Sunday, 13 December 2009

ISA 2006, Forms, SharePoint 2007 Extranet and Client Integration

Anyone who has worked on SharePoint 2007 extranet project with ISA 2006 used as reverse proxy and to publish SharePoint Farm, knows about Client integration challenges…

When users try to edit a document, they are challenged and required to authenticate and even after a successful authentication, it is not possible to check the document back in to SharePoint.

This is because despite the existing session, office client initiate another session and ISA treats this as a new session.

The short answer to this problem is to configure a Persistent cookie on ISA web listener (Under Forms –> Advance)


BUT there are several security issues that are highlighted by MS and need to be considered:

  • A malicious attacker who obtains a persistent cookie may be able to perform a brute force attack to obtain user credentials from the cookie.
  • On a public computer, if the user does not log off, the session cookie can be used by the next user to access published sites. This threat can be mitigated by not enabling persistent cookies for public computers.
  • Spyware may be able to access the cookie.

The important point to consider here is that the client needs to be making the decision between Security and User experience / functionality

In a recent project I spent some times to identify few factors that the client needed to take into consideration when making this decision:


This is a public or shared computer

This is a private computer

Persistent cookie file on logout


Not Deleted but user is required to authenticate (Domain name and user name are saved)

Persistent cookie file when user closes the browser

Not Deleted - Session is available before cookie timeout

Not Deleted - Session is available before cookie timeout

Temporary Internet Files

Enabling persistent cookie has no effect

Enabling persistent cookie has no effect

Temporary Draft Files

Enabling persistent cookie has no effect

Enabling persistent cookie has no effect

Ability to open documents on SharePoint within session time (browser closed)



Q) Is the cookie hashed e.g. using Hashed MACs (HMACs)?
A) Yes

Q) Are server tokens erased after session end?
A) Yes

Q) Is the cookie transmitted via SSL?
A) It is highly recommended

Q) Are Temporary Internet files deleted when session ends?
A) No, But this is not caused by the persistent cookie

Q) Are copy of the draft documents deleted if the user fail to check in / overwrite checkout?
A) No, But this is not caused by the persistent cookie

Q) are there any extra consideration when accessing the site though Kiosk Stations when using persistent cookies?
A) Yes the followings should be considered:

  • Do not select “This is a private computer”.
  • Perform logoff on published applications.

Additional consideration when accessing the site though Kiosk Stations (regardless of the usage of the persistent cookies):

  • Delete cookies after you finish using published applications.
  • Delete temporary Internet files.
  • Delete temporary files that Office created when working with Microsoft Office SharePoint® Portal Server.
  • Delete any files that were manually downloaded to the kiosk.
  • Close all browser windows.
  • Log off from Windows, if possible.

Windows 7: Boot from VHD

Recently I have been forced to look into available options to best utilise the amount of memory available on my laptop to be able to run SharePoint 2010 VMs. There are number of options available to do this, but I have tried to simplify this as much as possible to speed up the VHD file creation and imaging process.
1) Create a partition to store the VHD; optional (I had to do this since my primary partition is BitLocker encrypted)
2) Download the VHD tool box from
This tool box includes:
  • WIM2VHD.wsf – WIM to VHD Converter
  • ImageX.exe 64-bit (32-bit available from
  • Bcdedit.exe- Command-line tool for managing BCD stores
  • intlcfg.exe - The International Settings and Configuration tool (Intlcfg.exe) is used to configure the language and locale settings in a Windows image
3) Copy the Install.Wim from the OS media to the VHDToolBox folder
4) Now you are ready to create your VHD. Start command prompt and navigate to the VHDToolBox folder and run the script:
There are a number of switches you will need to know:
/wim: specifies the path to the WIM file
/sku: OS version (ServerStandard, Ultimate etc…)
/vhd: specifies the path and the name of the VHD to be created
/size: specifies the size of the VHD in MB
/disktype: specifies the type of disk, Dynamic or Fixed
For example to create a Windows Server 2008 R2 Enterprise VHD on a 40GB Fixed disk we would use the following command:
cscript wim2vhd.wsf /wim: C:\VHDToolBox\install.wim /sku:SERVERENTERPRISE /vhd:F:\2K8_R2_SP2010_01.vhd /size:40960 /disktype:Dynamic/Fixed
Note: to find the sku you could run the following imagex command on your install.wim file:
Imagex /info “<install.wim location>”
5) Next you need to use bcdedit.exe to add an entry to the boot menu:
  • bcdedit /copy {current} /d "My New VHD Description" (This will Return the GUID of the Loader Object that you will use to replace <guid> below)
  • bcdedit /set <guid> device vhd=[driveletter:]\<directory>\<vhd filename>
  • bcdedit /set <guid> osdevice vhd=[driverletter:]\<directory>\<vhd filename>
  • bcdedit /set <guid> detecthal on
That’s it, enjoy

Tuesday, 24 November 2009

Get Ready for Microsoft SharePoint 2010

Certification Path for IT professionals

  • 70-667 TS: Microsoft SharePoint 2010, Configuring
    Microsoft Official Curriculum: Will cover configuration of SharePoint 2010 including deployment, upgrade, management and operation on a server farm.

  • 70-668 PRO: SharePoint 2010, Administrator
    Microsoft Official Curriculum: Will cover advanced SharePoint 2010 topics including capacity planning, topology designing and performance tuning.

Certification Path for Developers

  • 70-573 TS: Microsoft SharePoint 2010, Application Development
    Microsoft Official Curriculum: Five-day instructor-led course designed for developers with six months or more of.NET development experience. Course covers what you need to know to be an effective member of a SharePoint development team using Visual Studio 2010.

  • 70-576 PRO: Designing and Developing Microsoft SharePoint 2010 Applications
    Microsoft Official Curriculum: Five-day instructor-led training course designed for development team leads who have already passed the Developing on SharePoint 2010 technical specialist exam. The course covers choosing technologies for and scoping a SharePoint project, best practices for SharePoint development, configuring a SharePoint development environment, advanced use of SharePoint developer features and debugging of code in a SharePoint project.

Sunday, 4 October 2009

Install SharePoint Server 2007 on Windows Server 2008 R2

From: Microsoft SharePoint Products and Technologies Team Blog

Starting from Service Pack 2, Windows SharePoint Services 3.0 and SharePoint Server 2007 support Windows Server 2008 R2 and Windows Server 2008 SP2. When you try to install SharePoint bits on Windows Server 2008 R2 directly, you may see the following dialogue:


This is because Windows SharePoint Services 3.0 and SharePoint Server 2007 bits without SP2 slipstreamed are not supported on Windows Server 2008 R2. The KB article 962935 is not live on the web site yet.

To install on Windows Server 2008 R2, for Windows SharePoint Services 3.0 you can download the slipstream builds here:

Windows SharePoint Services 3.0 with SP2 (x86)

Windows SharePoint Services 3.0 with SP2 (x64)

For SharePoint Server 2007, you can follow Create an installation source that includes software updates (Office SharePoint Server 2007) to create one. Or you can also read on, we will go through the complete steps to create a new slipstream build for SharePoint Server 2007.

Installation Steps

1. Copy the content of SharePoint Server 2007 setup files from the installation media to a folder on your hard drive.

2. Delete everything inside Updates folder.

3. Download Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2 to a folder.

Make sure your Office SharePoint Server 2007 SP2 is downloaded after July 29th.


4. Open a command prompt,  change directory to the folder you put the downloaded patches, and run the following two commands:

wssv3sp2-kb953338-x64-fullfile-en-us.exe /extract:[Path to installation bits]\Updates /quiet

officeserver2007sp2-kb953334-x64-fullfile-en-us.exe /extract: [Path to installation bits]\Updates /quiet

Change [Path to installation bits] to where you put the bits. These will extract all the content from the two packages to Updates folder. SharePoint installation program will automatically read this folder to apply the patches.

5. Delete wsssetup.dll. This is a very important step so please don’t miss it.

6. If you also need the Cumulative Updates to be applied when install SharePoint, download the latest Windows SharePoint Services 3.0 and SharePoint Server 2007 Cumulative Update packages and extract them into Updates folder like step 4.

7. Your slipstream build of SharePoint Server 2007 is done!

8. Go and install it on your Windows Server 2008 R2 box, after the installation, the site version will show or possibly a higher version if you added additional cumulative update files.


Thursday, 20 August 2009

Web Application, Site Collection and Sub-Site

SharePoint Terminologies and Hierarchy

Following diagram illustrates the SharePoint hierarchy:


Web Application, Site Collection and Sub-Site

The following points are to be considered when deciding on an extranet site structure and usage of SharePoint Components.

· Administration Overhead

· Scalability

· Upgrade Scope

· Backup/Restore

· Security

· Search Settings

· Audit/IRM Settings

· Feature Scope

· Recycle Bin

· Usage Reporting

· Branding

· Navigation

· Content Rollup and Aggregation

· Content Type / Site Column Scope



Backup and Restore

· Full fidelity backups are only possible at the site collection level

· If a sub-site needs to be restored then the entire site collection must be restored

· 3rd party solutions offer full fidelity recovery at more granular levels


· Site Collections allow security groups and permissions to be isolated from other site collections

· Management is more complex with site collections

· Difficult to see what access a user has across site collections

· No OOTB way to synchronize settings across site collections

· Usage of Site collections can reduce the need to break security inheritance

· Site Collections can be used to overcome SharePoint group limitations (Cannot go over 2000 users or AD groups in a single ACL)

Feature Scope

· Features can be scoped to a Site Collection or Web (or Farm or Web Application)

· You can prevent access to certain functionality by using site collections

o Some Features must be scoped to a site collection

o You might have to activate a Feature thereby (potentially) making functionality available to all users/contributors/designers of a site


· Search Scopes are defined at the site collection level (You can create shared scopes via the SSP but they must be “activated” at each site collection)

· Best bets and keywords are site collection scoped (Use a single search centre)

· Settings must be manually (or programmatically) synchronized across site collections


The single most critical reason for using multiple site collections is scalability

· Limit content databases to 100GB (50GB recommended, 100GB maximum)

· If you must go over 100GB then use only 1 site collection in the content database

· You will encounter performance issues and possibly deadlock conditions (if over 100GB)

· Split content approaching 100GB in a site collection into a new site collection in a separate content database (STSADM)

· Site collections cannot live across content databases

· Web applications can have multiple content databases attached to them


· Usage reports are scoped at the site collection

· There is no out of the box mechanism to get cross site collection usage reports

o SSP administrators can get search query reports which span site collections

· Many 3rd party products produce much more useful/sophisticated reports for cross site collection reporting


· Master pages and CSS can be used to enforce a consistent branding experience

· Use Themes for as much as possible so that the application/system pages will be branded

· Use Feature Stapling to automatically apply the branding. This provides a seamless experience for the end-user

Content Types / Site Columns

  • Features could be used to deploy to consistent Content Type and Site Columns across multiple Site Collections
  • It is important that the Content Type ID remains the same – creation via the browser does not allow setting the ID across site collections

Cross Site Configuration

  • Solution Accelerator from MSFT (
  • The tool automates the process of deploying site settings in all or selected sites in a server farm:
    • Applying Master Pages across a SharePoint server farm
    • Setting up Web Titles for all or selected site collections across the farm
    • Applying audit control settings to all or selected sites
    • Adding advanced settings such as “Allow content type management” to all types of lists
    • Adding a new Expiration Policy at the site collection level
    • Adding a new Expiration Policy to content types, lists, and documents

Tuesday, 16 June 2009

Useful Sharepoint Links

A fantastic blog from pareshj

Useful Links

· MOSS Video Demos (Total 14 Modules)
· Before You Begin with SharePoint Server 2007
· MOSS Tools for performance and capacity planning
· Downloadable book: Planning and architecture for Office SharePoint Server 2007
· MOSS 2007 - Planning and Architecture for Office SharePoint Server 2007
· MOSS 2007 - Administrator Guide
· Complete reference of all STSADM operations
· Using the 2007 Microsoft Office system for disaster planning and response
· Planning and Designing SharePoint Products and Technology Solutions for Geographically Dispersed Sites
· Complete reference of all STSADM operations
· Complete reference of all PSCONFIG operations

Best Practices

· Before You Begin with SharePoint Server 2007
· Best Practices Analyzer for WSS 3.0 and MOSS2007
· Writing SQL Syntax Queries for Relevant Results in MOSS2007
· Backing Up and Restoring Web Sites with Stsadm
· Downloadable book: Planning and architecture for Office SharePoint Server 2007
· MOSS Hardware and Software Requirements
· SharePoint 2007 products comparison download
· Which SharePoint technology is right for you?
· White Paper: Working with large lists in Office SharePoint Server 2007
· MOSS Tools for performance and capacity planning

How to Deploy updates for SharePoint 2007

· Deploy software updates for Windows SharePoint Services 3.0
· Deploy software updates for Office SharePoint Server 2007
· How to troubleshoot common errors that occur when you run the SharePoint Products and Technologies Configuration Wizard

How to configure Alternate Access Mappings (AAM) successfully

What every SharePoint administrator needs to know about Alternate Access Mappings



· Jose Barreto's Blog Complete reference of all STSADM operations (with parameters) in MOSS 2007 SP1
· Jose Barreto's Blog Complete reference of all STSADM operations (with parameters) in MOSS 2007

SharePoint Administration Toolkit
· SharePoint Administration Toolkit (Office SharePoint Server)

TCP Chimney should be disabled

· The Microsoft Windows Server 2003 Scalable Networking Pack release

Thursday, 29 January 2009

SharePoint Accessibility Resources

It has been a while since I have posted anything; this is mainly because I have been extremely busy and lack of personal time...
I found the following resource on SharePoint Accessibility extremely useful. This is taken from Sanjay Narang's blog....

"I've been working on implementing accessibility requirements for a public facing site on MOSS. Though keywords such as "SharePoint accessibility" provide a number of results on Live Search or any other engine, I had difficult time in searching the appropriate resources. Thought it would be worthwhile sharing the resources that I found and providing a context around them. Here are these resources:

Microsoft's Statements/Papers on SharePoint Accessibility
We have couple of white papers and articles on this topic, however, search engines are yet to rank them better to come towards the top. Here are these:

Article: Accessibility features (as provided by Office Online)

Blog: Improvements in accessibility – Blog entry on SharePoint Team blog by Lawrence Liu. Though it's pretty old entry (April 2006) and was written for pre RTM version, but you can find a good summary of new and improved accessibility features. Most of this holds for RTM also. The blog groups the improvement areas in categories such as Headings, Navigation, Keyboard, Graphics, High Contrast – Low Vision, HTML Controls and also relates them to specific checkpoints from WCAG 1.0

Whitepaper: Deliver accessible solutions by using Office SharePoint Server - This downloadable white paper provides information and guidelines about the issues that organizations face when delivering Web solutions, including those built by using Microsoft Office SharePoint Server 2007 that are accessible to people with disabilities. It's a pretty good paper to read when you are starting your journey on accessibility. It describes the available out-of-the-box (OOB) accessibility features in MOSS 2007 and also provides a very good summary on Accessibility Kit for SharePoint (AKS). If you want to know all about AKS in 4 pages, this is the article to read. However, if you are looking for best practices or implementation approaches – you need to look for a different paper. Have a look at the next one

Whitepaper: Best practices for developing accessible Web sites - This downloadable white paper provides information about designing and developing accessible Web sites in Microsoft Office SharePoint Server 2007. If you are looking for implementation best practices that you couldn't find in the white paper listed above, this is a very useful resource. In this paper, Waldek Mastykarz, provides tips and techniques that are categorized in different areas such as General (HTML, javascript), .Net, MOSS, and IIS. You'll find tips such as appropriate MIME type, things to ensure while writing custom controls e.g. use Render method RenderControl

Other Resources
Blog: SharePoint Accessibility - Is MOSS 2007 accessible? – Provides a quick comparison of SPS 2003 and MOSS 2007 with Priority 1 requirements

Article: Building ASP.NET 2.0 Web Sites Using Web Standards - Though, this article provides the best practices for in general, it is very useful from SharePoint perspective for developing custom web parts, field controls, web controls and user controls. The article provides the basic knowledge of mechanisms available within the ASP.NET 2.0 platform which support developing accessible web sites. This contains a lot of examples that would be useful for people who are new to accessibility. The techniques provided here would be mostly used while writing the "Render" or "CreateChildControls" methods. For example, you'll find this tip from this paper: "Provide an AssociatedControlId property when declaring an ASP.NET Label controls, so that the control renders a