65
The term properties that you can modify include the following:
Sort order. By default, terms are sorted alphabetically in the parent term set or
term. However, you can manually specify the sort order by completing the
following steps:
1.
2.
3.
Available for tagging. By default, terms are available to be used for tagging.
Why would you create a term and then not make it available? Terms
themselves are hierarchical in a term set. That is, a term can have one or more
terms as child objects. For example, you might have terms for teams or
departments in the IT group. If you have a term hierarchy in a term set, you
might want nodes that have child terms to be unavailable for tagging.
Language. If you have a language pack installed, and the term store has the
language specified as a working language, you can select each language and
modify the Default Label and Other Labels.
Description. Use a description to help users understand when to use the term
and to disambiguate among similar terms.
Default label. This is the default label for the term for the selected language.
The default label is what is referred to as the term. However, as you are
learning, the term is more than just the label. In fact, behind the scenes,
everything is managed with unique identifiers.
Other labels. These are synonyms and abbreviations for the term for the
selected language. When other labels are configured for a term, users can enter
any of the synonyms or abbreviations in a managed metadata control, and
their entry will be changed into the default label for the term. The other labels
even appear as suggestions when a user begins to type in a managed metadata
control.
Member of. A term can be reused in multiple locations. The Member Of list is
a list of locations in which the term exists.
Source. When a term exists in more than one location, the terms properties
can be edited in only oneits source. The permissions that apply to the source
location affect who can modify the terms properties.
4-66
Term Tasks
Use the drop-down menus in the term store hierarchy of the Term Store
Management Tool to perform actions. You can perform the following actions
related to terms in a term store:
Create term. Create a new term in a selected term set or as a child of a selected
term.
Copy term. Create a new term that is a copy of an existing term. The source
terms properties are copied to the new term, and then the new term is a
unique object with no relationship or linkage to its original source.
Deprecate term. Disable the term so that it no longer can be used as a valid
term but stays part of the system.
Merge term. To merge terms, select a source term, click Merge Term, and then
select a target term. The result is that the source term and its synonyms are
added as synonyms of the target term.
Reuse term. A term can be placed in more than one location in the taxonomic
hierarchy. To use a term in a new locationin a term set or as a child of
another termselect the target location, click Reuse Term, and then select the
source term. The source term is added as a kind of link to the selected target
location. Changes to a terms properties affect every instance of the term. The
terms Source property defines the location in the hierarchy in which the term
can be modified, and the permissions on that location determine which users
can modify the term. The terms source can be changed to any of its locations
by a user who currently has permission to modify the term.
Enterprise Keywords
As you learned in a previous topic, keywords are stored in a flat, nonhierarchical
keyword set. Keywords have only one property: Available For Tagging. You can
perform only three actions. The first two are New Keyword and Delete Keyword,
which are self-explanatory.
The third action is Move Keyword. With this option, you can move a keyword into
a term set, where it becomes a managed term and acquires all of the additional
properties associated with terms. This process is how an organization can
organically grow a folksonomy and migrate resulting terms into a taxonomy.
4-67
Contact. An email address for a contact for the term set. If an email address is
entered in the Contact property, the managed metadata control displays a
Submit Feedback link in the term picker. A user who wants to submit feedback
or request a change to the term set can click the link and an email message is
started with the To address populated by the value of the term set contact.
4-68
Submission Policy. The submission policy determines whether users can add
terms to the term set from the managed metadata control. If a submission
policy is open, the managed metadata control displays an Add New Item link.
So, if a user wants to tag content with a term that is not already in the term set
for a managed metadata column, the user can add a new term on the fly. This
allows for folksonomy in the context of a managed term set. The newly added
term is available to other managed metadata columns that reference the same
term set.
Note: For a user to add a new item to a term set, the term set must have an open
submission policy, the managed metadata column must allow fill-in choices, and the
user must have permission to change an item or document that contains the
managed metadata column.
In Term Store Management Tool, point at the term group in which you want
to create a term set, click the drop-down menu of the term group, and then
click New Term Set.
2.
Type a name for the term set, and then press ENTER.
3.
4-69
Using the term sets drop-down menu, you can perform the following actions:
Delete Term Set. This option deletes the term set and its terms.
Move Term Set. This option moves a term set to another term group.
Copy Term Set. This option creates a new term set with the same
properties as the source term set. All terms in the source term set are
added, as reused terms, to the new term set. This allows you to create
variations on a term set for scenarios in which a managed metadata
column needs to contain a superset, subset, or other variation of terms
that are already in use in another term set.
4-70
A term group is a collection of one or more term sets. A term group has a Group
Name and a Description. Most important, the term group defines two roles:
Contributors. Contributors have full permission to edit terms and term set
hierarchies in the term group.
Point at the term store, click the drop-down menu, and then click New Term
Group.
2.
Type a name for the term group, and then press ENTER.
4-71
New Term Set. You can use this option to create a new term set in the term
group.
Delete Term Group. You can use this option to delete the term group.
Import Term Set. You can use this option to import a term set using a commaseparated values (.csv) file. You can find a sample import file in the root of the
term store. In Term Store Management, click the term store, and then click
View A Sample Import File.
Additional Reading
4-72
Each managed metadata service application has one term store. Metadata service
applications cannot share term stores.
The term store properties define the following:
Term Store Administrators. Term Store Administrators have full control over
the term store. Term Store Administrators can perform all actions of Group
Managers, can create and delete term groups, and can assign users to the
Group Managers role. Term store administrators can also modify the default
and working languages of a term set.
Default Language. Each term store must have a default language specified,
and every term must have a label defined in the default language.
Working Languages. After you have installed a language pack, you can add
installed languages as a working language for a term set. Then, you can select a
term and specify the default label and other labels for each working language.
Unlike the default language, you are not required to have a label for every term
in a working language.
4-73
Terms are not added to a term store by default when you add a language pack.
There is no automatic translation service. You must manually configure the
labels for terms in each language that you want a term set to expose.
When a term has labels in multiple languages, the language of the site
determines which labels are visible. For example, if the Department term set
has terms defined in both French and English, an English-language team site
allows users to use English terms from the term set in a managed metadata
column, and a French team site allows users to use French terms from the
term set.
To create a term store, you must create a managed metadata service application.
The steps for this procedure are listed later in this lesson. To delete a term store,
you must delete the managed metadata service application.
2.
In the Term Store Administrators box, type the names of term set
administrators separated by semicolons.
3.
Click Save.
4-74
4-75
One or more terms are contained in a term set. Terms can also be created as
child objects of other terms.
A term set is a group of related terms and is the scope of a managed metadata
column. When you add a managed metadata column to a content type, list, or
library that will use tags, you specify the term set that is used in the column.
Each managed metadata column can use terms from only one term set, and all
terms in the term set are available.
A term group is a security container that manages who can modify term sets
and terms. You can specify, for a term group, who has permission to modify
the term sets and terms in the term group.
A term store is the database that contains the terms for a managed metadata
service application. The scalability of a managed metadata service application
is related to performance, but the following guidelines should be used:
The keyword set is a flat, nonhierarchical term set that is used to apply terms to
enterprise keyword columns. The managed keyword control displayed by an
enterprise keyword column exposes terms from the keyword set as well as all
other term sets that are available to the Web application.
Term sets can be global or local. A global term set is what you have been
examining thus fara term set that is maintained using the Term Store
Management Tool and available to all Web applications that connect to the service
application.
4-76
A local term set is maintained in the term store, but it is created and managed in a
site collection, rather than in the Term Store Management Tool. The resulting term
set is available to all sites in the site collection but not to other site collections.
Using a local term set has advantages over legacy methods for tagging datafor
example, choice and lookup fieldsbecause the local term set is maintained by the
managed metadata service, so you can define synonyms and manage terms just as
you would a global term set. Users who are site collection administrators have
permissions to create local term sets.
Additional Reading
4-77
4-78
Terms
You can use the managed metadata service to practice enterprise metadata
management. As discussed in a previous topic, metadataalso known as attributes,
properties, fields, columns, terms, tags, and keywordsis a critical component of
taxonomy and therefore of information architecture.
4-79
Using Terms
Tags are everywhere in SharePoint Server 2010. You can tag items, documents,
pages, and sites from the SharePoint Web interface or by using SharePoint-aware
applications such as Microsoft Office 2010.
One of the primary reasons to tag content is to make it easier to locate by browsing
or by searching. SharePoint uses tags to provide metadata-driven navigation and
filtering and to produce a tag cloud control. Tags can be used as search refiners,
and tags can be used by the routing rules of the Content Organizer to route
content to the appropriate location.
You can delegate term management to librarian roles, represented by the term
groups Contributor and Group Manager roles.
You can support multiple languages. After you have installed a language pack,
you can add installed languages as working languages for a term set. Then, you
can select a term and specify the default label and other labels for each
working language. Unlike the default language, you are not required to have a
label for every term in a working language.
4-80
Terms are dynamic. As soon as a keyword or term is added to the term store, it
is available to all enterprise keyword or managed metadata columns in all Web
applications that connect to the managed metadata service application.
Changes to terms, including new labels, synonyms, and merged terms, cascade
through the system.
Managed metadata can be used to refine search results and provide metadatabased navigation so that users can locate content more efficiently.
Extensibility
There is no out of the box feature that connects the managed metadata service to
external data sources or term stores.
However, the managed metadata service is extensible. You can expect numerous
solutions to be developed by independent software vendors and by the
community. Tools will be available to migrate enterprise taxonomy from other
sources into the managed metadata service and to integrate the managed metadata
service with other taxonomy management tools.
Additional Reading
4-81
4-82
2.
3.
4.
In the Content Type hub box, type the URL of the site collection from which
the service application will consume content types.
5.
Select the Report syndication import errors from Site Collections using this
service application check box, and then click OK.
When a Web application tries to import the content types from its managed
metadata service applications and encounters an error, the error is always
logged to that Web application. This option creates a second error associated
with the content type hub site collection so that import errors from all
subscriber sites are centralized and can be viewed in one place: the hub.
2.
3.
4.
Select the Consumes content types from the Content Type Gallery check
box.
4-83
In the content type hub site collection, click Site Actions, and then click Site
Settings.
2.
3.
4.
5.
You can use the same Manage Publishing For This Content Type command to
republish, or update, a content type and to unpublish a content type.
2.
3.
4-84
4.
5.
6.
Click Content Type Subscriber on the row for the subscriber Web
application.
7.
8.
4-85
2.
On the ribbon, click New, and then click Managed Metadata Service.
The Create New Managed Metadata Service dialog appears.
4-86
3.
In the Name box, type the name for the service application.
The service application created by the Farm Configuration Wizard is Managed
Metadata Service. If you are manually creating the first metadata application in
your farm, you can use the same name so that the result looks familiar to
SharePoint administrators.
Alternately, you can consider using a name such as Managed Metadata Service
Application, which is more accurateit is a service application, after all.
4.
5.
6.
Optionally, in the Content Type hub box, enter the URL to the site collection
that will serve as the content type hub.
7.
It is recommended that you select the Report syndication import errors from
Site Collections using this service application check box.
When a Web application tries to import the content types from its managed
metadata service applications and encounters an error, the error is always
logged to that Web application. This option creates a second error associated
with the content type hub site collection so that import errors from all
subscriber sites are centralized and can be viewed in one place: the hub.
8.
4-87
Where:
<DatabaseName> is the name of the database that will host the term store. Each
managed metadata service must use a unique term store.
<DatabaseServerName> is the name of the database server that will host the
term store.
<HubURI> is the URL of the site collection that contains the content type
library that the new managed metadata service will provide access to.
2.
Note: Do not select the row by clicking in the Name column. Clicking the name of
the managed metadata service opens the Term Store Management Tool. Instead,
click in another column in the same row.
4-88
3.
Where:
<HubURI> is the URL of the site collection that contains the content type
library that the new managed metadata service will provide access to.
Additional Reading
4-89
Previously, you learned that application connections provide a way for a Web
application to connect to a service application. Application connections, also called
proxies, are grouped into connection groups, also called proxy groups. Typically, Web
applications connect to services using connections that are part of a defined
connection group that can be used by other Web applications. The farm has a
default connection group, and you can create additional connection groups. You
can also define a custom connection group for a single Web application, and this
custom connection group will not be available for other Web applications.
To use managed metadata, a Web application must have a connection to a
managed metadata service. A Web application can have connections to multiple
services, and the services can be local to the Web applicationthat is, in the same
farm as the Web applicationor remotethat is, in another farm.
When you create a managed metadata service, a connection to the service is
created automatically in the same Web application as the service. As you learned in
a previous section, when you create a managed metadata service, the connection is
added to the default connection group unless you clear the Add This Service
Application To The Farms Default List check box.
You do not need toand cannotcreate additional connections to a managed
metadata service in the local farm. However, if you want to connect to a managed
metadata service in a remote farm, you must create a connection. In Central
Administration, on the Manage Service Applications page, click Connect, and then
click Managed Metadata Service. The process of connecting to service applications
in remote farms is detailed in Module 8.
After a connection to a managed metadata service has been created, you can
configure the following four options:
IMPORTANT: For a given Web application, do not make more than one connection
the default keyword location. If no connection is specified as the default keyword
location, users cannot create new enterprise keywords.
4-90
Default term set location. Web applications using this connection store local
term setscustom term sets created for site columns in site collections in the
Web applicationin this managed metadata services term store.
IMPORTANT: For a given Web application, do not define more than one
connection as the default term set location. If no connection is specified as the
default term set location, users can specify only an existing term set when they
create a site column whose data type is managed metadata.
Use of content types. You can use this option to decide whether to make the
content types that are associated with this managed metadata service (if any)
available to users of sites in this Web application. This option is available only
if the service has a hub defined to share content types.
Pushing down content type publishing updates from the content type
gallery to subsites and lists using the content type. Use this option to
update existing instances of the changed content types in subsites and
libraries.
2.
3.
4-91
Additional Reading
Additional Reading
4-92
4-93
Modify the Term Store with the Manage Service Applications Page
The following roles can perform tasks related to managing managed metadata
service applications and connections:
Modify the Term Store with the Term Store Management Tool
The following roles can perform tasks on the term store by using the Term Store
Management Tool:
Create, rename, copy, reuse, merge, deprecate, move, and delete terms.
Term Store Administrators. Term Store Administrators have full control over
the term store. Term Store Administrators can perform all actions of Group
Managers, can create and delete term groups, and can assign users to the
Group Managers role. Term Store Administrators can also modify the default
and working languages of a term set.
4-94
Modify the Term Store with Managed Metadata and Keyword Controls
All users can make changes to the term store in the context of a task by interacting
with the managed metadata and managed keyword controls.
Presuming that a user has permission to change an item or document that uses a
managed metadata column or an enterprise keywords column, the user can do the
following:
Add terms to a term set. By using the managed metadata control, a user can
add a term to a term set. The term set must have an open submission policy,
the managed metadata service application must allow writes to the term store
(part of the Restricted connection permission), and the column must allow fillin choices.
Add keywords to the keyword set. By using the managed keyword control, a
user can add a keyword to a keyword set. The Web application must have a
managed metadata service application connection that designates the managed
metadata service application as the default storage location for keywords. The
managed metadata service application must allow writes to the keyword set
(part of the Restricted connection permission), and the column must allow fillin choices.
Modify the Term Store with the Managed Column Properties Page
A user with permission to add or modify columns can do the following:
Create a local term set. An administrator of a site can create a local term set
that is available only to sites in the site collection. This local term set, also
called a site collection term set or a column-specific term set, is stored in the
managed metadata service term store specified by the Web applications
connections as the default term set location. The default term set location must
be specified, and the user must have permission to create or modify columns
in the site.
4-95
Informational Roles
The term set Owner, Contact, and Stakeholders properties are informational only.
They are used to document individuals and groups that have an interest in the
term set. The properties do not convey any permission of any kind.
However, the Contact email address is used to create a Submit Feedback link in the
managed keyword control so that users can propose changes or request new terms
by email.
Use Terms
Numerous tasks can be performed that use managed metadata. These tasks are
performed in the user interface and security context of the task.
Create and refine queries based on term sets. Users can use terms in term
sets in search queries, and, when a list of search results is returned, they can
use terms in term sets to create refinersfilters that narrow down search
results.
Connection Permissions
A managed metadata service application, by default, allows all Web applications
that connect to it to have full access to the term store. With this default, all Web
applications connecting to the managed metadata service application can perform
all of the activities listed previously.
4-96
2.
3.
By default, the Local Farm group has Full Access To Term Store permission. The
Local Farm group includes all app pools for all Web applications in the farm. To
restrict permissions, you must first remove the permission assigned to Local Farm.
You can then add individual Web application app pool accounts and assign
permissions to the accounts.
Connection permissions are as follows:
Read Access To Term Store. This permission grants read access to the term
store and content types that are associated with the managed metadata service.
A Web application with this permission to the managed metadata service can
use terms and content types from the managed metadata service but cannot
make any changes.
Read And Restricted Write Access To Term Store. This permission grants
Read access to the term store and content types that are associated with the
managed metadata service. Additionally, this permission grants the ability to
create local term sets and to add terms to open term sets, and permission to
create enterprise keywords. A Web application with this permission can allow
users to create local term sets, to add keywords, and to add terms to open
global term sets.
Full Access To Term Store. This permission grants Read and Write access to
the term store and Read access to content types that are associated with the
managed metadata service. A Web application with this permission can
publish content types to the content type hub and can manage terms and term
sets.
4-97
To reiterate, the default permission for all Web applications is Full Access To Term
Store. With this permission in place, a users capabilities are governed by
permissions on the term store, on the site collection, and on content in the site.
Any permission more restrictive than this limits the activities that were listed earlier
in this topic.
The following table summarizes connection permissions.
Action
Read
Restricted
Full
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
View and use content types from the content type hub (if
the service provides a hub)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Add and modify content types in the content type hub (if
the service provides a hub)
Yes
Yes
Additional Reading
4-98
Scenario
The knowledge management team at Contoso is excited about the ability of
SharePoint 2010 to support an enterprise taxonomy. They have asked you to
prototype the functionality of the managed metadata service and of terms.
2.
3.
4.
5.
4-99
Create a new term set named Department. Configure the term set with a
closed submission policy.
Add terms for the following departments: Marketing, Finance, IT, and Sales.
4-100
User Name
Department
Request Type
AndyR
Finance
New User
ChristaG
IT
Password Reset
Problem starting
computer
FrankM
Marketing
Desktop
Support
SeanC
Sales
New User
LolaJ
Sales
Password Reset
Tip: To add a new term you must add it to the term store by clicking the Browse For
A Valid Choice icon, and then clicking the Add New Item link.
Tip: Use the Suggestions list to enter departments without having to type the entire
department name.
4-101
Observe the tree view below the Quick Launch. Click the terms in the
Department and Request Type term sets to filter the list.
Results: After this exercise, you should have created term sets and a SupportRequest
list with managed metadata columns, and you should have configured metadata
navigation to filter the list.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
4-102
Review Questions
1.
2.
3.
4.
Configuring Authentication
5-1
Module 5
Configuring Authentication
Contents:
Lesson 1: Understanding Classic SharePoint Authentication Providers
5-3
5-24
5-34
5-40
5-2
Module Overview
Objectives
After completing this module, you will be able to:
Configuring Authentication
Lesson 1
Objectives
After completing this lesson, you will be able to:
5-3
5-4
Configuring Authentication
5-5
5-6
If you are upgrading from Microsoft Office SharePoint Server 2007, consider using
classic-mode authentication if you have no plans to implement forms-based
authentication or SAML token-based authentication in the future. If you ever plan
to use forms-based authentication or SAML token-based authentication, claimsbased authentication is a requirement because classic-mode authentication only
supports the Windows authentication provider. FBA is not supported by classicmode authentication, even though FBA was supported in SharePoint 2007. You
must use claims-based authentication to use FBA.
The table below summarizes the authentication modes, providers, and methods.
You will learn about each as this lesson progresses.
Type
Classic
Claims-based
Provider
Methods
Windows
Windows
FBA
SAML
Configuring Authentication
5-7
You can configure classic-mode authentication (CMA) when creating a new Web
application or subsequently by editing the authentication option as listed below for
both situations.
Edit Authentication
After a Web application is created, you can modify authentication settings on the
Edit Authentication page. You will then be able to change the settings for Security
Configuration, and review the settings under Authentication Type.
You can access the Edit Authentication page from the Web Applications
Management or the Authentication Providers page.
5-8
2.
3.
4.
5.
6.
2.
3.
Click the Web Application menu to select the Web application that you want
to modify.
4.
5.
Configuring Authentication
5-9
5-10
NTLM
NTLM is the most established form of authentication in Microsoft products, as it
was introduced more than a decade ago.
NTLM Summary
While NTLM is not the most efficient authentication method, and while it is
slightly less secure than Kerberos, it is often chosen as the authentication method
for SharePoint Web applications because it is easy to set up.
Kerberos
Kerberos is the default authentication method for Windows clients and servers in
an Active Directory domain.
Configuring Authentication
5-11
5-12
Configuring Authentication
5-13
Crawl has problems with communication and ticket handling when the site is
running on non-default ports (HTTP: 80 and HTTPS: 443) and configured for
Kerberos authentication.
The calling application does not provide enough information to use Kerberos
authentication.
If the Negotiate process cannot use the Kerberos protocol, the Negotiate process
selects the NTLM protocol.
5-14
The service class for the request, which is always HTTPthe HTTP service class
includes both the HTTP and HTTPS protocols.
2.
3.
Configuring Authentication
5-15
5-16
2.
In the console tree, right-click ADSI Edit, and then click Connect To.
The Connection Settings dialog box appears.
3.
Click OK.
4.
In the console tree, expand Default naming context, expand the domain, and
then expand the nodes representing the OU(s) in which the account exists.
Click the OU in which the account exists.
5.
In the details pane, right-click the service or application pool account, and
then click Properties.
The Properties dialog box appears.
6.
7.
In the Value to Add field, type the SPN, and then click Add.
Repeat Step 7 for additional SPNs. Remember that an app pool account should
have two SPNs, in the form HTTP/site.domain.com and HTTP/site, for each
Web application that uses Kerberos authentication in the app pool. Remember
also to add the port number if the site runs on a port other than port 80, for
example, HTTP/site.contoso.com:9999 and HTTP/site:9999.
8.
Click OK.
9.
Click OK.
Configuring Authentication
5-17
MSSQLSvc/sqlserver01:1433
MSSQLSvc/sqlserver01.contoso.com:1433
Additional Reading
How to use SPNs when you configure Web applications that are hosted on
Internet Information Services at http://go.microsoft.com/fwlink
/?LinkID=197065&clcid=0x409.
5-18
SETSPN at http://go.microsoft.com/fwlink/?LinkID=198479&clcid=0x409.
Configuring Authentication
5-19
Anonymous
You can enable anonymous authentication on either the Create New Web
Application or Edit Authentication pages.
Anonymous authentication does not provide anonymous users with permission to
view content within a Web application. Anonymous access must be granted at the
securable object level. You can grant anonymous users permission to an entire site
or to specific lists and libraries.
Basic
Because basic authentication relies on the exchange of plaintext, unencrypted
credentials if you choose to use basic authentication, it is recommended to enable
Secure Sockets Layer (SSL) encryption to provide a secure implementation.
5-20
Digest
User credentials are sent as an MD5 message digest in which the original user
name and password cannot be deciphered. Digest authentication uses a
challenge/response protocol that requires the authentication requestor to present
valid credentials in response to a challenge from the server. To authenticate against
the server, the client has to supply an MD5 message digest in a response that
contains a shared secret password string.
Digest authentication for SharePoint is not particularly common. To implement
digest authentication, you must:
1.
2.
Client Certificates
Client certificates are issued by a Certificate Authority (CA), and they must
conform to the Public Key Infrastructure (PKI). To implement client certificate
authentication, you must:
1.
2.
3.
Enable SSL.
4.
Configuring Authentication
5-21
Secure Store Service, or SSS, is the replacement to Microsoft Single Sign On. An
important point: SSO and SSS are an enterprise single sign on solution. This means
that it only stores the user name and passwords. It is not the responsibility of the
SSS to do any logging on. An application must make a call to SSS, and then based
on the application or services that make the call, a set of credentials are returned.
The new SSS has improved APIs and more integration across the SharePoint farm
through various service applications. BCS, Excel Services, and PerformancePoint
are examples of this. They require credentials for users that execute reports when
they do not explicitly have access to those data sources.
5-22
Run the Secure Store Service in a separate application pool that is not used for
any other service.
Run the Secure Store Service on a separate application server that is not used
for any other service.
Create the Secure Store database on a separate application server running SQL
Server. Do not use the same SQL Server installation that contains content
databases.
Back up the Secure Store database before generating a new encryption key.
You should also back up the Secure Store database after it is initially created,
and again each time credentials are re-encrypted. When a new key is
generated, the credentials can be re-encrypted with the new key. If the key
refresh fails, or the passphrase is forgotten, the credentials will not be usable.
Back up the encryption key after initially setting up the Secure Store Service,
and back up the key again each time it is regenerated.
Do not store the backup media for the encryption key in the same location as
the backup media for the Secure Store database. If a user obtains a copy of
both the database and the key, the credentials stored in the database could be
compromised.
Application IDs
Each Secure Store Service entry contains an application ID that is used to retrieve a
set of credentials from the Secure Store database. Each application ID can have
permissions applied so that only specific users or groups can access the credentials
that are stored for the application ID. Applications use application IDs to retrieve
credentials from the Secure Store database on behalf of a user. The application can
then use the retrieved credentials to access a data source.
Application IDs map your users IDs to credential sets. Mappings are available for
groups or individuals. In a group mapping, every user that is a member of a
specific domain group is mapped to the same set of credentials. In an individual
mapping, each individual user is mapped to a unique set of credentials.
Configuring Authentication
5-23
5-24
Lesson 2
Objectives
After completing this lesson, you will be able to:
Configuring Authentication
5-25
5-26
Key Points
Federated identity allows you to use credentials hosted in select external
authentication systems. This results in lower costs from not having to manage your
own authentication provider. In addition, usability increases because users have
only one user name and password that they can use with any application. There
are many large identity providers in the world; for example, the largest is Windows
Live ID and OpenID.
In most cases, your users are not located in a single authentication system, which
means you must set up a gateway to map each of those external users into a
gateway with a single integration point for your own applications to use. This is an
alternative to implementing your own gateway in each of your applications.
When we talk about federating these attributes, we call them claims. Since the
authentication system is external, these claims are not known to contain valid facts
about the users until further identified.
Configuring Authentication
5-27
Claims Providers
Claim providers are the entities that do all the work. They implement the WS-*
standards and provide the claims back to the calling clients (in this case,
SharePoint). Keep in mind that a system can be a consumer and provider at the
same time. SharePoint implements its own claims provider for forms-based identity
in 2010. Claims providers perform the following tasks:
Augmentation of Claims
5-28
Key Points
ADFS is a platform for integrating external authentication stores and trusting them
with federated authentication. This means that instead of creating a user name and
password database for external users or creating a new domain, you can simply
point to an external authentication store and allow users to continue to use their
own user name and password. As part of any authentication system, users have
attributes.
ADFS implements industry standards of the WS-* stack which means that it can
integrate with any authentication system in the world that implements these global
standards.
ADFS has a simple to use interface that allows you to build rules around the target
systems and the claims that will be trusted. You can build rules to use these claims
and allow or disallow requests based on claims information.
Configuring Authentication
5-29
Key Points
When authenticating to an external system, a token is generated that contains the
information about the user. This token can be used by the target application to
make decisions about what you will let the user do in the system.
A key element about a claims-based system is trust. An external system can claim
many things about a user, but you have to determine if your systems trust what
that external system claims about that user. Advanced claims-based authentication
systems may pull claims from more than one system and aggregate them together
to make an authorization decision.
The following describes the federated sign-in process for a user to perform an
action that requires authentication:
As a user, you will request to access the SharePoint site you are interested in
visiting.
You are then redirected to the Identity Provider (IP) and after that, the external
Secure Token Service (STS) generates the requested token.
5-30
You are given a token, which will then be forwarded to the application (in this
case, SharePoint).
SharePoint uses the token to authorize you for the actions requested.
For example, most Microsoft sites require you to have a Live ID to log in. When
you click login on the Microsoft system, it will redirect you to Live ID where Live
ID will let the user logon. Then the user will be redirected to the application with
claims data, for example, a token. The site then uses that token to allow the user to
access its resources.
Configuring Authentication
5-31
Key Points
Forms-based authentication has changed in SharePoint Server 2010. It is no longer
based on ASP.NET Generic Identities, but rather a claims identity is created. This is
accomplished by the SecurityToken.svc service and a custom Microsoft Identity
Framework Token Service Host Factory. You must also enable your forms
membership and role providers in this SecurityToken service or your Web
application will not be able to use forms-based authentication.
Forms-based authentication is an identity management system that uses the
ASP.NET membership and role provider authentication. In SharePoint Server
2010, FBA is only available when you use claims-based authentication.
FBA is used for authentication purposes. The process accounts that connect to
Microsoft SQL Server database software and run the farm must be Windows
accounts, even when using alternative methods of authentication to authenticate
users.
5-32
SharePoint Server 2010 supports SQL Server authentication and local computer
process accounts for farms that are not running Active Directory Domain Services.
For example, you can implement local accounts by using identical user names and
passwords across all servers within a farm.
To use FBA to authenticate users against an identity management system that is
not based on Windows, or that is external, you must register the custom
membership provider in the Web.config file. In addition to registering a
membership provider, you can register a role manager. SharePoint Server 2010
uses the standard ASP.NET role manager interface to gather group information
about the current user. Each ASP.NET role is treated as a domain group by the
authorization process in SharePoint Server 2010. You register role managers in the
Web.config file the same way you register membership providers for
authentication.
When you want to manage membership users or roles from the Central
Administration site, you can register the membership provider and the role
manager in the Web.config file for the Central Administration site. You would do
this in addition to registering those membership users in the Web.config file for
the Web application that hosts the content.
Ensure that the membership provider name and role manager name that you
registered in the Web.config file is the same as the name that you entered in
Central Administration. If you do not enter the role manager in the Web.config file,
the default provider specified in the Machine.config file might be used instead. For
example, the following string in a Web.config file specifies a SQL membership
provider: <membership defaultProvider="AspNetSqlMembershipProvider">.
Integrating with FBA places additional requirements on the authentication
provider. In addition to registering the various elements in the Web.config file, the
membership provider, role manager, and HTTP module must be programmed to
interact with SharePoint Server 2010 and ASP.NET methods.
Configuring Authentication
5-33
Key Points
Since SharePoint uses claims identities, SharePoint must convert that identity to
the corresponding NT Token in order for a user to access Windows-only
authenticated resources.
In SharePoint 2010, claims to Windows Token Service (C2WTS) are responsible
for converting the claims identity to the NT Token. C2WTS is a Windows service
that monitors requests and then creates the mappings and token (NT Token)
creation.
If this service is not running, then calls to Windows authenticated resources will
not succeed.
5-34
Scenario
The Client Services department at Contoso, Ltd. has asked you to establish a
SharePoint site with which employees and clients can collaborate. Your
organizational IT Policy states that only employees shall have an Active Directory
account. Therefore, you must configure a custom authentication mechanism using
forms based authentication, so that user accounts for clients can be maintained in a
separate database.
Start 10174A-CONTOSO-DC-D.
2.
Configuring Authentication
5-35
2.
3.
Create users.
4.
Accept all of the defaults in the ASP.NET SQL Server Setup Wizard.
5-36
Ignore the error message that indicates the membership provider name
specified is invalid.
Ignore the error message that indicates the membership provider name
specified is invalid.
Configuring Authentication
5-37
Results: After completing this exercise, you should have a new custom database to
support forms-based authentication for SharePoint, and you should have two user
accounts in the database.
5-38
2.
3.
Task 1: Create a Web application that uses both Windows and formsbased authentication
Port: 80
Create a site collection in the new Web application with the following settings:
Configuring Authentication
5-39
Task 2: Add a DNS host record for the new Web application
Start DNS Manager using the Run as different user option. Enter the user
name, CONTOSO\Administrator, and the password, Pa$$w0rd.
In the contoso.com forward lookup zone, create a new host record named
clients with the address 10.0.0.21.
Results: After completing this exercise, you should have created a Web application
that is accessible both by employees, using Windows authentication, and by clients,
using forms-based authentication.
Leave the virtual machines running. You will use them for Lab B.
5-40
Scenario
Information workers at Contoso, Ltd. have started using the new intranet portal
site and would like to start using SharePoint Designer 2010 to add Business
Connectivity Services applications to pages. Organizational IT policy states that
under no circumstances shall credentials be stored in an unencrypted manner in
applications. Because of this policy, users will not be allowed to embed credentials
in the ASP.NET pages. You have been tasked with configuring Secure Store Service
to facilitate the authentication for these information workers.
Configuring Authentication
5-41
In the Users container, create the user accounts listed in the table below. For
each account, set the password to Pa$$w0rd, clear the User must change
password at next logon check box, and select the Password never expires
check boxes.
Full name
SP_Excel_USA
SP_PerfPoint_USA
SP_Visio_USA
5-42
2.
3.
4.
5.
Configuring Authentication
5-43
Results: After completing this exercise, you should have fully configured the Secure
Store Service and created two target applications.
5-44
2.
3.
Configure the Visio Graphics Service global settings to use the application ID,
VisioUnattendedSA, to access external data.
Visio can now execute diagrams, and data connection refreshes using the
unattended account.
Results: After completing this exercise, you should have configured Excel Services,
PerformancePoint and Visio to have an Unattended Secure Store account.
Configuring Authentication
5-45
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
5-46
Review Questions
1.
Why must you remove the <clear/> elements from the Web.config file?
2.
3.
How would you describe the role of the Secure Store Service?
Securing Content
6-1
Module 6
Securing Content
Contents:
Lesson 1: Administering SharePoint Groups
6-3
6-20
6-32
6-41
6-2
Module Overview
Securing Content
6-3
Lesson 1
In SharePoint 2010, you can grant permissions and roles directly to user accounts
in AD DS in addition to other identity providers. However, if you have more than a
small number of users, or if you plan to have more users in the future, you should
organize users into groups and grant those permissions and roles to the groups. By
using groups, you can manage large numbers of users in single operations and
help to ensure that permissions oversights do not occur. In this lesson, you learn
about SharePoint groups and AD DS groups, how they integrate together, and how
you should use them to organize your user accounts for authorization.
After completing this lesson, you will be able to:
6-4
Securing Content
6-5
In SharePoint 2010, there is a flexible model for organizing users and authorizing
them to access content. This consists of security principals, permission levels, and
securable objects such as lists or libraries.
Security Principals
A security principal is an object to which you can assign permissions. You can
organize user accounts into groups to ease administration. For example, if you
place all Sales staff into a single group, you can authorize them all to access the
Sales Team Site in a single operation by assigning permissions to the group.
Furthermore, when a new member of staff starts work you do not need to assign
that user permission individually. By placing the new member in the Sales group,
you implicitly grant the user permission to the Sales Team Site and all the other
resources to which you have granted the Sales group permission. By grouping
users in this way, you can significantly reduce administrative overhead.
In SharePoint 2010, you can create SharePoint groups to assign permissions and
permission levels. Alternatively, you may use AD DS groups that you already have
to secure access to computers and Microsoft Windows resources.
6-6
View Items
Open Items
Edit Items
The Read permission level includes the View Items and Open Items
permissions but not the Edit Items permission.
You can use the five permission levels included with SharePoint 2010 or create
your own by assembling a combination of permissions.
Securable Objects
A securable object is an object in the SharePoint hierarchy on which you can assign
permission levels for a user account or group. These include the following:
Sites
Lists
Libraries
Folders
Documents
Items
You can assign permission level at a very granular level, right down to single items,
but consider that these many permissions granted at low levels can make access
confusing for users and difficult to administer and troubleshoot. Instead, place
items with similar sensitivity in lists or libraries and assign permission levels on the
list or library.
Securing Content
6-7
SharePoint 2010 creates some SharePoint groups by default whenever you create a
new site. In many cases, these default groups may satisfy all your authorization
requirements and render custom groups unnecessary. Before you plan to create
extra groups, understand the membership and permission levels applied to the
default groups.
Visitors. This group is assigned the Read permission level that allows
members to view site contents, open items, and open documents but not make
any changes.
Members. This group is assigned the Contribute permission level that grants
all the permissions of the Read level and adds the ability to add, edit, and
delete items and documents.
6-8
Owners. This group is assigned the Full Control permission level that grants
all permissions to members. Owners can therefore assign permission levels,
change content, read content, and take other actions.
Approvers. Members can approve new and changed items for publishing.
Designers. Members can alter page designs in the browser and by using
SharePoint Designer.
Hierarchy Managers. Members can create and manage folders, lists, and
libraries.
Restricted Readers. Members can read items in certain parts of the site and
have limited access to specific lists.
Style Resource Readers. Members can read only master pages and the style
library.
Securing Content
6-9
When default groups are not sufficient for your needs, you can choose to create
custom SharePoint groups. You should consider custom groups in the following
situations:
When you have more user roles in your site than you can model with the
default groups.
When you want to use names different from the default groups. For example,
in your organization those people who design sites may be referred to as
Interface Managers or some other name. In this case, rename the Designers
group to Interface Managers.
6-10
Securing Content
6-11
AD DS has a rich and flexible set of features for grouping users, and in SharePoint,
you can assign permissions and permission levels directly to AD DS groups.
However, this approach limits some SharePoint capabilities. This topic compares
AD DS and SharePoint groups to help you understand when to use each.
AD DS Groups
AD DS groups are managed outside SharePoint. Therefore:
You must use Active Directory Users and Computers to set up membership;
this tool is designed for technically able IT personnel and other users may not
find it easy.
You centrally manage AD DS groups. If you want only one set of groups for all
systems in your organization, place them in AD DS.
6-12
SharePoint Groups
By contrast, the following points are true of SharePoint groups:
SharePoint has a membership user interface for SharePoint groups that is easy
for nontechnical authors to use and appears in the relevant site.
You can view SharePoint groups and users for a site in a single Web page.
Securing Content
6-13
You can choose from several approaches for using groups in SharePoint.
6-14
Advantages
Disadvantages
Sites to which you grant the group access do not automatically appear in My
Sites. However, the user can manually add them.
The User Information List does not show individual users until they have
contributed to the site.
Securing Content
6-15
Administrative Groups
SharePoint 2010 also has built-in groups for system administration, and Windows
administrators can configure SharePoint settings.
Have Full Control access to a site collection and all the sites in it.
Have access to all the content in a site collection. This overrides any
permissions assigned by site owners.
6-16
Can use all the tools under Site Collection Administration on the Site Settings
page at the site collection level.
You can also add new users or groups to the Site Collection Administrators after
the site collection has been created.
Can control which users can manage server and farm settings.
Can take ownership of any site collection to get access to content if necessary.
Windows Administrators
Members of the local Administrators group on the SharePoint server also take a
role in SharePoint administration. A user account can be a direct member of this
account, such as the local Administrator account, or inherit membership from an
AD DS group, such as the Domain Admins group. Windows Administrators have
the following characteristics:
Can install new products and applications on the server, such as antivirus
packages.
Securing Content
6-17
Can deploy Web Parts and other custom components to the global assembly
cache (GAC).
Can create Web sites, Web applications, and control other Internet
Information Services (IIS) settings.
6-18
For every site collection, SharePoint maintains a User Information List to store
details of current users and their activities. This differs from the People and Groups
list because the users it displays are dynamic. When SharePoint displays who last
modified a file, for example, it takes the information from the User Information
List.
Securing Content
6-19
When they contribute to the site content, for example, by adding or editing a
file
When they set up an alert to be notified about events in the site collection
Only Site Collection Administrators can view the User Information List. The list is
at the following location:
http://sharepointserver/sitecollection/_catalogs/users/simple.aspx.
6-20
Lesson 2
SharePoint permission levels are also referred to as roles. Now that you understand
how SharePoint uses user accounts, AD DS groups, and SharePoint groups, you
can study how to assign permissions and roles to those security principals.
After completing this lesson, you will be able to:
Securing Content
6-21
2.
3.
4.
6-22
5.
6.
7.
Click Save.
2.
3.
4.
5.
Select the level of access you want to grant to anonymous users, and then
click OK.
Note: The Anonymous Access button on the ribbon is disabled until you have
configured anonymous access in Central Administration.
Securing Content
6-23
In many cases, with careful planning and good use of permissions levels at the site
collection level, you can avoid assigning permissions to users at the site, list, or
library levels. Such a permissions scheme is easy for users to understand because
the level of access they receive is consistent throughout a site collection. It also
eases troubleshooting because administrators have a single location where all
permissions are assigned. However, in other cases, you may have to assign more
granular permissions at the site, list, or library levels.
Site-Level Permissions
When you create a new site, permissions are inherited by default from the parent
site and you cannot set extra permissions on the site. However, if you wish not to
use this inheritance model, click More Options in the Create dialog. Then, under
User Permissions, click Use Unique Permissions. You can also break inheritance at
any subsequent time on the Site Permissions page for a subsite by clicking Stop
Inheriting Permissions on the ribbon.
When you break permissions inheritance in this way, the initial permissions for the
site are those that would have been inherited from the parent. However, you can
now remove these or configure additional permissions.
6-24
Note: For site, list, and library permissions, if you choose to break inheritance, you
can later reestablish permissions inheritance and remove any customized
permissions you applied.
Securing Content
6-25
You can also control permissions at the level of individual items, documents, and
folders.
Inheritance
Permissions on items, documents, and folders are inherited from the parent by
default. You should maintain inheritance whenever possible as a best practice for
the following reasons:
You can manage permissions more easily because they are set at a single level
in the hierarchy.
6-26
However, when required, you can break inheritance on folders and items. If you
break inheritance, you can remove inherited permissions and configure additional
permissions to create an entirely independent level of access. Subsequently, you
can reestablish inheritance if your requirements change.
Securing Content
6-27
Permission Levels
2.
3.
6-28
Some permission levels, such as Read and Full Control, exist by default in every
site collection. Other default permission levels are added by certain site templates.
For example, when you create a site using the publishing template, the Approve
and Manage Hierarchy permission levels are added.
The Read permission level, for example, consists of the following permissions:
List Permissions
View Items
Open Items
View Versions
Create Alerts
Site Permissions
View Pages
Open
Securing Content
6-29
6-30
In SharePoint sites that use version control, users must check out documents and
other items before they can make changes. While the document is checked out,
other users cannot make changes; this ensures that proper version control is
maintained so that no two users can simultaneously make changes to the same
document, thereby overriding one anothers edits.
Sometimes, however, a user forgets to check a document back in. If this happens,
other users cannot be productive until the check-out is removed. To prevent
productivity barriers like this, you should ensure that you grant users the Override
Check Out permission.
Securing Content
6-31
Overriding a check-out is usually a last resort because it can result in lost changes.
Consider the situation where a user has checked out a document and taken a
vacation:
If the user saved the document to SharePoint but forgot to check the
document in, you can check it in and no changes are lost.
If the user saved some changes to SharePoint but did not upload the last
version, you can check the document in and lose the latest changes.
If the user uploaded no changes and instead changes the local copy, you can
check the document in or discard the check-out and lose all the changes.
Grant the powerful Override Check Out permission to only a restricted set of
users.
Ensure that there is always at least one person available to override check-outs.
You should consider creating a new permission level that includes only the
Override Check Out permission so that you can carefully manage the assignment
separately from other permissions. A separate permission also reduces the chance
that you accidentally grant Override Check Out to users who should not have it.
6-32
Lesson 3
Securing Content
6-33
User Policy
With user policies, you can grant user accounts or groups permission levels that
apply to all site collections in the Web application. These policies override any
permissions set at lower levels by site collection administrators.
To configure a user policy, first select the Web application you wish to administer,
and then click User Policy. When you add a policy you can select the zone to
which it applies. In this way, you can apply a different policy to a user depending
on the authentication mechanism the user used to connect.
6-34
Anonymous Policy
The anonymous policy for a Web application restricts what anonymous users can
do. You can use anonymous policies to deny users Write access or prevent any
access at all. As for user policies, you can apply different anonymous policies to
users depending on the zone through which they connect.
Permission Policy
In the permission policy for a Web application, you can create permission levels
just as you do in site collections. The permission levels in the Web application
policy appear as default permission levels for all site collections in that application.
Also, these permission levels are those selectable in the user policy.
Note: Site templates may add extra default permissions to sites as you create them.
Securing Content
6-35
You can also restrict the permissions that are available in the site collections in a
Web application. This is an unusual step, but you might find it useful when you
need to place boundaries on user actions throughout a site collection.
6-36
Configuring Auditing
You can use auditing to create a record of the actions of users. Use this record to
examine who is doing what in your SharePoint farm. By examining audit reports
regularly, you can be confident that permissions are appropriate, users are viewing
information appropriate to their role, and sensitive documents are not being seen
by unauthorized personnel. Auditing is thus essential for good security.
2.
With the Audit Log Trimming settings, you can ensure that audit logs are stored
for a limited time and so do not consume large amounts of disk space. Specify the
number of days to keep audit logs and a location to store audit log reports.
Securing Content
6-37
2.
A large range of audit reports is available to display different events in your site
collection, and you can also create custom reports. Only site collection
administrators can view audit reports.
6-38
Securing Content
6-39
IRM Permissions
Full control of the documents, as defined by the
client application. This generally permits the user
to read, edit, copy, save, and modify permissions
of the document.
Edit, copy, and save permissions. The user can
print the document only if the document library
IRM settings are configured to allow document
printing.
2.
3.
6-40
4.
5.
Securing Content
6-41
Scenario
You have created an intranet on a new SharePoint 2010 farm at Contoso, Ltd.
You have been tasked with helping set up users, groups, and permissions on the
intranet until governance and training are in place, at which point permission
management will be delegated to site collection administrators. Additionally, you
must configure SharePoint to support the business requirement that the internal
security and compliance audit team has the ability to access all information stored
on the intranet.
Start 10174A-CONTOSO-DC-D.
2.
6-42
2.
3.
4.
5.
Securing Content
6-43
Task 5: Create a new group and assign it the Design permission level
Results: After this exercise, you should have added users to the Members and
Visitors groups and created a new SharePoint group.
6-44
2.
3.
4.
Create a custom permission level named View Usage with the description Can
see only usage data about this site. Assign the View Web Analytics Data
permission. Additional permissions will be selected automatically.
Create a group named Usage Monitors with the description Use this group to
grant people permission to view Web Analytics data for the SharePoint
site: Information Technology Dept. Assign the group the View Usage
permission level.
Securing Content
6-45
Results: After this exercise, you should have created a new custom permission level
assigned to a custom group that gives users the ability to view Web Analytics
reports.
6-46
2.
3.
Securing Content
6-47
Results: After this exercise, you should have configured a list and list item with
custom permissions.
6-48
2.
Create groups.
3.
4.
5.
6.
On SP2010-WFE1, start Active Directory Users and Computers with the Run
as different user option. Enter the user name CONTOSO\Administrator and
the password Pa$$w0rd.
Open the Users container. Create a new group named SharePoint Content
Auditors. Add CONTOSO\JimD to the SharePoint Content Auditors group.
Create a group named SharePoint Deny Policy, and then close Active
Directory Users and Computers.
Securing Content
6-49
In the User Policy for the intranet Web application, add a user policy that
gives CONTOSO\SharePoint Content Auditors the ability to read all content
from all zones.
Add a user policy that gives CONTOSO\SharePoint Full Control Policy full
control of all content from all zones.
Add a user policy that denies CONTOSO\SharePoint Deny Policy any access
from all zones.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
6-50
Review Questions
1.
What differences exist between the available permissions and the behavior of
inheritance in SharePoint in contrast to a folder on an NTFS volume?
2.
7-1
Module 7
Managing SharePoint Customizations
Contents:
Lesson 1: Customizing Microsoft SharePoint
7-3
7-14
7-30
7-38
7-43
7-49
7-2
Module Overview
Objectives
After completing this module, you will be able to:
7-3
Lesson 1
You can use several different tools to customize SharePoint to meet your
requirements. For example, in the browser you can apply themes and add Web
Parts to pages. To make more extensive changes, you may need to use Microsoft
SharePoint Designer 2010. For advanced customization, developers commonly use
Microsoft Visual Studio 2010, which includes advanced integration with the
SharePoint platform. As a SharePoint administrator, you should understand the
changes developers can make so you can ensure the SharePoint farm remains
stable and secure when it runs custom code.
After completing this lesson, you will be able to:
7-4
Key Points
How do you ensure that customizations do not affect stability and security?
7-5
Some SharePoint customizations are quick and easy to use and make simple
changes; you can make these changes in the browser. Others require extensive
expertise but are very powerful; you need specialist tools to make these changes.
Note: The customizations that each user can complete are restricted by their
permissions and permission levels. For example, contributors cannot, by default,
choose or modify master pages.
7-6
Silverlight applications.
7-7
7-8
You can begin customizing a SharePoint site in the browser user interface you
already use to access SharePoint.
7-9
Browser Customizations
In the browser interface, the customizations you can make include the following:
Change the site theme. A theme applies a set of colors and fonts to a site. In
addition, you can upload a theme from a Microsoft Office PowerPoint slide
deck and use it as a SharePoint theme. This is a simple way to apply corporate
colors and fonts to a SharePoint site.
Change the master page. A master page is an ASP.NET Web page with a set of
common controls and other common features. For example, in SharePoint, the
Quick Launch control is part of the master page. SharePoint includes several
master pages and your organization can create more by using SharePoint
Designer or Visual Studio. In the browser, you can choose the master page
from the existing list but you cannot create new master pages.
Add lists and libraries. You can choose from various types of lists and
libraries, such as calendars and asset libraries.
Add content types. A content type describes a new kind of item and
document.
Edit text. For example, users can edit the "Wake Up Call Service Control" text
in the slide screenshot.
Add images. You can insert images to illustrate a point or enliven the page.
Add rich graphs. You can visualize data by using the Chart Web Part.
7-10
SharePoint Designer
7-11
7-12
Microsoft Visual Studio 2010 provides the greatest array of possibilities for
customizing SharePoint 2010. In many cases, where a customization cannot be
completed in SharePoint Designer, you may need to work with a developer who
uses Visual Studio.
Silverlight applications.
7-13
Custom feature receivers that run code when features are activated or
deactivated.
Custom event receivers that run code when a SharePoint event occurs. When a
user creates a new item in a SharePoint list, for example, an event receiver can
respond.
Use Visual Studio for any solution that requires custom compiled code.
7-14
Lesson 2
7-15
7-16
Features
Feature Scope
A SharePoint feature is installed into one of four possible scopes depending on
where its functionality is relevant and who should administer the feature. These
include the following:
Server Scope
These features can include customizations to a single Web front end or service
application server. Server scope features are enabled and disabled by farm
administrators.
7-17
Site Scope
These features can include customizations to a single SharePoint site only. Site
scope features are enabled and disabled by site administrators, site collection
administrators, and site owners.
Built-In Features
Much of the out of the box SharePoint functionality is encapsulated into features.
These features allow you to enable the functionality that you need and disable the
functionality that you consider unnecessary. For example, in the slide, you can see
the Content Organizer feature, which is currently enabled. If you dont use the
Content Organizer to file content automatically, you can disable this feature in
your site.
Keep built-in features in mind when troubleshooting SharePoint: if users cannot
find a tool or facility in SharePoint that they know is included in the product, it
may be because a built-in feature must be enabled.
Custom Features
Custom functionality is usually encapsulated in features. Therefore, the features
you see in your SharePoint system depend on the customizations you have
installed. Custom features may be created by any of the following:
7-18
7-19
Web Parts and Visual Web Parts. Users can add these to Web Parts pages.
ASP.NET User Control or Server Controls. Users cannot modify these user
interface components.
List Instances. These ensure that when the feature is activated, a new list is
created.
List Templates. Users can use these templates to create new lists.
Modules. These are files that are automatically added to SharePoint by the
feature.
Feature Receivers. These contain code that runs when a feature is activated.
7-20
Deploying Features
A feature consists of a folder hierarchy. The top folder name is the name of the
feature and it contains a file called Feature.xml and other files and folders. To
begin deploying your feature, copy this folder to the following location:
C:\Program Files\Common Files\Microsoft Shared\Web Server
Extensions\14\TEMPLATE\FEATURES
Now that the feature is in the right location, you must install it. To do this you can
use Windows PowerShell:
Install-SPFeature Path "ContosoProjects"
7-21
When you have installed the feature, it is visible in the list of features at the correct
scope. The scope is determined by the developer when they create the feature.
Activating Features
Although you have installed your feature, its functionality is not available to users
until you activate it. You can do this in the browser interface. For example, if the
feature is site-scoped:
1.
In the site where you want to use the feature, click Site Actions, and then click
Site Settings.
2.
3.
When you have installed and activated a feature, users can begin to employ its
custom functionality.
Note: If you have multiple Web front-end servers in your SharePoint farm, you must
install each feature on every Web front-end server to ensure its availability.
In many cases, you do not install features manually but as part of solution
packages, which are described later.
7-22
If you want to deactivate and remove features, similar PowerShell commands and
Stsadm.exe options are used.
7-23
Farm Solutions
7-24
Package Content
A solution package can contain any number of the following:
Features
Site Definitions
Assemblies
Files
Notice, for example, that you could include two featuresone with site scope and
one with Web application scope, into a single solution package for easy
deployment.
Note: When you have multiple Web front-end servers, you must install each feature
on each one. However, this is not necessary with solution packages. SharePoint
automatically installs the contents of your package on all front-end servers.
7-25
You must be a farm administrator to add a solution to a farm and deploy it. If you
are a farm administrator, you can use PowerShell or Stsadm.exe for both these
operations. You can also use the browser to deploy a solution you have previously
added.
Adding Solutions
When you add a solution package, you upload the package to the SharePoint
solution store so that it is ready for installation. Use the following command to add
a solution in PowerShell:
Add-SPSolution LiteralPath "c:\custom\contososolution.wsp"
Notice that you do not need to copy the solution package into the SharePoint
Templates folder before you add it. Instead, you supply the path to the .wsp file.
Use the following command to add a solution in the Stsadm.exe:
Stsadm o addsolution filename c:\custom\contososolution.wsp
7-26
Installing Solutions
When you deploy a solution, you install all the features and other objects it
contains, and the functionality becomes available to users. Once a solution package
has been added, you can view and deploy it in the browser. To do this, follow these
steps:
1.
2.
3.
4.
Click the solution you wish to deploy and then click Deploy.
Alternatively, you can also deploy a solution by running this Stsadm.exe command:
Stsadm o deploysolution name ContosoSolution
To uninstall and remove a solution package by using Stsadm.exe, run the following
commands:
Stsadm o retractsolution name ContosoSolution
Stsadm o deletesolution name ContosoSolution
7-27
Developer Dashboard
Execution time. This is the time in milliseconds that each component on the
page took to complete. Slow components take many milliseconds and delay
the page load.
Call stack. This is the hierarchy of objects that were involved in page
rendering.
7-28
Database query time. This is the time in milliseconds that any request to the
content database took.
Web Part execution time. This the time, in milliseconds, that each Web Part
took to render its user interface.
On. The dashboard is always displayed. Do not use this mode in production
environments.
If you wish to use the Developer Dashboard, or if any developers wish to use it,
you must enable it.
In Stsadm.exe, you can use the following command to enable the Developer
Dashboard:
stsadm o setproperty pn developer-dashboard pv "On"
7-29
7-30
Lesson 3
7-31
7-32
Sandboxed Solutions
Solutions run a version of the SharePoint Object Model with some classes
removed. These classes that may affect security and stability if poorly used.
Solutions run under a strict code access security policy. This increases
protection against malicious code.
7-33
Solutions are governed by resource quotas set by administrators. You can use
these quotas to ensure that solutions do not over-consume resources and
cause contention and slow responses.
Note: Although the sandbox is a restricted environment, solutions within it can still
access most of SharePoints facilities and remain powerful.
Sandboxed solutions are sometimes called user solutions. They are stored in the
Solution Gallery in a site collection, which you can access from the Site Settings
page. Site collection administrators can upload new solutions to the sandbox at
any time and enable them without involving farm administrators or developers.
Custom workflows.
7-34
The sandbox relies on the user code service to provide the restricted environment
in which to run solutions. As an administrator, you must understand this service
application and configure it in Central Administration.
7-35
Note: You can find these processes in the Task Manager and the SharePoint 2010
User Code Host service in the services application. However, you should not start
and stop the processes and services in these tools. Instead, use Central
Administration to determine where the user code service runs.
2.
At the top of the service list, choose the SharePoint server you want to
administer.
3.
4.
7-36
A key feature of the sandbox is the way it restricts the server resources that each
solution can consume in a day. When a solution runs, an algorithm calculates
points that reflect the processor time, memory usage, database queries, and other
server resources that it uses. Farm administrators set a maximum number of points
that each sandboxed solution can consume in a day. Administrators can also tune
the algorithm to adapt it more closely to the available resources on their servers.
Setting Quotas
To set quotas for a site collection, take the following steps:
1.
2.
At the top of the window, select the Site Collection you wish to administer.
3.
Under Site Quota Information, you can specify the Maximum usage per day
in points.
4.
You can also specify a warning level. Administrators receive an e-mail alert
when a solution exceeds this limit.
7-37
Points Calculation
SharePoint uses 14 metrics to calculate points. These include the following values:
CPU Cycles. When the processor uses a predefined number of cycles on the
sandboxed solution, a point is logged.
Percentage Processor Time. When the sandboxed solution uses more than a
predefined percentage of the processing time, a point is logged.
As you can see, there is a predefined number involved in each metric. The
administrator can influence the algorithm by setting these numbers in PowerShell.
2.
3.
4.
Optionally, type a message in the Message box. This message will be displayed
when a user tries to use the solution.
5.
7-38
Scenario
You have just installed a new SharePoint 2010 farm at Contoso, Ltd. Several
developers would like to test the functionality of features and solutions they
created for SharePoint 2007. Corporate IT policy states that only administrators
may modify the production environments, so it is your job to install these features
and solutions.
Start 10174A-CONTOSO-DC-D.
7-39
2.
3.
4.
Deactivate a feature.
7-40
Open the SharePoint 2010 management shell and use the installfeature
operation of Stsadm.exe to install the feature.
Tip: The installfeature operation is focused, by default, on the features folder. The
path to the feature can be entered as a path that is relative to the Features folder.
This will install a new feature into SharePoint that enables a simple custom
action in the Site Actions menu.
Click the Site Actions menu, and then click the new item on the menu, A
Custom Action.
A Message from webpage window appears with the message, Hello World.
Click OK.
Confirm that the item, A Custom Action, no longer appears on the Site
Actions menu.
Results: After completing this exercise, you should have installed, activated and
deactivated SharePoint features.
7-41
Install a solution.
2.
Deploy a solution.
3.
Use the addsolution operation of Stsadm.exe to add the following two solutions
to the farm:
D:\Labfiles\Lab07\ApplicationTemplateCore.wsp
D:\Labfiles\Lab07\BugDatabase.wsp
Create a new Web site named Bug Tracking, with the URL
http://intranet.contoso.com/sites/IT/Bugs and with the Bug Database site
definition.
7-42
Open the new bug tracking Web site. Then close all open Internet Explorer
windows.
Results: After completing this exercise, you should have installed and deployed
SharePoint solutions to your farm.
Leave the virtual machines running. You will use them for Lab B.
7-43
Scenario
Developers have started testing their solutions on your SharePoint farm, and some
users have complained that the new solutions seem to be causing performance
problems. Your manager has tasked you with examining the resource usage of the
solutions and with changing the resource point settings of sandboxed solutions for
the time being to prevent database queries made by custom solutions from causing
problems.
2.
3.
7-44
In the Services console, confirm that the SharePoint 2010 User Code Host
service is not started, and that it is disabled.
In the Services console, confirm that the SharePoint 2010 User Code Host
service is started, and is set to start automatically.
From the All Site Content page, create a new announcement in the
Announcements list, with the title My Announcement.
An error message appears.
In the Webs Solutions Gallery, observe that the BadReceiver solution shows
no resource usage. That is because the timer job has not yet calculated
resource usage for the solution.
Results: After completing this exercise, you should have deployed and tested the
BadReceiver solution.
7-45
2.
Note: Be sure to run the Solution Resource Usage Update and not the Solution
Daily Resource Usage Update timer job. Running the latter will cause resource
usage points to be reset.
Run the timer job, Solution Resource Usage Log Processing, for the site
SharePoint intranet.contoso.com80.
Browse to the Solutions Gallery for the IT Web, and then refresh the page.
The resource usage for the solution should now be updated. If you do not see
the updated resource usage, then you may need to wait for up to 5 minutes for
the timer jobs to execute.
Results: After completing this exercise, you should have updated and executed one
of the sandboxed solutions timer jobs.
7-46
2.
3.
4.
7-47
Switch to the instance of Internet Explorer that displays the IT intranet Web.
It will take a few seconds to load the Web, because you recently reset IIS.
From the All Site Content page, create a new announcement in the
Announcements list, with the title My Next Announcement.
An error message appears.
In the Webs Solutions Gallery, observe that the BadReceiver solution shows
no resource usage. That is because the timer job has not yet calculated
resource usage for the solution.
If you see resource usage of 2.00, then you were lucky! The timer jobs
executed just in time. Skip to Step 6.
7-48
Observe that the resource usage of the solution is increasing more rapidly.
If you do not see the updated resource usage, then you may need to wait for
up to 5 minutes for the timer jobs to execute.
Results: After completing this exercise, you should have updated the default
sandboxed solution resource measures.
Leave the virtual machines running. You will use them for Lab C.
7-49
Scenario
You have installed a new SharePoint 2010 farm for your developers. Recently the
development manager fielded several performance issues from end users and has
mandated that applications are designed with performance as top priority. One of
the developers has asked you to enable the Developer Dashboard for debugging
and instrumentation purposes to support this new initiative.
2.
3.
7-50
Click the small icon in the top right next to SharePoint Administrator.
This will enable the Developer Dashboard for the page.
Database Queries
Service Calls
SPRequest Allocations
7-51
Results: After completing the exercise, you should have enabled and disabled the
Developer Dashboard on the IT intranet Web.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
7-52
Review Questions
1.
2.
You want to connect your SharePoint farm to a SQL Server database and
display external data in a SharePoint list. Would you use the browser,
SharePoint Designer, or Visual Studio to make this connection?
3.
4.
A user contacts you and asks you to test a sandboxed solution that he has
downloaded from a third party. He says he wants to ensure the solution does
not over-consume resources on the SharePoint servers. What advice do you
give him?
L1-1
Start 10174A-CONTOSO-DC-A.
2.
2.
3.
4.
b.
c.
Click Next.
Clear the User must change password at next logon check box.
g.
Click Next.
h.
Click Finish.
i.
L1-2
5.
6.
7.
j.
k.
l.
Click OK.
E-mail: SP_Farm@contoso.com
E-mail: SP_ServiceApps@contoso.com
Click Start, click All Programs, click Microsoft SQL Server 2008 R2, hold the
SHIFT key and right-click SQL Server Management Studio, and then click
Run as different user.
The Windows Security dialog box appears.
2.
3.
4.
Click OK.
Microsoft SQL Server Management Studio opens.
5.
Click Connect.
6.
Expand Security.
7.
8.
9.
L1-3
2.
Expand Configuration, expand Local Users and Groups, and then click
Groups.
3.
4.
Click Add.
5.
In the Enter the object names to select box, type CONTOSO\SP_Admin, and
then click OK.
6.
Click OK.
7.
8.
L1-4
2.
Open D:\Software\SharePointServer2010.
3.
Double-click default.hta.
The SharePoint Server 2010 Start page opens.
4.
5.
Click Yes.
The Microsoft SharePoint 2010 Products Preparation Tool appears.
6.
Click Next.
7.
Select the I accept the terms of the License Agreement(s) check box.
8.
Click Next.
The prerequisite installer prepares the server.
The Microsoft SharePoint 2010 Products Preparation Tool displays the
message, There was an error during installation. A summary of prerequisite
installation status is also displayed.
2.
Press CTRL+F.
The Find dialog box appears.
3.
4.
Observe the lines in the log file that indicate that the prerequisite installer
checked for the existence of Hotfix for Microsoft Windows (KB976462).
5.
6.
L1-5
Observe the lines in the log file that indicate that the prerequisite installer
attempted to download Hotfix for Microsoft Windows (KB976462) from
microsoft.com. Observe the URL that was used.
You can use this URL to manually download the prerequisite.
7.
8.
9.
2.
3.
4.
Open D:\Software\SharePointServer2010\PrerequisiteInstallerFiles.
5.
Open Notepad.
2.
Type the following, on one line, with spaces between each switch:
/SQLNCli:PrerequisiteInstallerFiles\sqlncli.msi
/ChartControl:PrerequisiteInstallerFiles\MSChart.exe
/KB976462:PrerequisiteInstallerFiles\Windows6.1-KB976462-v2x64.msu
/IDFXR2:PrerequisiteInstallerFiles\Windows6.1-KB974405-x64.msu
/Sync:PrerequisiteInstallerFiles\Synchronization.msi
/FilterPack:PrerequisiteInstallerFiles\FilterPack.msi
/ADOMD:PrerequisiteInstallerFiles\SQLSERVER2008_ASADOMD10.msi
/ReportingServices:PrerequisiteInstallerFiles\rsSharePoint.msi
/Speech:PrerequisiteInstallerFiles\SpeechPlatformRuntime.msi
/SpeechLPK:PrerequisiteInstallerFiles\MSSpeech_SR_en-US_TELE.msi
L1-6
3.
4.
5.
6.
Close Notepad.
7.
8.
Click Yes.
9.
L1-7
2.
3.
Click Yes.
4.
5.
6.
Click Continue.
7.
8.
On the Server Type page, click Complete, and then click Install Now.
Installation proceeds for approximately 7-10 minutes.
9.
On the Run Configuration Wizard page, clear the Run the SharePoint
Products Configuration Wizard now check box.
Open D:\Software\SharePointServer2010\Files\SetupFarmSilent.
2.
L1-8
3.
In a production environment, you would leave the Display element with its
default values (Level=none and CompletionNotice=no) for a completely
unattended installation.
In this lab, you change the values of the Display element so that installation
can be monitored.
4.
5.
6.
7.
Click Yes.
8.
Type the following command on one line, and then press ENTER:
"D:\Software\SharePointServer2010\setup.exe" /config
"D:\Software\SharePointServer2010\Files\SetupFarmSilent\
config.xml"
Click Start, then type %temp% and then press ENTER. Open the log
named SharePoint Server Setup*.log.
9.
On the Run Configuration Wizard page, clear the Run the SharePoint
Products Configuration Wizard now check box.
L1-9
L1-10
Click Start, click All Programs, click Microsoft SharePoint 2010 Products,
and then click SharePoint 2010 Products Configuration Wizard.
The User Account Control dialog box appears.
2.
Click Yes.
After a few minutes, the SharePoint Products Configuration Wizard appears.
3.
4.
Click Yes.
5.
On the Connect to a server farm page, click Create a new server farm, and
then click Next.
6.
7.
8.
9.
Click Next.
L1-11
In the task bar, hold the SHIFT key and right-click Windows PowerShell, and
then click Run as administrator.
The User Account Control dialog box appears.
2.
Click Yes.
3.
5.
Open Task Manager, click the Processes tab, and then select the Show
processes from all users check box.
b.
L1-12
6.
7.
L1-13
Click Yes.
After a few moments, Central Administration opens.
3.
4.
5.
On the Configure your SharePoint farm page, click Start the Wizard.
6.
7.
8.
9.
In the Services section, observe the list of service applications that will be
created by the Farm Configuration Wizard.
L1-14
Double-click D:\Software\SharePointLanguagePackFR
\ServerLanguagePack.exe.
The User Account Control dialog box appears.
2.
Click Yes.
3.
4.
Click Continuer.
The language pack installs.
5.
6.
Click Fermer.
Click Start, then click All Programs, then click Microsoft SharePoint 2010
Products, and then click SharePoint 2010 Products Configuration Wizard.
The User Account Control dialog box appears.
2.
Click Yes.
After a few minutes, the SharePoint 2010 Products Configuration Wizard
appears.
3.
4.
Click Yes.
The farm is configured.
5.
L1-15
2.
3.
Confirm that SP2010-WFE1 has the Language Pack for SharePoint, Project
Server, and Office Web Apps 2010 - French/Franais installed.
2.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
3.
L2-17
Start 10174A-CONTOSO-DC-B.
2.
2.
3.
Click Yes.
4.
5.
6.
7.
8.
In the IIS Web Site section, in the Port box, type 80.
9.
10. Make no changes to the Security Configuration and Public URL sections.
L2-18
11. In the Application Pool section, ensure that Create new application pool is
selected.
12. In the Application pool name box, type SharePoint Web Applications.
You should use a meaningful, descriptive name for each application pool that
you create.
13. In the Application Pool section, under Select a security account for this
application pool, in the Configurable list, select
CONTOSO\SP_ServiceApps.
14. In the Database Name and Authentication section, in the Database Name
box, type WSS_Content_Intranet.
You should always use a meaningful name for your content databases.
15. Click OK.
The Web application and content database will be created. When it is
complete, the Application Created page opens.
16. Click OK.
The new Web application is displayed on the Web Applications Management
page.
L2-19
2.
3.
4.
5.
6.
In the Template Selection section, click the Publishing tab, and then click
Publishing Portal.
7.
In the Primary Site Collection Administrator section, in the User name box,
type CONTOSO\SP_Admin.
8.
Click OK.
The site collection is created, and the Top-Level Site Collection page opens.
9.
Click OK.
L2-20
Task 3: Add a DNS host record for the new Web application
1.
Click Start, then point to Administrative Tools, then hold the SHIFT key and
right-click DNS and then click Run as different user.
The Windows Security dialog box appears.
2.
3.
4.
Expand CONTOSO-DC, then expand Forward Lookup Zones, and then click
contoso.com.
5.
6.
7.
8.
9.
Click OK.
2.
3.
L2-21
4.
5.
On the Contoso intranet site, click Site Actions, and then click New Page.
The New Page page opens.
2.
3.
Click Create.
4.
5.
2.
3.
4.
L2-22
2.
3.
4.
5.
6.
2.
3.
4.
5.
In the Web Site Address section, ensure that sites is selected in the Site Prefix
list, and then type IT in the Site Name text box.
The result will be the URL for the site collection: http://intranet.contoso.com
/sites/IT.
L2-23
6.
In the Template Selection section, ensure that the Team Site site definition is
selected.
7.
In the Primary Site Collection Administrator section, in the User name box,
type CONTOSO\SP_Admin.
8.
Click OK.
The Top-Level Site Successfully Created page appears.
9.
Click OK.
2.
Spend some time reviewing and experimenting with the new site. You can
make changes to the site, but those changes will not persist after this lab.
2.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
3.
L3-25
Start 10174A-CONTOSO-DC-C
2.
2.
3.
To identify the assemblies that are currently loaded, type the following
command and then press ENTER:
[AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object {
Split-Path $_.Location -Leaf } | Sort
The output displays global assembly cache (GAC), version, and location
information for the assembly.
L3-26
5.
Tip: You can press the UP ARROW to scroll through previously executed commands.
The output lists the snap-ins that have been added to the current session. The
SharePoint snap-in is not listed.
2.
The output lists the snap-ins that are registered on the system, except for those
that are installed with Windows PowerShell.
3.
4.
The output lists the snap-ins that have been added to the current session. The
SharePoint snap-in is now added.
5.
L3-27
To identify the assemblies that are currently loaded, type the following
command and then press ENTER:
[AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object {
Split-Path $_.Location -Leaf } | Sort
Click Start, click All Programs, click Microsoft SharePoint 2010 Products,
and then click SharePoint 2010 Management Shell.
2.
The output lists the snap-ins that have been added to the current session. The
SharePoint snap-in is already added to the session.
3.
To identify the assemblies that are currently loaded, type the following
command and then press ENTER:
[AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object {
Split-Path $_.Location -Leaf } | Sort
The listing demonstrates that SharePoint 2010 Management Shell preloads the
SharePoint .dll files.
L3-28
In SharePoint 2010 Management Shell, type the following command and the
press ENTER:
$spsite = Get-SPSite "http://intranet.contoso.com"
2.
To enumerate all of the webs in the site collection, type the following
command and then press ENTER:
$spsite | Get-SPWeb
An error appears, indicating that login failed. The SP_Admin user account does
not have the permissions required to access the information about the intranet
site collection with Windows PowerShell.
Click Start, click All Programs, click Microsoft SharePoint 2010 Products,
hold down the SHIFT key and right-click SharePoint 2010 Management
Shell, and then click Run as different user.
The Windows Security dialog box appears.
2.
3.
4.
Click OK.
5.
6.
L3-29
2.
3.
To enumerate all of the webs in the site collection, type the following
command and then press ENTER:
$spsite | Get-SPWeb
4.
To enumerate all of the webs in the site collection using the AllWebs
collection, type the following command and then press ENTER:
$spsite.AllWebs
5.
To list specific properties of the webs, type the following command and then
press ENTER:
$spsite.AllWebs | Select LastItemModifiedDate, Url, Created | Sort
Created
2.
L3-30
3.
An error indicates that you must run the command with elevated rights.
2.
Right-click the Windows PowerShell icon in the Windows taskbar, and then
click Run as Administrator.
A User Account Control message appears.
3.
Click Yes.
4.
5.
L3-31
3.
4.
Type the following command and then press ENTER, which is the same as the
command you executed in step 1:
Get-SPSite | Select URL, @{Name="Storage"; Expression={"{0:N2} MB"
-f ($_.Usage.Storage/1000000)}}, @{Name="Quota";
Expression={"{0:N2} MB" -f ($_.Quota.StorageMaximumLevel/1000000)}
} | Out-GridView -Title "Sites with Usage"
L3-32
A site collection and top-level web for the Sales department is created using the
Team Site site definition.
2.
3.
4.
In SharePoint 2010 Management Shell, type the following script. On the last
line, press ENTER to create a blank line. This causes the script to execute.
$i = ("HR", "Marketing")
ForEach($url in $i)
{
New-SPContentDatabase -Name WSS_Content_Intranet_$url WebApplication http://intranet.contoso.com
New-SPSite -Url http://intranet.contoso.com/sites/$url ContentDatabase WSS_Content_Intranet_$url -OwnerAlias
CONTOSO\SP_Admin -Template "STS#0"
}
Two new content databases, site collections, and top-level webs are created.
2.
L3-33
L3-34
2.
In the Sales site Quick Launch, click All Site Content, and then click
Announcements.
3.
4.
Switch to SharePoint 2010 Management Shell, and then type the following
commands:
$gc = Start-SPAssignment
$spsite = $gc | Get-SPSite
"http://intranet.contoso.com/sites/Sales"
$splist = $spsite.rootweb.lists["Announcements"]
$splistitem = $splist.items[0]
$splistitem["Title"] = "Our SharePoint 2010 Sales site is now
live!"
$splistitem.update()
$gc | Stop-SPAssignment
The list item will be updated. Notice that you did not use a cmdlet to update a
list item. There are things that will require direct access to the object model
and, as such, you need to be careful to dispose of objects you create.
5.
Switch to Internet Explorer, and then press F5 to refresh the view of the
Announcements list.
6.
7.
Leave the virtual machines running. You will use them for Lab B.
L3-35
Click Start, click All Programs, click Microsoft SharePoint 2010 Products,
right-click SharePoint 2010 Management Shell, and then click Run as
administrator.
The User Account Control dialog box appears.
2.
Click Yes.
3.
Examine the output of the command, which includes a list of the numerous
operations supported by Stsadm. Also notice the examples displayed at the
end of the Help documentation.
4.
Type the following command, and observe the amount of time it takes for the
command to execute:
stsadm -o enumsites -url "http://intranet.contoso.com"
Review the Extensible Markup Language (XML) response that you get from
the command, and note that this can be used in a Windows PowerShell script
to iterate through all your site collections.
L3-36
2.
Type the following command, and observe the amount of time it takes for the
command to execute:
Get-SPSite "http://intranet.contoso.com" | Get-SPWeb
3.
Repeat steps 1 and 2, and observe the amount of time it takes for each
command to execute.
3.
4.
5.
Click OK.
The site is created using the Team Site site definition.
6.
2.
3.
L3-37
2.
3.
4.
5.
6.
2.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
3.
L4-39
Start 10174A-CONTOSO-DC-D.
2.
2.
3.
4.
5.
6.
7.
8.
Click Create.
The list is created with the URL http://intranet.contoso.com/sites/IT/Lists
/ComputerInventory.
9.
L4-40
Click Start, click All Programs, click Microsoft SharePoint 2010 Products,
hold down the SHIFT key and right-click SharePoint 2010 Management
Shell, and then click Run as different user.
2.
4.
5.
L4-41
2.
To create 4,000 items in the new list, type the following commands:
$site = Get-SPSite "http://intranet.contoso.com/sites/IT"
$web = $site.rootweb
$list = $web.Lists["Computer Inventory"]
$i = 1
do {
#add item
$newitem = $list.items.Add()
$newitem["Title"] = "Client-" + $i.ToString().PadLeft(4, "0");
$newitem["Computer Name"] = "Client-" + $i.ToString().PadLeft(4,
"0");
$newitem["Serial Number"] = $i.ToString().PadLeft(8,"0");
$newitem.Update()
$i++
}
while ($i -le 4000)
$web.dispose()
$site.dispose()
You can watch the progress of the script by refreshing the Computer Inventory
list page in the IT Web.
2.
3.
Verify that the List view threshold message indicates that the list contains
4,000 items.
4.
L4-42
2.
To create 5,000 additional items in the Computer Inventory list, type the
following commands:
$site = Get-SPSite "http://intranet.contoso.com/sites/IT"
$web = $site.rootweb
$list = $web.Lists["Computer Inventory"]
$i = 4001
do {
#add item
$newitem = $list.items.Add()
$newitem["Title"] = "Client-" + $i.ToString().PadLeft(4, "0");
$newitem["Computer Name"] = "Client-" + $i.ToString().PadLeft(4,
"0");
$newitem["Serial Number"] = $i.ToString().PadLeft(8,"0");
$newitem.Update()
$i++
}
while ($i -le 9000)
$web.dispose()
$site.dispose()
You can watch the progress of the script by refreshing the Computer Inventory
list page in the IT Web.
2.
3.
4.
Verify that the List view threshold message indicates that the list contains
9.000 items.
5.
6.
L4-43
Click OK.
An Error page appears that indicates the operation is prohibited because it
exceeds the list view threshold.
7.
8.
9.
Point at the Title column header, and then click the drop-down arrow that
appears.
A message appears: Cannot show the value of the filter. The field may not be
filterable, or the number of items returned exceeds the list view threshold enforced by
the administrator.
2.
Click Yes.
3.
4.
5.
On the ribbon, click the General Settings drop-down arrow, and then click
Resource Throttling.
The Resource Throttling page opens.
6.
In the List View Threshold box, type 10000, and then click OK.
7.
8.
9.
Point at the Title column header, and then click the drop-down arrow that
appears.
10. Verify that the Show Filter Choices command is now available.
L4-44
L4-45
Click Start, click All Programs, click Microsoft SQL Server 2008 R2, click
Configuration Tools, hold down the SHIFT key and right-click SQL Server
Configuration Manager, and then click Run as different user.
The Windows Security dialog appears.
2.
3.
4.
5.
6.
7.
Select the Enable FILESTREAM for file I/O streaming access check box.
8.
9.
10. Click Start, click All Programs, click Microsoft SQL Server 2008 R2, hold
down the SHIFT key and right-click SQL Server Management Studio, and
then click Run as different user.
The Windows Security dialog appears.
11. In the User name box, type CONTOSO\Administrator. In the Password box,
type Pa$$w0rd. Then, click OK.
12. Confirm that the Server name is SP2010-WFE1, and then click Connect.
13. In Object Explorer, right-click SP2010-WFE1, and then click Properties.
14. In the Select a page section, click Advanced.
15. Click Filestream Access Level, click the drop-down arrow, and then click Full
access enabled. Click OK.
A message appears indicating that you must restart Microsoft SQL Server.
Click OK.
L4-46
2.
3.
To set the database master key, type the following query into the Query Editor:
use [WSS_Content_Intranet_IT]
if not exists (select * from sys.symmetric_keys where name =
N'##MS_DatabaseMasterKey##')create master key encryption by
password = N'Master Key Pa$$w0rd'
4.
5.
6.
To enable a new filegroup for your Remote BLOB Storage (RBS) provider, type
the following query into the Query Editor:
if not exists (select groupname from sysfilegroups where
groupname=N'RBSFilestreamProvider')alter database
[WSS_Content_Intranet_IT]
add filegroup RBSFilestreamProvider contains filestream
7.
8.
9.
L4-47
To add a file system mapping for your RBS provider, type the following query
into the Query Editor:
alter database [WSS_Content_Intranet_IT] add file (name =
RBSFilestreamFile, filename = 'c:\Blobstore') to filegroup
RBSFilestreamProvider
L4-48
2.
Click Yes.
3.
4.
5.
2.
Confirm that you see the following line within the last 20 lines of the end of
the file:
Product: SQL Server 2008 R2 Remote Blob Store -- Installation
completed successfully.
3.
Close rbs_install_log1.
4.
5.
In Object Explorer, right-click the root node SP2010-WFE1, and then click
Refresh.
L4-49
6.
7.
Verify that several tables exist with names that begin with the letters mssqlrbs.
8.
2.
2.
Click Continue.
The Blobstore folder opens.
3.
4.
5.
6.
7.
8.
Click Browse.
9.
L4-50
10. Switch to the Windows Explorer window showing the Blobstore folder.
11. Observe that a new folder has been added to the Blobstore folder.
12. Open the folder with the most recent modified date, open the folder inside,
and then open the file with the most recent modified date.
13. Examine the contents of the file to verify that this is the rbs_install_log1 file.
14. Close Notepad.
L4-51
2.
2.
3.
Click Browse.
4.
5.
6.
Click Browse.
7.
8.
9.
L4-52
Leave the virtual machines running. You will use them for Lab B.
L4-53
2.
Click OK.
3.
4.
5.
6.
Click Save.
Under Taxonomy Term Store, point at Managed Metadata Service, click the
drop-down arrow that appears, and then click New Group.
2.
3.
Point at Organization, click the drop-down arrow, and then click New Term
Set.
4.
5.
Point at Department, click the drop-down arrow, and then click Create Term.
6.
7.
8.
9.
L4-54
2.
3.
4.
Click Create.
5.
6.
7.
Click Create.
8.
9.
In the Column name box, type User Name, and then click OK.
10. Click the List tab, and then click Create Column.
11. In the Column name box, type Department.
12. In the list of column types, click Managed Metadata.
13. In the Term Set Settings section, expand Managed Metadata Service, expand
Organization, and then click Department. Click OK.
14. Click the List tab, and then click Create Column.
15. In the Column name box, type Request Type.
16. In the list of column types, click Managed Metadata.
17. In the Term Set Settings section, click Customize your term set.
18. Click Edit Using Term Set Manager.
A message box appears.
19. Click OK.
The Term Store Management Tool opens in a new window.
20. Confirm that Submission Policy is configured as Open.
21. Close Term Store Management Tool.
L4-55
2.
In the Title box, type Create a new account for Andy Ruth.
3.
4.
5.
6.
In the Request Type box, type New User, and then press ENTER.
New User is displayed with a red, dashed underline. This indicates that the
term does not exist.
7.
Click the Browse for a valid choice button next to the Request Type box.
8.
9.
User Name
Department
Request Type
ChristaG
IT
Password Reset
Problem starting
computer
FrankM
Marketing
Desktop Support
Create a new
account for Sean
Chai
SeanC
Sales
New User
LolaJ
Sales
Password Reset
L4-56
2.
3.
In the Available Hierarchy Fields list, click Department, and then click Add.
4.
In the Available Hierarchy Fields list, click Request Type, and then click Add.
5.
In the Selected Hierarchy Fields list, click Folders, and then click Remove.
Click OK.
6.
7.
8.
Click the terms in the Department and Request Type term sets to filter the
list.
2.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
3.
L5-57
Start 10174A-CONTOSO-DC-D.
2.
2.
Click Start, then right-click Command Prompt, and then click Run as
administrator.
The User Account Control dialog box appears.
3.
Click Yes.
4.
6.
7.
8.
9.
On the The database has been created or modified page, click Finish.
L5-58
2.
Modify the connectionStrings element of the XML file to match the following:
<connectionStrings>
<clear/>
<add name="LocalSQLServer"
connectionString="Server=.;Database=aspnetdb;uid=sa;pwd=Pa$$w0rd;"
providerName="System.Data.SqlClient"/>
</connectionStrings>
3.
4.
Close Notepad.
5.
6.
Click Start, click All Programs, click Microsoft SharePoint 2010 Products,
right-click SharePoint 2010 Management Shell, and then click Run as
administrator.
The User Account Control dialog box appears.
2.
Click Yes.
3.
Ignore the error message that indicates the membership provider name
specified is invalid.
4.
5.
6.
Ignore the error message that indicates the membership provider name
specified is invalid.
L5-59
L5-60
7.
8.
9.
2.
3.
4.
Locate the <roleManager> element, and then locate the <providers> element.
5.
6.
7.
Close Notepad.
8.
L5-61
2.
Click Yes.
3.
4.
5.
6.
7.
8.
9.
L5-62
17. In the Template Selection section, click the Publishing tab, and then click
Publishing Portal.
18. In the Primary Site Collection Administrator section, in the User name text
box, type CONTOSO\SP_Admin.
19. In the Secondary Site Collection Administrator section, type
SiteAdministrator.
20. Click OK.
The Top-Level Site Successfully Created dialog box appears.
21. Click OK.
Task 2: Add a DNS host record for the new Web application
1.
Click Start, then click to Administrative Tools, then hold SHIFT and rightclick DNS, and then select Run as different user.
The Windows Security dialog box appears.
2.
3.
4.
Expand CONTOSO-DC, then expand Forward Lookup Zones, and then click
contoso.com.
5.
6.
7.
8.
9.
Click OK.
L5-63
2.
3.
On the Sign In page, select Forms Authentication from the drop-down list.
4.
5.
6.
7.
8.
9.
10. On the Sign In page, select Windows Authentication from the drop-down list.
The Windows Security dialog box appears.
11. In the User name box, type CONTOSO\SP_Admin.
12. In the Password box, type Pa$$w0rd.
13. Click OK.
14. Verify that you are authenticated as SharePoint Administrator.
15. Close all open Internet Explorer windows.
Leave the virtual machines running. You will use them for Lab B.
L5-64
Lab Review
Question: Why must you remove the <clear/> elements from the Web.config file?
Answer: The <clear/> elements prevent the SharePoint Secure Token service from
finding users in the forms-based authentication database. The service cannot build
claims for the users, and authentication would fail.
Question: If you are familiar with the configuration of forms-based authentication
on Microsoft Office SharePoint Server 2007, what is different about the number
and type of Web applications required to support forms-based authentication in
Microsoft SharePoint Server 2010 in the client extranet scenario presented in this
lab?
Answer: Microsoft Office SharePoint Server 2007 required a separate, extended
Web application to support forms-based authentication. In SharePoint Server
2010, claims-based authentication accepts claims from multiple authentication
mechanisms, including both Windows and forms-based authentication.
Therefore, only one Web application is required to support this scenario.
L5-65
On SP2010-WFE1, click Start, then click Administrative Tools, then hold the
SHIFT key and right-click Active Directory Users and Computers, and then
select Run as different user.
The Windows Security dialog box appears.
2.
3.
4.
Click OK.
5.
6.
7.
8.
9.
Click Next.
L5-66
2.
3.
4.
Click the Secure Store Service link on the Secure Store Service Application
row.
5.
6.
In the Pass Phrase and Confirm Pass Phrase boxes, type 10174_SSS_2010.
7.
Click OK.
2.
3.
4.
5.
6.
7.
Click Next.
8.
9.
L5-67
2.
3.
4.
5.
Click OK.
2.
3.
4.
5.
6.
7.
Click Next.
8.
9.
L5-68
2.
3.
4.
5.
Click OK.
L5-69
2.
3.
4.
5.
2.
3.
4.
5.
In the Secure Store and Unattended Service Account section, in the User
Name box, type CONTOSO\SP_PerfPoint_USA.
6.
7.
Click OK.
PerformancePoint will create its own Secure Store account based on the
information you entered.
2.
3.
L5-70
4.
5.
2.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
3.
L6-71
Start 10174A-CONTOSO-DC-D.
2.
2.
3.
4.
5.
6.
L6-72
7.
2.
3.
4.
5.
6.
7.
8.
Click Save.
In the upper-right corner of the page, click Shah, Sanjay, and then click Sign
in as Different User.
The Windows Security dialog appears.
2.
3.
4.
5.
6.
7.
Click the drop-down arrow next to the New button, and then click Add Users.
8.
L6-73
2.
3.
4.
5.
6.
7.
Verify that you do not see the Add new item command.
Task 5: Create a new group and assign it the Design permission level
1.
In the upper-right corner of the page, click Low, Jeff, and then click Sign in as
Different User.
The Windows Security dialog appears.
2.
3.
4.
5.
6.
7.
8.
In the About Me box, type Use this group to grant people Design
permissions to the SharePoint site: Information Technology.
9.
In the Give Group Permissions to this Site section, select the Design
permission level check box.
L6-74
2.
3.
4.
5.
In the description box, type Can see only usage data about this site.
6.
7.
Click Create.
8.
9.
L6-75
2.
3.
4.
5.
6.
2.
3.
4.
5.
6.
7.
8.
9.
Click Submit.
L6-76
2.
3.
4.
5.
6.
7.
8.
Examine the report, and then click the browsers Back button.
9.
10. Examine the report, and then click the browsers Back button.
11. Close Internet Explorer.
L6-77
2.
3.
4.
5.
6.
7.
Click Browse.
8.
9.
2.
3.
4.
Click OK.
5.
To select all permissions, click the check box in the column heading row, next
to Name.
L6-78
6.
7.
Click OK.
8.
9.
10. In the Grant Permissions box, select the Full Control check box, and then
click OK.
2.
3.
4.
5.
6.
7.
L6-79
2.
3.
Expand the contoso.com domain, and then click the Users container.
4.
Right-click the Users container, point to New, and then click Group.
In the Name box, type SharePoint Content Auditors, and then click OK.
6.
7.
8.
Click Add.
9.
Right-click the Users container, point to New, and then click Group.
2.
In the Name box, type SharePoint Full Control Policy, and then click OK.
3.
Right-click the Users container, point to New, and then click Group.
4.
In the Name box, type SharePoint Deny Policy, and click OK.
5.
2.
Click Yes.
3.
4.
L6-80
5.
6.
7.
8.
Click Next.
9.
10. In the Choose Permissions section, select the Full Read check box.
11. Click Finish.
2.
3.
Click Next.
4.
5.
In the Choose Permissions section, select the Full Control check box.
6.
Click Finish.
2.
3.
Click Next.
4.
5.
In the Choose Permissions section, select the Deny All check box.
6.
L6-81
2.
3.
4.
5.
6.
7.
Verify that you do not see the Add new item command.
Results: After this exercise, you should have created a new Web application policy
granting full Read permission to the intranet for audit purposes.
2.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
3.
L7-83
Start 10174A-CONTOSO-DC-D.
2.
2.
3.
4.
Click Site Actions, and then click View All Site Content.
5.
Click Create.
The Create page appears.
6. Observe that a calendar or contact list are not shown as available options.
7. Close the Create page.
8.
9.
L7-84
2.
3.
4.
Press CTRL+V to paste the CustomAction folder into the Features folder.
5.
6.
Click Start, then click All Programs, then click Microsoft SharePoint 2010
Products, then right-click SharePoint 2010 Management Shell, and then
click Run as administrator.
The User Account Control dialog box appears.
7.
Click Yes.
8.
This will install a new feature into SharePoint that enables a simple custom
action in the Site Actions menu.
2.
3.
4.
5.
L7-85
6.
Click OK.
2.
3.
4.
5.
Click Site Actions, then observe that A Custom Action no longer appears, and
then press ESC to close the menu.
6.
L7-86
2.
3.
4.
5.
Click Yes.
6.
7.
8.
Observe that the two solutions are installed, but are not deployed.
Click applicationtemplatecore.wsp.
2.
3.
4.
Click bugdatabase.wsp.
5.
6.
L7-87
2.
3.
In the left navigation, click the Application Templates tab, and then click Bug
Database.
4.
5.
6.
Click Create.
A new bug database Web is created in the IT site collection.
7.
8.
Results: After completing this exercise, you should have installed and deployed
SharePoint solutions to your farm.
Leave the virtual machines running. You will use them for Lab B.
L7-88
Lab Review
Question: What is a disadvantage of deploying a feature, in contrast to a solution,
to a farm with more than one server?
Answer: The Features folder must be the same on all servers in the farm, so you
must copy the feature to all servers and keep the Features folder in sync. When
you deploy a feature with a solution, SharePoint updates the Features folder on
each server in the farm.
Question: Why is it important in some cases, such as the solutions deployed in
this lab, to deploy solutions in a specific order?
Answer: Solutions can have dependencies upon other solutions. The Bug Database
solution has dependencies on the Application Template Core solution.
L7-89
Click Start, then click Administrative Tools, and then click Services.
2.
Right-click SharePoint 2010 User Code Host, and then click Properties.
3.
Verify that the service is not started, and that the Startup type is Disabled.
4.
Click OK.
5.
6.
Click Yes.
7.
8.
9.
2.
3.
L7-90
4.
5.
On the ribbon, click the Solutions tab, and then click Upload Solution.
6.
Click Browse.
7.
Select D:\Labfiles\Lab07\BadReceiver.wsp.
8.
Click Open.
9.
Click OK.
2.
Click Announcements.
3.
4.
5.
6.
Click Save.
An error message appears.
7.
8.
9.
L7-91
Results: After completing this exercise, you should have deployed and tested the
BadReceiver solution.
L7-92
2.
Click Yes.
3.
4.
5.
Locate the Solution Resource Usage Update timer job for SharePoint
intranet.contoso.com80.
Tip: You must click the arrow at the bottom of the page.
6.
Note: Be sure to click Solution Resource Usage Update and not Solution Daily
Resource Usage Update. Clicking the latter will cause resource usage points to be
reset.
7.
8.
9.
L7-93
2.
L7-94
2.
Click Yes.
3.
To export a list of default point values, type the following command and then
press ENTER:
$spusercodeservice =
[Microsoft.SharePoint.Administration.SPUserCodeService]::Local
$spusercodeservice.ResourceMeasures > c:\ResourceMeasures.txt
4.
5.
To find the section for database queries, press CTRL+F, then type
SharePointDatabaseQueryCount, and then press ENTER.
6.
7.
2.
L7-95
Switch to the instance of Internet Explorer that displays the IT intranet Web.
It will take a few seconds to load the Web, because you recently reset IIS.
2.
3.
Click Announcements.
4.
5.
6.
7.
Click Save.
An error message appears.
7.
8.
9.
10. Repeat Task 1 of Exercise 2 to run the sandboxed solutions timer jobs.
11. Switch to the instance of Internet Explorer that displays the Solutions gallery
for the IT intranet Web.
L7-96
2.
3.
4.
5.
Leave the virtual machines running. You will use them for Lab C.
Lab Review
Question: What was the value of ResourcesPerPoint for
SharePointDatabaseQueryCount? Explain the relationship between this number
and one resource usage point.
Answer: 400. Each database query accrues 1/400 of a resource usage point.
L7-97
2.
2.
3.
Click the small icon in the top right next to SharePoint Administrator.
This will enable the Developer Dashboard for the page.
L7-98
4.
Database Queries
Service Calls
SPRequest Allocations
2.
Results: After completing the exercise, you should have enabled and disabled the
Developer Dashboard on the IT intranet Web.
L7-99
2.
Right-click the virtual machine name in the Virtual Machines list, and then
click Revert.
3.
Lab Review
Question: Describe the role of the Developer Dashboard.
Answer: The Developer Dashboard exposes performance and debugging
information that can be used to monitor and improve the performance of pages
and solutions.