Enable Forms Based Authentication on a SharePoint 2007 Web Application

Forms Based Authentication
Objective:

Enable Forms Based Authentication on a SharePoint Web Application

Scenario

In this , you will first create FBA users and roles using Web Site Administration Tool. Then you will create a web application and Site Collection for the new FBA lab site, create the new Shared Service Provider, and enable Forms Authentication in FbaLab Extranet zone. Finally, you will extend the new Shared Service Provider to enable FBA.


1. Review and run the ASP.NET SQL Server Setup Wizard

a. Ensure you are logged into the server as user name litwareinc\administrator with password pass@word1
 Note: In wizard mode there are several screens to be navigated In scriptable mode all settings can be supplied as command line parameters

b. Open a command prompt.

c. Change the directory to C:\windows\Microsoft.net\Framework\v2.0.50727

d. At the command prompt, type run aspnet_regsql.exe /? and press Enter.

e. Then type the following command and press Enter: run aspnet_regsql.exe -S 127.0.0.1 E -A all -d AspNetMembershipRoles-FbaLab –Q

f. Issue the command and observe the output is error free.

2. Confirm the database has been created

a. Load up SQL Server Management Studio.

b. Connect to default server.

c. Expand the Object Explorer, then the Databases node to view AspNetMembershipRoles-FbaLab

d. Examine tables, stored procedures, etc.

e. Close SQL Server Management Studio

3. Create FBA users and roles using Web Site Administration Tool

a. Load Visual Studio 2008

b. Create a new file system web site Note: We are doing this merely to access the WSAT we will never actually use the web site created here

File
Open
Website

Or

SHIFT + ALT + O

Ensure: File system in left panel

c. Click the folder icon top right to create new site

d. Confirm path is C:\InetPub\wwwroot\FbaLab_admin

e. Create the site

f. Add a web.config file to the solution. Right click C:\...\FbaLab_admin, select Add
New Item. In the item choose dialog select web configuration file, set the language to Visual C# and hit Add. Note: We will now supply some configuration which will link us to the database we created earlier

g. Replace the connectionStrings node with this:

h. Inside the node paste this:

i. Now we fire up the WSAT. Visual Studio top menu
Website
ASP.NET Configuration. The tool loads up in a browser window.

j. If the front page mentions “Site is using windows authentication”, close the tool.

k. Back in web.config replace the node with this:



l. Reload the WSAT. Visual Studio top menu Website
ASP.NET Configuration.

m. Configure provider. Use the second option, select a different provider for each feature (Advanced).

n. Confirm on the screen now displayed that the tool has picked up the values in our web.config.

Membership Provider

 FBALabMember

Role Provider

 FBALabRole

Note: Now you will add some Members and Roles

o. Click the Security tab

p. Create and manage Roles

q. Add the following Roles

 FbaLabAdmins

 FbaLabAllUsers

r. Click back on Security tab and hit Manage Users

s. Add two users:

User Name: FbaLabUser

Password: pass@word1

E-mail: FbaLabUser@adventure-works.com

Roles: FbaLabAllUsers

User Name: FbaLabAdmin

Password: pass@word1

E-mail: FbaLabAdmin@adventure-works.com

Roles: FbaLabAllUsers, FbaLabAdmins

4. Create a web application and Site Collection for the new FBA lab site

a. Open Central Administration. Start
All Programs
Administrative Tools
SharePoint 3.0 Central Administration.

b. Go to Create a new Web application. Application Management
Create or extend Web application
Create a new Web application.

c. Create SharePoint application for lab site

IIS Settings

Description: FbaLab

Port: 80

Host Header: FbaLab

Security Configuration

Default settings

Load Balanced URL

Default settings


Tasks Detailed Steps

Application Pool Settings

Select Create new application pool

Name: SharePoint – FbaLab

Select Configurable

User name: litwareinc\AdvWorks-app

Password: pass@word1

IIS Restart

Restart manually

Database Name and Authentication

Server: MOSS

Name: WSS_Content_FbaLab

Search server

MOSS

d. Click OK.

e. Create a Site Collection for the new web application.

Web Application

Default settings

Title and Description

Title: The FBA Lab Site

Description: A Site to use for the FBA Lab

Web Site URL

Create the site collection at the root URL

Site Template

Select the Publishing Portal template under the Publishing tab

Primary Site Collection Administrator

litwareinc\administrator

Secondary Site Collection Administrator

Leave blank

Quota Template


Tasks Detailed Steps

Default values

f. Click OK

5. Create a web application for the new Shared Services Provider

a. Go to Create a new Web application. Application Management
Create or extend Web application
Create a new Web application.

b. Create SharePoint application for the new SSP

IIS Settings

Description: SspFba

Port: 80

Host Header: SspFba

Security Configuration

Default settings

Load Balanced URL

Default settings

Application Pool Settings

Select Create new application pool

Name: SharePoint – SspFba

Select Configurable

User name: litwareinc\AdvWorks-ssp-app

Password: pass@word1

IIS Restart

Restart manually

Database Name and Authentication

Server: MOSS

Name: WSS_Content_SspFba

Search server

MOSS

c. Click OK.

6. Create the new Shared Service Provider

a. Go to Shared Services Administration. Click link in quick launch panel on left hand side.

b. Create new SSP. Click on New SSP.

SSP Name


Name: FbaLabSsp

Web application: SspFba

My Site Location

Web application: FbaLab

Relative Url: /MySites

SSP Service Credentials

Username: litwareinc\administrator

Password: pass@word1

SSP Database

Server: MOSS

Name: FbaLabSsp_DB

Select Windows authentication

Search Database

Server: MOSS

Name: FbaLabSsp_Search_DB

Select Windows authentication

Index Server

Leave as default

SSL for Web Services

Leave as default

Click OK

Click OK at the warning

c. Confim SSP creation. Click Shared Services Administration link in the quick launch panel and confirm FbaLab and SspFba web applications are using FbaLabSsp.

d. View new SSP. Click on FbaLabSsp in the quick launch panel and confirm new SSP loads as expected.


7. Update the Hosts file

a. Open Hosts file in Notepad. Start
Run, enter notepad C:\windows\system32\drivers\etc\hosts. Then click OK.

b. Add lab domain information to Hosts file # FbaLab additions # 127.0.0.1 FbaLab www.FbaLab.com SspFba ::1 FbaLab # End FbaLab additions

c. Save changes and close Notepad.

d. Check Hosts information updated successfully. Browse to http://fbalab. Confirm FbaLab site loads as expected.

8. Extend the FbaLab SharePoint application to the Internet zone

a. Open Central Administration: Start
All Programs
Administrative Tools
SharePoint 3.0 Central Administration.

b. Go to Extend an existing Web application. Application Management
Create or extend Web application
Extend an existing Web application

c. Extend FbaLab site to Extranet zone

Web Application

http://fbalab/

IIS Web Site

Select Create a new IIS web site

Description: www.FbaLab.com

Port: 80

Host Header: www.FbaLab.com

Security Configuration

Default settings

Load Balanced URL

Select Extranet

d. Click OK

e. Check FbaLab authentication providers. Under Application Security, click on Authentication Providers. Set web application to http://fbalab. Confirm both Default and Extranet zones are present and set to Windows as Membership Provider.

f. Confirm Extranet sign in prompt. Browse to http://www.fbalab.com/.

Username: litwareinc\administrator

Password: pass@word1

9. Add provider information to web.config files

a. Navigate to SharePoint IIS web sites directory. Open Windows Explorer, go to C:\Inetpub\wwwroot\wss\VirtualDirectories.

b. Update FbaLab sites web.configs. Open the following web.configs in Notepad:

  \FbaLab\web.config


   \www.FbaLab.com\web.config

c. Make the following changes in both files:

Replace the node with:

d. Update Central Admin and SSP sites web.configs. Open the following web.configs in Notepad:

\27708\web.config


 \SspFba\web.config

e. Make the following changes in both files:

Add the following to the section:

Add the following to the section:

f. Add the following to the section:

g. Save and close all four web.config files.

10. Enable Forms Authentication in FbaLab Extranet zone

a. Open Central Administration: Start
All Programs
Administrative Tools
SharePoint 3.0 Central Administration.

b. Go to Authentication Providers: Application Management
Authentication Providers.

c. Select Extranet zone of FbaLab web application.

d. Enable forms based authentication for Extranet zone.

Web Application: http://fbalab/

Authentication Type: Forms

Anonymous Access: Enabled

Membership Provider: FBALabMember

Role Manager: FBALabRole

Client Integration: No

e. Click OK

f. Add an FBA site collection administrator to FbaLab site. Browse to http://FbaLab. Site Actions Menu
Site Settings
Modify All Site Settings
Users and Permissions
Site Collection Administrators

g. Add fbalabadmin to the list of site collection administrators

h. Click OK

i. Reset IIS. Start
Run, type IISRESET, then click OK.

j. Enable anonymous access on FbaLab site. Browse to http://www.fbalab.com/

Username: fbalabadmin

Password: pass@word1

k. Site Actions Menu
Site Settings
Modify All Site Settings

l. Users and Permissions
Advanced Permissions

m. From the Settings menu, select Anonymous Access

n. Select Entire Web Site and click OK

o. Now select Sign Out from the Welcome menu and close the browser to fully log out

p. Log out of the site. Select Sign Out from the Welcome menu and close the browser.

q. Confirm anonymous access is enabled. Browse http://www.fbalab.com/. Confirm that you are not prompted to sign in and the site loads the homepage as expected.

11. Extend the new Shared Service Provider to enable FBA

a. Open Central Administration: Start
All Programs
Administrative Tools
SharePoint 3.0 Central Administration.

b. Go to Extend an existing Web application: Application Management
Create or extend Web application
Extend an existing Web application.

c. Extend SspFba site to Internet zone:

Web Application

http://sspfba/

IIS Web Site

Select Create a new IIS web site

Description: FbaLab_ssp_FBA

Port: 80

Host Header: FbaLab_ssp_FBA

Security Configuration

Default settings

Load Balanced URL

Select Internet

d. Click OK

e. Go to Authentication Providers: Application Management
Authentication Providers.

f. Select Internet zone of SspFba web application.

g. Enable forms based authentication for Internet zone:

Web Application: http://sspfba/

Authentication Type: Forms

Anonymous Access: Not enabled

Membership Provider: FBALabMember

Role Manager: FBALabRole

Client Integration: No

h. Click OK

i. Test FBA is enabled for the SSP. Click FbaLabSsp in quick launch panel, User Profiles and My Sites
My Site Settings. In Default Reader Site Group, enter fbalaballusers and check that the account validates.

12. Configure personalization services

a. Edit Personalization services for FbaLabSsp. Click on FbaLabSsp in quick launch panel, User Profiles and My Sites
Personalization services permissions.

b. Set permissions for FBA admin account. Click on Add Users/Groups. In Choose Users, enter fbalabadmin and select all of the permissions. Click Save.

c. Set permissions for fbalabusers. Click on Add Users/Groups. In Choose Users, enter fbalabusers and select the Create personal site and Use personal features permissions. Click Save.

d. Configure My Site settings. Click FbaLabSsp in the quick launch panel, User Profiles and My Sites
My Site settings. Enter fbalaballusers in the Default Reader Site Group section. Click OK.

e. Set FBA admin as site collection administrator. Click Back to Central Administration in the quick launch panel. Application Management
SharePoint Site Management
Site collection administrators. Select the sspfba site collection and choose the /ssp/admin URL. Add fbalabadmin as a Secondary Site Collection Administrator. Click OK.

f. Enable My Site creation: Application Security
Self-service site management. Select the FbaLab web application. Set Self-Service Site Creation to On. Click OK.

g. Set My Site host permissions. Click FbaLabSsp in the quick launch panel. User Profiles and My Sites
My Site settings. Click on My Site Host Permissions in the quick launch panel. Click on Site Permissions in the Groups panel. New
Add Users. Enter fbalaballusers and select the Read - Can view only checkbox (uncheck send e-mail). Click OK.

h. Set FBA users as contributors. Browse to http://www.fbalab.com/. Sign in as fbalabadmin password pass@word1. Select Site Actions Menu
Site Settings
People and Groups. Select New
Add Users. Enter fbalaballusers and select the Contribute group (uncheck send e-mail). Click OK.

13. Confirm personalization features work as expected

a. Sign in as fbalabuser. Click on sign out in the top right navigation. Click on sign in. Sign in as as fbalabuser password pass@word1

b. Run Adventure Works My Site feature stapling disabler batch file. Start
Run, type C:\AWModules\module4\scripts\DisableAwMySiteFeatures.bat, click OK.

c. Create My Site. Switch back to browser. Click My Site link in top right navigation.


d. Add FbaLab site homepage to My Links. Browse to http://www.fbalab.com. Click on My Links
Add To My Links. Click on My Links
Manage Links. Confirm Home page exists in My Links.

e. Run Adventure Works My Site feature stapling enabler batch file. Start
Run, type C:\AWModules\module4\scripts\EnableAwMySiteFeatures.bat, click OK.

Introduction to SharePoint2010 Central Administration

Introduction to new features in SharePoint2010 Central administration:

New Central Admin look and feel in SharePoint2010

Application Management:

Manage web applications

Create site collections

Manage service applications

Manage content databases

Monitoring:
Review problems and solutions
Check job status
View Web Analytics reports

Security:
Manage the farm administrators group
Configure service accounts

General Application Settings :
Configure send to connections
Configure content deployment paths and jobs
Manage form templates

System Settings:

Manage servers in this farm
Manage services on server
Manage farm features
Configure alternate access mappings

Backup and Restore:

Perform a backup
Restore from a backup
Perform a site collection backup
Upgrade and Migration:
Convert farm license type
Check product and patch installation status
Check upgrade status

Configuration Wizards



Application Management:

 System Settings:

















Monitoring:


















Backup and Restore:


















Security:

















Upgrade and Migration:

















General Settings:

Configuration wizards:

Finding the Site template details which is used for a site or a page in SharePoint

Save the current site as site template[.STP extension].

Now, save it to disk somewhere.

Now, navigate to that location and rename the file to .CAB extension.

Extract the CAB file and find the manifest.xml file.

Now, in the file check for the TemplateID string and get the value. 

Please find the List of TemplateId's details:

Site template ID to Name mapping:

0 - GLOBAL (SetupPath=global) - "Global template"
1 - STS - "windows SharePoint Services Site", "Team Site", "Blank Site", "Document Workspace"
2 - MPS - "Basic Meeting Workspace", "Blank Meeting Workspace", "Decision Meeting Workspace", "Social Meeting Workspace", "Multipage Meeting Workspace"
3 - CENTRALADMIN - "Central Admin Site"
4 - WIKI - "Wiki Site"
7 - BDR - "Document Center"
9 - BLOG - "Blog"
20 - SPS (OBSOLETE) - "SharePoint Portal Server Site"
21 - SPSPERS - "SharePoint Portal Server Personal Space"
22 - SPSMSITE - "Personalization Site"
30 - SPSTOC (OBSOLETE) - "Contents area Template"
31 - SPSTOPIC (OBSOLETE) - "Topic area template"
32 - SPSNEWS (OBSOLETE) - "News area template"
33 - SPSNHOME (SubWebOnly) - "News Home template"
34 - SPSSITES - "Site Directory area template"
36 - SPSCOMMU (OBSOLETE) - "Community area template"
38 - SPSREPORTCENTER - "Report Center Site"
39 - CMSPUBLISHING (SetupPath=SiteTemplates\PUBLISHING) - "Publishing and Team Collaboration Site"
40 - OSRV (SetupPath=SiteTemplates\OSRV) - "Shared Services Administration Site"
47 - SPSPORTAL - "Corporate Intranet Site"
50 - SRCHCEN - "Search Center"
51 - PROFILES - "Profiles"
52 - BLANKINTERNETCONTAINER - "Internet Presence Web Site"
53 - BLANKINTERNET - "Publishing Site", "Press Releases Site", "Publishing Site"
54 - SPSMSITEHOST - "My Site Host"
90 - SRCHCENTERLITE (SetupPath=SiteTemplates\SRCHCENTERLITE) - "Search Center Lite"
6221 - PWA (SetupPath=SiteTemplates\PWA) - "Project Web Access Site"
6215 - PWS (SetupPath=SiteTemplates\PWS) - "Project Workspace"
14483 - OFFILE - "Records Repository", "Records Repository"

Content deployment overview

Content deployment overview

Content deployment overview (SharePoint Server 2010)

Content deployment is a feature of Microsoft SharePoint Server 2010 that you can use to deploy content from a source site collection to a destination site collection. This article summarizes the content deployment feature in SharePoint Server 2010. It describes the purpose and function of content deployment, explains content deployment paths and jobs, and explains the security options that are available when you deploy content. This article also explains how the content deployment process works, and it lists important factors and limitations of using content deployment. This article does not describe the steps that are involved in planning to use content deployment or how to set up and configure content deployment. For more information, see Plan content deployment (SharePoint Server 2010).

In this article:
• What is content deployment?
• About deployment paths and jobs
• About content deployment security
• How content deployment works
• Important considerations in content deployment

What is content deployment?

Content deployment deploys content from a source SharePoint Server 2010 site collection to a destination site collection. The complete source site collection can be deployed, or a subset of sites can be deployed. Content deployment, which is incremental by default, deploys only changed pages and related assets (such as images). A Quick Deploy feature supports the deployment of a single page by authors.

Note:

For the content deployment Quick Deploy feature to work, the source site collection must have been created by using the Publishing Portal template, or it must have the SharePoint Server Publishing Infrastructure feature enabled.
In most content deployment scenarios, the source site collection, from which content is being deployed, is in a server farm that is separate from the destination site collection. Typically, the destination server farm (the "production" farm) has tightened security to minimize the actions that can be done in the production environment. It is not expected that authoring will be done on the production server, because changes to content on the production server might be overwritten by a content deployment job. In most content deployment scenarios, the source server farm and the production server farm are in independent Active Directory domains. For information about content deployment topologies, see Design content deployment topology (SharePoint Server 2010)
It is important to be aware that content deployment is a one-way process: content is deployed from a source site collection to a destination site collection. The content deployment feature does not support round-trip synchronization from source to destination and back again. Creating new content or changing existing content on the destination site collection can cause content deployment jobs to fail. Because of this, you should consider restricting permissions on the destination site collection so that users cannot make changes directly to content that is stored within that site collection.
In content deployment, the base URL of the source site collection can differ from the base URL of the destination site collection. The content deployment feature will fix links in the source content to work correctly in the destination location.
Content deployment deploys only content — Web pages, libraries, lists, and resources that are used by the deployed pages. It does not deploy programs, assemblies, features, or configuration information such as Web.config files. When a Web page is deployed, any items in the content database that the page depends on — such as images, style sheets, or layout pages — will also be deployed.
Content deployment deploys the most recent major and minor versions of a content item. For example, if version 2.7 of a Web page is being deployed, the most recent major version (2.0) of the page, and the most recent minor version (2.7), will be deployed to the destination site.
If an item has an associated publishing schedule, the scheduling information is deployed together with the item so that the schedule is followed in the destination site collection. For example, if an item that is scheduled to be published at 6:00 A.M. is deployed at 3:00 A.M., site users on the destination site cannot view the content until 6:00 A.M. For information about scheduling content, see Plan content approval and scheduling (SharePoint Server 2010).
A new feature of content deployment that was added for SharePoint Server 2010 is the option to use SQL Server database snapshots during export. If the database snapshots option is enabled, a snapshot of the source content database is created before the export phase of the content deployment job starts. The content deployment job then uses the database snapshot to perform the export, instead of exporting directly from the live content database. After the export has successfully completed, the snapshot is deleted. By using the database snapshot option, you eliminate any potential problems with users editing content in the content database while a content deployment job is running.

Note:

The SQL Server database snapshot option is only available if Microsoft SQL Server 2008 Enterprise edition is installed. If you are using Remote BLOB Storage (RBS), and the RBS provider that you are using does not support snapshots, you cannot use snapshots for content deployment or backup. For example, the SQL FILESTREAM provider does not support snapshots. For more information about RBS, see Overview of RBS (SharePoint Server 2010).

About deployment paths and jobs
The following section describes content deployment paths and jobs.
Content deployment paths
A content deployment path defines a source site collection from which content deployment can originate and a destination site collection to which content is deployed. A path can be associated with only one site collection. A content deployment path specifies the following information:
• Authentication information that gives content deployment jobs permission to the destination site collection. To deploy content to the destination site collection, deployment jobs must have Central Administration credentials on the destination server. Jobs can connect by using Integrated Windows authentication or Basic authentication.
• Information about whether to deploy user names that are associated with the content, such as authors' names.
• Information about how to deploy permissions on the content. For more information, see About content deployment security.
Content deployment jobs
A content deployment job deploys specified content on a specified schedule by using a specified path. After a path is defined, one or more content deployment jobs can be defined. A deployment job specifies:
• The path with which the job is associated.
• Whether the job uses SQL snapshots.
• The sites within the source site collection to deploy.
• The frequency at which to run the job and deploy the content.
• Whether to send e-mail when a job succeeds or fails and the e-mail addresses to use.
There are two kinds of standard content deployment jobs: full and incremental. These jobs are managed by a server farm administrator, and they enable you to specify whether to deploy all content, including any content that might have been deployed previously, or only content that was added, updated, or deleted since the last successful deployment. These jobs are run on a schedule that the server farm administrator specifies.
A third kind of content deployment job, Quick Deploy, is a special job that enables users to quickly publish content without waiting for the next standard content deployment job to run. This job runs automatically, at a specified interval.
The following table describes the kinds of content deployment jobs:

Job Type Description
Incremental An incremental deployment job deploys all new, changed, or deleted content from the source to the destination. The first time that an incremental deployment job runs, it performs a full deployment. For each subsequent run of an incremental deployment job, new content is added to the destination, whereas updated content replaces content that has the same GUID but has older modification dates. Content that is deleted on the source is flagged so that it will also be deleted from the destination server. This is an important difference between full and incremental deployments.

Full A full content deployment job deploys all content from the source to the destination, regardless of whether that content was previously deployed. Also, full deployment jobs do not check whether content that exists on the destination was deleted from the source. If you delete content on the source server and then perform a full deployment, that content will not be removed on the destination server. You should avoid using full deployment jobs except in specific cases where you know content has not been deleted on the source server.
Quick Deploy A Quick Deploy job enables users, such as authors and editors, to quickly deploy a Web page. By default, a Quick Deploy job is created automatically when a new content deployment path is created, and it is set to run automatically every 15 minutes. When a user flags a page for inclusion in a Quick Deploy job, that page will be included in the next automatically scheduled Quick Deploy job. Only pages that are flagged by a user as Quick Deploy pages are included in the job. Alternatively, a farm administrator can manually run or cancel a Quick Deploy job at any time by using the Manage Content Deployment Paths and Jobs page. Any member of the Quick Deploy users group (which is created in sites that have the SharePoint Server Publishing Infrastructure feature enabled) can mark a Web page for deployment by using the Quick Deploy command.

Note:
It is possible to have a path that is defined in sites that do not have the Office SharePoint Server Publishing Infrastructure feature enabled. However, paths that are created in this manner will not have associated Quick Deploy jobs. If you want to add a Quick Deploy job to a path that was defined in a site that does not have the SharePoint Server Publishing Infrastructure feature enabled, first enable the SharePoint Server Publishing Infrastructure feature on the source site collection, and then edit and save the path again. The path will then have a Quick Deploy job associated with it.

About content deployment security:

Permissions to content on the destination server farm will usually differ from permissions to content on the source server farm. In many publishing solutions, the destination server farm authenticates users by using a different Active Directory domain than the one used in an authoring or staging environment, and there might not be a trust relationship between the two domains.
When you configure a content deployment path, you can select from the following

security options:

• All Deploys all security-related information together with the content. This includes role definitions, access control lists (which map users and roles to the content they have permissions to view or edit), and users. This option is useful if the same set of users has the same permissions on the source and destination server farms. For example, when you deploy from an authoring server farm to a staging server farm, this option might be best because the same users need access to both sets of content. All is the default option.
• Role Definitions Only Deploys role definitions and access control lists that map the roles to the content but do not deploy users. In this option, the same roles apply in the source and destination server farms, but different users can be assigned to those roles in each server farm.
•None Deploys no security information. Security on the destination security farm must be managed by the administrators of that server farm by assigning users and roles to the farm's sites and content. For example, when you deploy from a staging server farm to a corporate Internet presence site, this option helps ensure that the security of the two server farms is managed separately.
For more information about security, see Security planning for sites and content (SharePoint Server 2010).

How content deployment works

Content deployment settings for both incoming and outgoing deployment jobs are configured on the Content Deployment Settings page, which is accessed from the General Application Settings page on the Central Administration Web site. You use the Content Deployment Settings page to accept or reject incoming content deployment jobs for a whole server farm. You can also set specific servers within your server farm to be used for receiving incoming content deployment jobs or for sending outgoing content deployment jobs. This enables you to spread the load for content deployment jobs across multiple servers in your server farm, based on the available server resources and the needs of your server farm.

Note:

Depending on the kind of server farm you are using, you might not have to enable support for both incoming and outgoing deployment jobs. If your server farm is an authoring server farm, you do not have to configure incoming (import) settings. If your server farm is a production server farm, you do not have to configure outgoing (export) settings. However, if your server farm is a staging server farm, you must configure both incoming (import) and outgoing (export) settings.
The tasks that are involved in content deployment are controlled by the timer process on the server that hosts the Central Administration Web site, which is used to administer the content deployment jobs. This server could be the source server in the deployment server farm, or it could be a separate server in the farm. The content deployment job uses the service account information that is provided in the content deployment path settings to authenticate with a Web service on the destination server. This Web service acts as the pathway for all communication between the source and destination servers while the content deployment job runs.
The following illustration shows the process that the content deployment job undergoes from start to finish:

Callout Description

1 When a content deployment job starts, it checks the change token to determine when the last successful content deployment job was run. If the length of time between the last successful content deployment job and the current one is so long that the stored change token is no longer valid, it will run as a full content deployment job, not an incremental content deployment job.
After the change token has been verified, the export process is started on the source server. If SQL snapshots are enabled for the content deployment job, a snapshot is taken before the export process starts.

Note:

In preparation for the export, settings such as the file location, base file name, and other values are specified for the deployment job.

2 Next, the content to be included is exported to a temporary directory on the source server, where it is packaged into .cab files for transport. If the deployment job has been configured to use SQL Server database snapshots, it will use a database snapshot as the source for the export; otherwise, it will export directly from the content database.
Alternatively, you can use the Microsoft.SharePoint.Deployment.SPExport namespace from the SharePoint Server 2010 API to export content.
After the source server has authenticated with the Web service on the destination server, it calls the Web service to prepare the import on the destination server.
3 After the files have been packaged into .cab files on the source server, the files are transported to a local temporary directory on the destination server via HttpPost.
The content deployment job then calls the Web service to start the import process on the destination server.

Note:

In preparation for the import, settings such as file location, base file name and other values are set by using the information that was stored in the content deployment job when the files were prepared on the source server.

4 While the import is in progress, the content deployment job calls the Web service to get the status of the import process. If the destination server does not respond with updated status within a certain amount of time, the content deployment job will contain a warning message that the job might have timed out. The content deployment job will continue to request updated status from the destination server, but might eventually fail and need to be re-run if the destination server repeatedly fails to respond.
5 During import, the .cab files are extracted to a temporary directory on the destination server, and then they are imported into the database. Any site collection features that are required by items that were included in the import are activated, and scheduling is then configured for the imported items.
Alternatively, you can use the Microsoft.SharePoint.Deployment.SPImport namespace from the SharePoint Server 2010 API to import content.
6 After the import has finished, it returns either a Success or Failure status to the Central Administration server. If the import status is Success, the change token is saved. If the import status is Failure, the change token is discarded.
Important considerations in content deployment
The following list contains important considerations to be aware of when you use content deployment:

1.Always deploy to an empty site collection for the initial content deployment job. If the site collection already contains content, the initial content deployment job will fail. When you create the site collection on the destination server, use the < Select template later > option on the Custom tab of the Create Site Collection page in Central Administration to create an empty site collection. The first time that the content deployment job runs, the correct template and all associated configuration settings will be applied to the destination server.

Note:

Do not use the Blank Site template to create a destination site collection. The Blank Site template does not create an empty site collection and can cause the content deployment job to fail.
2.The export and import servers must each host an instance of the Central Administration Web site. When you configure content deployment settings for your server farm, you select the servers in your server farm to designate as export and import servers for content deployment. If you attempt to configure an export or import server that does not host the Central Administration Web site, no error message will be displayed. The content deployment export or import phase will not start. Be sure to deploy the Central Administration Web site on the export and import servers.
3.Each server in your source and destination server farms must have identical updates. Be sure that all SharePoint Server 2010 and Windows Server 2008 R2 and Windows Server 2008 with Service Pack 2 (SP2) updates have been applied and that any language packs, if they are needed, have been installed.
4.The source and destination servers must have enough hard disk space for storing the files that are used during export and import. During export, all files to be included in the content deployment job are stored in a temporary directory in the export server farm. Likewise, during import, files to be imported into the database are stored in a temporary directory on the destination server farm. Be sure that the location of the temporary directory for each server farm has sufficient disk space to accommodate the files that are included in the deployment job.
5.If jobs will run infrequently, the time for keeping changes in the change log must be adjusted. By default, the change log is configured to keep a record of any changes for 60 days. If the time between two incremental deployment jobs exceeds this time—for example, if it was 70 days since the last content deployment job was run—then the change log will not contain entries from before the last change token. If the time between jobs will be more than 60 days, you must change the number of days specified for the Web application in the Central Administration Web site.
6.Do not run content deployment jobs in parallel if the same path is used by both jobs. Changes made by one job might conflict with changes made by another job that is running along the same path at the same time. If this happens, the content deployment job might fail.

CU Updates on SharePoint 2007(Installation of August 2010 CU for WSS 3.0 and MOSS 2007)

BEST PRACTICES

1. Take Complete SharePoint Farm Backup from the central admin and verify it can be restored. Also, it is good idea to take a SQL Level Backup of the databases and verify they can be restored.

2. Take backup of the customization on the SharePoint Sites. Also, make sure that you are aware of how to restore the customization scenario. Customization includes but is not limited to custom webparts or tools, custom features, solutions, master pages, page layouts, CSS files etc...

3. Download the August 2010 CU for WSS 3.0 and MOSS 2007. You must install BOTH the WSS and MOSS updates.

4. Stop the World Wide Web Publishing Services to keep your users off the servers.

a. Start > Administrative Tools > Services
b. Scroll to the bottom of the list, click World Wide Web Publishing Service
c. Click the Stop button

5. Install the WSS update.

6. Run SharePoint Configuration Wizard. Make sure it is successful.

7. Install the MOSS update.

8. Run SharePoint Configuration Wizard. Make sure it is successful.

9. Check out Central Admin
a. Restart the World Wide Web Publishing service you stopped in step 2. If you had to reboot this is not necessary.
b. Click Operations tab
c. Under Topologies and Services click Servers in farm
d. Next to your server confirm that the Version shows SharePoint August 2010 CU (12.0.6545.5001).

10. Check that you are able to browse to your sites.

NOTE:
You should install update on all the SharePoint Servers in the Farm. Starting with the Central Admin Server and then run the configuration wizard one server at a time.


For additional details I would suggest you to go through the Deploy software updates for Office SharePoint Server 2007 link

http://technet.microsoft.com/en-us/library/cc263467(office.12).aspx


POSSIBLE RISKS

I have mentioned below possible risks that are involved with any SharePoint update.

1. In the worst case scenario if the update installation fails and there is no way to recover then you should have an idea about how to restore your environment. For this you need to follow best practices mentioned above.

2. If any of your customization does not work post deployment of the update then you need to be able to redeploy it after installation of the update.


NOTE:
To identify the risks involved you need to apply the update in your test environment(replica of existing environment) and check if there are any issues post update.

Adding Distribution List to SharePoint

Distribustion lists which resolves in Outlook and works fine, will not directly add/use in SharePoint.

SharePoint Does not recoginize a DL until it should be added under Security Group in Active Directory.

For Example I have DL called ALL.EMP.This will works correctly and send email from the Outlook.

If You want to use this in SharePoint,You need to add this DL under Security group in AD.

Advantages:

One Shot you can add bulk users to Any Doc lib or Site.

SharePoint Site Collection Lock and Unlocking

Reasons for SharePoint Site Lock (Read only Mode)

1>Site Collection Backup cancelled or interrupted

2>Broken web part locks out SharePoint site

When upgrading a custom web part in SharePoint, it is REALLY important to uninstall the previous version of the web part and its referencing web pages or risk locking out all users including the Administrator from your website.

Impacts on the SharePoint site:
1> Site Collection will be turn into Read only mode.
Nothing can be saved.
2>All Farm administrators and site collection Administrator will get access denied on several pages like Create.aspx and AreaNavigation.aspx
3>You cannot able to add any user and not even you wont see the option to add user.
4>If you try to open through SharePoint designer it will open in Contributor mode(Content Author) and you cannot able to See code view and cannot copy or Modify any thing

Solution:
Go to Central Administration > Application Management > Site Collection Quotas and Locks
Select the Site Collection and chose the correct option to unlock the site as below.
Lock status for this site:
Not locked -- Select this option to unlock
Adding content prevented
Read-only (blocks additions, updates, and deletions)
No access

After Selecting the Option Not Lock, the issue will be resolved and you can able to view all the options :)

SharePoint Site - "Create Page" not working

Issue Description:

The "Create Page" option on the site has stopped working for all access permissions. It gives the following error "Error: Access Denied".

 

Resolution:

Give read access to NT AUTHORITY\authenticated users for the Master pages and page layouts under Siteactions --> Site settings --> galleries

Site Usage Reports in SharePoint portals

Overview of usage reports

The following usage reports are available:

• Site usage report Site administrators, including administrators of the Shared Services Administration site, can view usage reporting for their site by clicking Site usage reports in the Site Administration section of the Site Settings page.
  
• Site collection usage report Site collection administrators for most site collections can view usage reporting by clicking Site collection usage reports in the Site Collection Administration section of the Site Settings page.
  
• Site collection usage summary Site collection administrators for the Shared Services Administration site and individuals with personal sites can view the Site Collection Usage Summary page by clicking Usage summary in the Site Collection Administration section of the Site Settings page.
  

Search usage reports are also available and can be used to improve the relevance of search results to improve discoverability and collaboration of your personalized content and sites.

View usage reports

The following information is available in usage reports for both sites and site collections:

• Usage summary view:
  
  • Requests and queries in the last day and the last 30 days
    
  • A site collection summary including the following information:
    
    • Average number of requests per day over the last 30 days
      
    • Number of distinct users over the past 30 days
      
    • Number of distinct users yesterday
      
    • Number of requests yesterday
      
    • Number of queries yesterday
      
    • Number of queries over the past 30 days
      
  • A chart of the average number of requests per day over the last 30 days
    
  • A chart of requests per day over the last 30 days
    
  • A list of the top page requests over the last 30 days
    
  • A list of top users over the last 30 days
    
  • A chart of top referring hosts over the last 30 days
    
  • A chart of top referring pages over the last 30 days
    
  • A list of top destination pages over the last 30 days
    
• Requests view:
  
  • A chart of the average number of requests per day over the last 30 days
    
  • A chart of requests per day over the last 30 days
    
  • A list of the top page requests over the last 30 days
    
• Users view:
  
  • A chart of unique users over the past 30 days
    
  • A chart of the average number of unique users per day by month
    
  • User activity over the last 30 days.
    
• Referrers view:
  
  • A chart of top referring hosts over the last 30 days
    
  • A chart of top referring pages over the last 30 days
    
• Destination pages view:
  
  • A list of top destination pages over the last 30 days
    
  • Average requests per day over the past 30 days for the top destination pages
    
• Home page view:
  
  • Number of home page requests for the past 30 days
    
  • Average home page requests per day by month
    
  • Unique users for the home page over the past 30 days
    
  • Average number of unique users per day by month
    
  • Top referring pages to home page by average requests per day over the last 30 days
    
  • Top destination pages from home page by average requests per day over the last 30 days
    

Site collection administrators, but not site administrators, can monitor usage data for search queries and search results for all sites in the site collection. Search usage reporting must be enabled. The following additional information is available in site collection usage reports:

• Additional information in the usage summary view:
  
  • Top queries for the last 30 days
    
  • Search results top destination pages
    
• Search queries view:
  
  • Number of queries per day over the previous 30 days
    
  • Number of queries per month over the previous 12 months
    
  • Top queries for the last 30 days
    
  • Queries per search scope over the previous 30 days
    
• Search results view:
  
  • The top destination pages of search results
    
  • Queries with zero results
    
  • Most clicked best bets
    
  • Queries with zero best bets
    

View site collection usage summary page

The following information is available in the site collection usage summary that is available for the Shared Services Administration site and individual personal sites.

• Total amount of storage used by the site collection
  
• Percent of storage space used by Web Discussions
  
• Maximum storage space allowed
  
• Number of users for all sites in the hierarchy
  
• Total hits and recent bandwidth usage across all sites
  

OrgChart Webpart

AA OrgChart Webpart


It is commonly accepted that information can be better understood and digested visually rather than in verbal or written form. AASoftech’s organization charting products provide an intuitive and concise method to communicate organizational structure to executives, employees and senior managers.

AAOrgChartWebPart comprises of a very simple and intuitive user interface that allows easily search, locate, navigate and get essential contact information of employees and managers and find out reporting structure and hierarchy of an organization.


Three Level OrgChart

AAOrgChartWebPart consists of three connected web parts (Employee Locator, Employee Navigator and Organization Chart) that together provide main contact information and reporting structure of an organization.

AAOrgChartWebPart can be used in Windows SharePoint Services 2.0 as well as Windows SharePoint Services 3.0, SharePoint Portal Server 2003 and SharePoint Server 2007.

AAOrgChartWebPart is an HR solution used to create corporate organizational charts based on XML input data. It allows you to automatically examine your current employees’ information in an outlined format in an organization chart.

AAOrgChartWebPart can directly connect to SharePoint User Profile on SharePoint 2010 or MOSS (SharePoint Server 2007).

AAOrgChartWebPart also supports XML standard data format that can extracted from different databases (SQL, Oracle, DB2, and Access) or other files such as Excel. This allows organizations with different sizes be able to utilize their existing HR products (PeopleSoft, SAPs…) and provide input file for these web parts in XML format.

Download Url:
http://www.aasoftech.com/Products/OrgChartwebpart/Download.asp?product=WOP

This document resides in a document library that is not trusted.

Issue:

User created an OOB Approval workflow to get the approval for the doc.

when user clicking on the "EDIT THIS TASK" button from outlook window the user will get the below error message on the screen

"This document resides in a document library that is not trusted.
To participate in workflows on this document, add the document library to your list of trusted sites."

Resolution:

To resolve this issue, add the domain “*.contoso.net” to the Local Intranet Zone in IE browser settings.

Weird that SharePoint Site prompt username/password to access pages:

This problem can be bypassed by modifying some settings in IE. Specifically you need to add the SPS site to the list of sites in the Local Intranet Zone as follows.

1. Open IE
2. Click on Tools -> Internet Options
3. Select Security tab
4. Select Local Intranet Zone
5. Select Sites
6. Click Advanced
7. Add the base URL for your new SPS site to the list
8. Click OK
9. Click OK again.

Once this is done you need to configure IE to automatically log in using current username and password for sites in the Intranet Zone.

This will resolve the issue and user can able to approve the workflow from outlook.

Step by Step procedures to Deploy SharePoint 3rd party Solutions in SharePoint

Step by Step procedures to Deploy SharePoint 3rd party Solutions in SharePoint:
Blog software installation steps in Share Point 2010

Steps:

Step1: Deploying the solution by using STSADM command
• Add Solution
• Deploy Solution

Step2: Enable the Blog features site Level in the Central Admin

Example: http://sp2010dev:10000/_layouts/settings.aspx (Central Admin)

Step3: Enable the Blog features at Site Collection Level.

Example:http://sp2010dev:15000/_layouts/ManageFeatures.aspx(Blog)

Step4: Enable OOB CKS themes on Blog Site (Modifying the Web.config File)
Note: We need to login with the Farm administrator Credentials in the server

Add CKS:EBE Solution:
1. Open the command line for the server.
2. If stsadm.exe is not on the path, change directory to the SharePoint BIN directory:
cd %PROGRAMFILES%\Common Files\Microsoft Shared\web server extensions\14\BIN
3. Add the solution to the farm by running the addsolution command:
Stsadm -o addsolution –filename c:\cks\cks.ebe.wsp
Note: Either copy the wsp file to the directory “C:\cks” or change the –filename value to the location of the wsp file
Deploy CKS: EBE Solution
1. Continuing from the command line above, run the command:
stsadm -o deploysolution -name cks.ebe.wsp -immediate -allowgacdeployment
Activate the Web Application feature
You can activate the web application feature of CKS: EBE using Central Administration
Central Administration Activation:
1. From SharePoint Central Administration browse to Application Management.
2. In the SharePoint Web Application Management section choose Manage Web application features.
3. If necessary, change the Web Application selector to your blog site Web application.


4. Click the Activate button next to CKS: EBE Web Application Feature.
or Browse directly this link and enable
(http://sp2010dev:10000/_layouts/ManageFeatures.aspx)

Activate the Site Feature
Site Administration Activation
1. Browse to your Blog site.
2. Choose Site Actions | Site Settings.
3. In the Site Administration section choose Site features.(http://sp2010dev:15000/_layouts/ManageFeatures.aspx)
4. On the Site Features page choose the Activate button next to CKS:EBE Extensions.
Note: If we enable the above two features in the Central Admin and Blog Site then only we will able to see the following Tag in the Web.config file
< add name="CksEbeModule" type="CKS.EBE.BlogHttpModule, CKS.EBE,Version=0.1.0.0,Culture=neutral,PublicKeyToken=3e8b700c069fb747" / >

We can see the changes on our SharePoint web server(s) after deploying the solution :
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\FEATURES: Contains
CKS EBE
CKS EBE Themes
CKS EBE Webapp
C:\Windows\assembly: contains
CKS.EBE
CKS.EBE.SEARCH
C:\Program Files\Common Files\Microsoft Shared\Web Server extensions\14\TEMPLATE\LAYOUTS\cks\ebe:
Contains the utility pages like
Settings.aspx
TRACKBACK.ASPX

Enable OOB CKS themes on Blog Site:
Open web.config for Blog site and find the following line under section
< add name="CksEbeModule" type="CKS.EBE.BlogHttpModule, CKS.EBE,Version=0.1.0.0,Culture=neutral,PublicKeyToken=3e8b700c069fb747" / >
.
Go ahead and CUT that line above (we'll be pasting it somewhere else in a minute).
Next find the section simply labeled . In this section you will probably find 5 tags and 4 tags. Paste the "add" tag that you cut above so that it's after all the removes, but before the add's in the modules section. Also, you need to add a preCondition="integratedMode" attribute to this element. So, your whole section will look something like this (with your additions bolded below):



< modules runallmanagedmodulesforallrequests="true" >
< remove name="AnonymousIdentification" >
< remove name="FileAuthorization" >
< remove name="Profile" >
< remove name="WebDAVModule" >
< remove name="Session" >
< add name="CksEbeModule" precondition="integratedMode" type="CKS.EBE.BlogHttpModule, CKS.EBE, Version=0.1.0.0, Culture=neutral, PublicKeyToken=3e8b700c069fb747" >
< add name="SPRequestModule" precondition="integratedMode" type="Microsoft.SharePoint.ApplicationRuntime.SPRequestModule, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" >
< add name="ScriptModule" precondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" >
< add name="SharePoint14Module" precondition="integratedMode" >
< add name="StateServiceModule" type="Microsoft.Office.Server.Administration.StateModule, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" >
< add name="RSRedirectModule" type="Microsoft.ReportingServices.SharePoint.Soap.RSRedirectModule, RSSharePointSoapProxy, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" >
< add name="PublishingHttpModule" type="Microsoft.SharePoint.Publishing.PublishingHttpModule, Microsoft.SharePoint.Publishing, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" >
< /add > < /add > < /add > < /add > < /add > < /add > < /add > < /remove > < /remove > < /remove > < /remove > < /remove > < /modules >

Save and Close the Web.config file

After that open the url : http://server:port No/home.aspx

References :

http://cks.codeplex.com/releases/view/28520#DownloadId=130561
http://cks.codeplex.com/releases/view/28520#DownloadId=130559
http://www.thekickboard.com/archive/2010/07/24/running-cksebe-3-0-on-sharepoint-foundation-2010.aspx

Enable Access Requests in the SharePoint Site Collections

Enable Access Requests in the SharePoint Site Collection (Allow requests for access):

Scenario:

You are a SharePoint Administrator for XYZ Company. You are maintaining Many Share Point Sites in the SP portal.
You created many sites as per the Business requirement based on the Departments in the Organization.

Example:

Https://server/sites/HR/
Https://server/sites/IT/
Https://server/sites/Sales/
Https://server/sites/Marketing/

Each Site collection will be having one Primary Administrator and Secondary Administrator. These people should take care all the access requests for the particular Site.
In this Scenario the SharePoint Administrator will Enable the Access Requests with the Primary and Secondary Administrators Details i.e Email ids

Navigation Path: Site >Site Settings > Permissions
Under Permissions > Settings > Access Requests

or
Hint: Direct Access Request Page: Https://server/sites/IT/_layouts/setrqacc.aspx