Java script to hide the Top Visitors Link SharePoint

 Java script to hide the Top Visitors link in Sharepoint

Addd  the Java script below the tag line

  asp:Content ID="Content1" runat="server" ContentPlaceHolderID="PlaceHolderLeftNavBar" 



Java script to hide the Top Visitors Url 

  script type="text/javascript"
var cc = document.getElementsByTagName("a");
for (var i=0; i{
if (cc[i].href =="http://servername:80/sites/Test/_layouts/WebAnalytics/Report.aspx?t=TopVisitorsReport&l=s" ||cc[i].href =="http://servername:80/sites/Test/_layouts/WebAnalytics/Report.aspx?t=TopVisitorsReport&l=sc")

{

  cc[i].style.display="none";
}

}
/script



Disadvantages:

Hide the url but if the user know the direct link means user can able to see the Top visitors list.
Hide the Top visitor link only site collection level only not Web application level

Playing Youtube Video's in Sharepoint

Playing Youtube Video's in Sharepoint  Procedure:

SharePoint Media web part only supports limited file formats . they WMV (including VC-1), MP4 (H.264), 3GP . If we want to use other file formats means , we need to convert them into supported file formats.

but here used another alternate option  by using content Editor webpart.

Procedure :

1.   Go to YouTube video which you want to embed and copy the video embedded code , should be something like this,

iframe title="YouTube video player" width="480" height="390" src="http://www.youtube.com/embed/ZxwKggJ2ACs" frameborder="0" allowfullscreen

2.   Open notepad and past the above code there, and save the file with name something like “video.txt”.

3.   Go to SharePoint site and open a document library and upload the “videotest.txt” file.

4.   Now go to the page where you want to embed the video and add a content editor web part on page.

5.   Go to the document library where you already added “videotest.txt” file, right click on file and click on “copy shortcut”.

6.   Now go back to the page where you have added the content editor web part, click on web part and select “Edit webpart”.

7.   In the “custom link” property paste the “videotest.txt” shortcut value(already copied in step 5)

8.   Click Ok.

Add a content database

Add a content database (Office SharePoint Server 2007)

Good article From MS on "how to add a new content database to a server"

Add a database to a Web application

In the user interface, use this procedure to create a new database and assign it to a SharePoint Web application.
Before you begin, check that you know the name of the database server used for the farm you are connecting to.

Important:
The account used to restore the databases must be a member of the Administrators group on the local computer and the SQL Server dbcreator fixed server role to complete the following procedure.

Add a database to a Web application by using the user interface

1. Start the SharePoint Central Administration Web site.
   
2. On the Application Management page, in the SharePoint Web Application Management section, click Content databases.
   
3. On the Manage Content Databases page, click Add a content database.
   
4. On the Add Content Database page:
   
   1. Select a Web application for the new database.
      
   2. Select a database server to host the new database.
      
   3. Specify the authentication method the new database will use and supply an account name and password if necessary.
      
   4. Specify both the total number of top-level sites that can be created in the database and the number at which a warning will be issued.
      
5. Click OK.
   

Use the following procedure to create a new database and assign it to a SharePoint Web application by using the Stsadm command line tool.

Important:
You must be a member of the Administrators group on the local server computer and the SQL Server dbcreator fixed server role to complete the following procedure.

Add a database to a Web application by using the Stsadm command-line tool

1. At a command prompt on the drive where SharePoint Products and Technologies is installed, change to the following directory:
   %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\12\Bin
   
2. Type the following command, and then press ENTER:Stsadm -o addcontentdb -url-databasename
   where url is the URL of the Web application to which the content database is being added and database name is the name of the database that you want to add.
   For more information, see Addcontentdb: Stsadm operation (Office SharePoint Server).
   

About account permissions and security settings

Account permissions and security settings (SharePoint Server 2010)

Good article from MS on Account permissions and security settings (SharePoint Server 2010)

In this MICROSOFT article:

• About account permissions and security settings
  
  
• Administrative accounts
  
  
• Service application accounts
  
  
• Database roles
  
  
• Group permissions
  
  

This article describes Microsoft SharePoint Server 2010 administrative and services account permissions. It covers the following areas: Microsoft SQL Server, the file system, file shares, and registry entries.

About account permissions and security settings

Many of the SharePoint Server 2010 baseline account permissions and security settings are configured by the SharePoint Configuration Wizard (Psconfig) and the Farm Creation Wizard, both of which are run during a Complete installation.

Administrative accounts

Most of the SharePoint Server 2010 administrative account permissions are configured automatically during the setup process by one of the following SharePoint Server 2010 components:

• The SharePoint Configuration Wizard (Psconfig).
  
• The Farm Creation Wizard.
  
• The SharePoint Central Administration Web site.
  
• Windows PowerShell.
  

Setup user administrator account

This account is used to set up each server in your farm by running The SharePoint Configuration Wizard, the initial Farm Creation Wizard, and Windows PowerShell. For the examples in this article, the setup user administrator account is used for farm administration, and it can be managed using Central Administration. Some configuration options require local administration permissions: for example, configuration of the SharePoint Server 2010 Search query server. The setup user administrator account requires the following permissions:

• It must have domain user account permissions.
  
• It must be a member of the local administrators group on each server in the SharePoint Server 2010 farm, excluding SQL Server and the Simple Mail Transfer Protocol (SMTP) server.
  
• This account must have access to the SharePoint Server 2010 databases.
  
• If you use any Windows PowerShell operations that affect a database, the setup user administrator account must be a member of the db_owner role.
  
• This account must be assigned to the securityadmin and dbcreator SQL Server security roles during setup and configuration.
  

Note:
The securityadmin and dbcreator SQL Server security roles might be required for this account during a complete version to version upgrade because new databases might have to be created and secured for services.

After you run the configuration wizards, machine-level permissions for the setup user administrator account include:

• Membership in the WSS_ADMIN_WPG Windows security group.
  
• Membership in the IIS_WPG role.
  

After you run the configuration wizards, database permissions include:

• db_owner on the SharePoint Server 2010 server farm configuration database.
  
• db_owner on the SharePoint Server 2010 Central Administration content database.
  

Warning:
If the setup user administrator account is removed as a login from the computer running SQL Server, the configuration wizards will not run correctly. If you run the configuration wizards using an account that does not have the appropriate special SQL role membership, or access as db_owner on the databases, the configuration wizards will not run correctly.

Farm service account

The server farm account is also referred to as the database access account and is used as the application pool identity for Central Administration, and as the process account for the Microsoft SharePoint Foundation 2010 Timer service. The server farm account requires the following permissions:

• It must have domain user account permissions.
  

Additional permissions are automatically granted to the server farm account on Web servers and application servers that are joined to a server farm.
After you run the SharePoint Configuration Wizard, machine-level permissions include:

• Membership in the WSS_ADMIN_WPG Windows security group for the SharePoint Foundation 2010 Timer service.
  
• Membership in WSS_RESTRICTED_WPG for the Central Administration and Timer service application pools.
  
• Membership in WSS_WPG for the Central Administration application pool.
  

After you run the configuration wizards, SQL Server and database permissions include:

• Dbcreator fixed server role.
  
• Securityadmin fixed server role.
  
• db_owner for all SharePoint Server 2010 databases.
  
• Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint Server 2010 server farm configuration database.
  
• Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint Server 2010 SharePoint_Admin content database.
  

Microsoft SharePoint Foundation 2010 search service account

The SharePoint Foundation 2010 search service account is used as the service account for the SharePoint Foundation 2010 Search service. The SharePoint Foundation 2010 search service account requires the following permission configuration settings:

• This account must have domain user account permissions.
  

The following machine-level permission is configured automatically: The search service account is a member of WSS_WPG.
The following SQL Server and database permissions are conferred by membership in the WSS_CONTENT_APPLICATION_POOLS role in the server farm configuration database:

• Read access to the server farm configuration database.
  
• Read access to the SharePoint_Admin content database.
  
• This account is assigned the db_owner role for the SharePoint Foundation 2010 search database.
  

Microsoft SharePoint Foundation 2010 search content access account

The SharePoint Foundation 2010 search content access account is used by the SharePoint Foundation 2010 Search service to crawl content across sites. The SharePoint Foundation 2010 search content access account requires the following permission configuration settings:

• This account must have domain user account permissions.
  
• This account must not be a member of the farm administrators group.
  

The following SQL Server and database permissions are configured automatically:

• Read access to the server farm configuration database.
  
• Read access to the SharePoint_Admin content database.
  
• This account is assigned to the db_owner role for the SharePoint Foundation 2010 search database.
  

A full Read policy for the SharePoint Foundation 2010 search content access account is created on all Web applications.

Service application accounts

This section describes the service application accounts that are setup by default during installation.

Application pool account

The application pool account is used for application pool identity. The application pool account requires the following permission configuration settings:
The following machine-level permission is configured automatically: The application pool account is a member of WSS_WPG.
The following SQL Server and database permissions for this account are configured automatically:

• The application pool accounts for Web applications are assigned to the db_owner role for the content databases.
  
• This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database.
  
• This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint_Admin content database.
  

SharePoint Server search service account

The SharePoint Server 2010 Search service account is used as the service account for the SharePoint Server 2010 Search service. The SharePoint Server Search Service is an NT Service, which is used by all Search Service Applications. For any given server, there is only one instance of this service. The SharePoint Server 2010 search service account requires the following permission configuration setting: The SharePoint Server 2010 search service account is granted access to the propagation location share (or shares) on all search query servers in a farm.
The following machine-level permission is configured automatically: The SharePoint Server 2010 search service account is a member of WSS_WPG.
The following SQL Server and database permissions are configured automatically:

• This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database.
  
• This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint_Admin content database.
  

Default content access account

The default content access account is used within a specific service application to crawl content, unless a different authentication method is specified by a crawl rule for a URL or URL pattern. This account requires the following permission configuration settings:

• The default content access account must be a domain user account and it must have read access to external or secure content sources that you want to crawl by using this account.
  
• For SharePoint Server sites that are not part of the server farm, this account must be explicitly granted full read permissions to the Web applications that host the sites.
  
• This account must not be a member of the farm administrators group.
  

Content access accounts

Content access accounts are accounts that are configured to access content by using the Search administration crawl rules feature. This type of account is optional and can be configured when you create a new crawl rule. For example, external content (such as a file share) might require this separate content access account. This account requires the following permission configuration settings:

• The content access account must have read access to external or secure content sources that this account is configured to access.
  
• For SharePoint Server sites that are not part of the server farm, this account must be explicitly granted full read permissions to the Web applications that host the sites.
  

Excel Services unattended service account

The Excel Services unattended service account is used by Excel Services to connect to external data sources that require a user name and password that are based on operating systems other than Windows for authentication. If this account is not configured, Excel Services will not attempt to connect to these types of data sources. Although account credentials are used to connect to data sources of operating systems other than Windows, if the account is not a member of the domain, Excel Services cannot access it. This account must be a domain user account.

My Sites application pool account

The My Sites application pool account must be a domain user account. This account must not be a member of the farm administrators group.
The following machine-level permission is configured automatically: This account is a member of WSS_WPG.
The following SQL Server and database permissions are configured automatically:

• This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database.
  
• This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint_Admin content database.
  

Other application pool accounts

The other application pool account must be a domain user account. This account must not be a member of the administrators group on any computer in the server farm.
The following machine-level permission is configured automatically: This account is a member of WSS_WPG.
The following SQL Server and database permissions are configured automatically:

• This account is assigned to the db_owner role for the content databases.
  
• This account is assigned to the db_owner role for search databases associated with the Web application.
  
• This account must have read and write access to the associated service application database.
  
• This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database.
  
• This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint_Admin content database.
  

Database roles

This section describes the database roles that are either setup by default during installation, or that can be optionally configured.

WSS_CONTENT_APPLICATION_POOLS database role

The WSS_CONTENT_APPLICATION_POOLS database role applies to the application pool account for each Web application that is registered in SharePoint. This enables the Web applications to query and update the site map, and have read-only access to other items in the configuration database. Setup assigns the WSS_CONTENT_APPLICATION_POOLS role to the following databases:

• The SharePoint_Config database (the configuration database).
  
• The SharePoint_AdminContent database.
  

Members of the WSS_CONTENT_APPLICATION_POOLS role are granted the execute permission for a subset of the stored procedures for the database. In addition, members of this role are granted the select permission to the Versions table (dbo.Versions) in the SharePoint_AdminContent database. For other databases, the accounts planning tool indicates that access to read these databases is automatically configured. In some cases, limited access to write to a database is also automatically configured. To provide this access, permissions for stored procedures are configured. For the SharePoint_Config database, for example, access to the following stored procedures is automatically configured:

• proc_dropEmailEnabledList
  
• proc_dropEmailEnabledListsByWeb
  
• proc_dropSiteMap
  
• proc_markForDeletionEmailEnabledList
  
• proc_markForDeletionEmailEnabledListsBySite
  
• proc_markForDeletionEmailEnabledListsByWeb
  
• proc_putDistributionListToDelete
  
• proc_putEmailEnabledList
  
• proc_putSiteMap
  

WSS_SHELL_ACCESS database role

The secure WSS_SHELL_ACCESS database role on the configuration database replaces the need to add an administration account as a db_owner on the configuration database. By default, the setup account is assigned to the WSS_SHELL_ACCESS database role. Membership in this role is granted and removed by using a Windows PowerShell command. Setup assigns the WSS_SHELL_ACCESS role to the following databases:

• The SharePoint_Config database (the configuration database).
  
• One or more of the SharePoint Content databases. This is configurable by using the Windows PowerShell command that manages membership, and the object assigned to this role.
  

Members of the WSS_SHELL_ACCESS role are granted the execute permission for all of the stored procedures for the database. In addition, members of this role are granted the read and write permissions on all of the database tables.

Group permissions

This section describes permissions of groups that are created by the SharePoint Server 2010 setup and configuration tools.

WSS_ADMIN_WPG

WSS_ADMIN_WPG has read and write access to local resources. The application pool accounts for the Central Administration and Timer services are in WSS_ADMIN_WPG. The following table shows the WSS_ADMIN_WPG registry entry permissions.

 

Key name		Permissions	Inherit		Description
HKEY_CLASSES_ROOT\APPID\{58F1D482-A132-4297-9B8A-F8E4E600CDF6}		Full control	N/A		This is the SharePoint Server 2010 Search service COM Application.
HKEY_CLASSES_ROOT\APPID\{6002D29F-1366-4523-88C1-56D59BFEF8CB}		Full control	N/A		This is the SharePoint Foundation 2010 Search service COM Application.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS		Full control	N/A		N/A
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\14.0\Registration\{90120000-110D-0000-0000-0000000FF1CE}		Read, write	N/A		N/A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server		Read	No		This key is the root of the SharePoint Server 2010 registry settings tree. If this key is altered, SharePoint Server 2010 functionality will fail.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\14.0		Full control	No		This key is the root of the SharePoint Server 2010 registry settings.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\14.0\LoadBalancerSettings	Read, write			No	This key contains settings for the document conversion service. Altering this key will break document conversion functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\14.0\LauncherSettings	Read, write			No	This key contains settings for the document conversion service. Altering this key will break document conversion functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\14.0\Search	Full control			N/A	N/A
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Search	Full control			N/A	N/A
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure	Full control			No	This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint Server installation on the machine will not function.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\WSS		Full control	Yes		This key contains settings used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

The following table shows the WSS_ADMIN_WPG file system permissions.

 

File system path		Permissions	Inherit		Description
%AllUsersProfile%\Application Data\Microsoft\Sharepoint		Full control	No		This directory contains the file-system-backed cache of the farm configuration. Processes might fail to start and the administrative actions might fail if this directory is altered or deleted.
C:\Inetpub\wwwroot\wss		Full control	No		This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted, unless custom IIS Web site paths are provided for all IIS Web sites extended with SharePoint Server.
%ProgramFiles%\Microsoft Office Servers\14.0		Full control	No		This directory is the installation location for SharePoint Server 2010 binaries and data. The directory can be changed during installation. All SharePoint Server 2010 functionality will fail if this directory is removed, altered, or removed after installation. Membership in the WSS_ADMIN_WPG Windows security group is required for some SharePoint Server 2010 services to be able to store data on disk.
%ProgramFiles%\Microsoft Office Servers\14.0\WebServices		Read, write	No		This directory is the root directory where back-end Web services are hosted, for example, Excel and Search. The SharePoint Server 2010 features that depend on these services will fail if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\14.0\Data		Full control	No		This directory is the root location where local data is stored, including search indexes. Search functionality will fail if this directory is removed or altered. WSS_ADMIN_WPG Windows security group permissions are required to enable search to save and secure data in this folder.
%ProgramFiles%\Microsoft Office Servers\14.0\Logs		Full control	Yes		This directory is the location where the run-time diagnostic logging is generated. Logging functionality will not function properly if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\14.0\Data\Office Server	Full control			Yes	Same as the parent folder.
%windir%\System32\drivers\etc\HOSTS	Read, write			N/A	N/A
%windir%\Tasks	Full control			N/A	N/A
%COMMONPROGRAMFILES%Microsoft Shared\Web Server Extensions\14	Modify			Yes	This directory is the installation directory for core SharePoint Server files. If the access control list (ACL) is modified, feature activation, solution deployment, and other features will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\ADMISAPI	Full control			Yes	This directory contains the soap services for Central Administration. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\CONFIG		Full control	Yes		This directory contains files used to extend IIS Web sites with SharePoint Server. If this directory or its contents are altered, Web application provisioning will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\LOGS		Full control	No		This directory contains setup and run-time tracing logs. If the directory is altered, diagnostic logging will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\Data		Full control	Yes		N/A
%windir%\temp		Full control	Yes		This directory is used by platform components on which SharePoint Server depends. If the ACL is modified, Web Part rendering and other deserialization operations might fail.
%windir%\System32\logfiles\SharePoint		Full control	No		This directory is used by SharePoint Server usage logging. If this directory is modified, usage logging will not function correctly.
%systemdrive\program files\Microsoft Office Servers\14 folder on Index servers		Full control	N/A		This permission is granted for a %systemdrive\program files\Microsoft Office Servers\14 folder on Index servers.

WSS_WPG

WSS_WPG has read access to local resources. All application pool and services accounts are in WSS_WPG. The following table shows WSS_WPG registry entry permissions.

 

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\14.0		Read	No		This key is the root of the SharePoint Server 2010 registry settings.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\14.0\Diagnostics		Read, write	No		This key contains settings for the SharePoint Server 2010 diagnostic logging. Altering this key will break the logging functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\14.0\LoadBalancerSettings		Read, write	No		This key contains settings for the document conversion service. Altering this key will break document conversion functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\14.0\LauncherSettings		Read, write	No		This key contains settings for the document conversion service. Altering this key will break document conversion functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure		Read	No		This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint Server installation on the machine will not function.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\WSS		Read	Yes		This key contains settings used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

The following table shows the WSS_WPG file system permissions.

 

File system path		Permissions	Inherit		Description
%AllUsersProfile%\Application Data\Microsoft\Sharepoint		Read	No		This directory contains the file-system-backed cache of the farm configuration. Processes might fail to start and the administrative actions might fail if this directory is altered or deleted.
C:\Inetpub\wwwroot\wss		Read, execute	No		This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted, unless custom IIS Web site paths are provided for all IIS Web sites extended with SharePoint Server.
%ProgramFiles%\Microsoft Office Servers\14.0		Read, execute	No		This directory is the installation location for the SharePoint Server 2010 binaries and data. It can be changed during installation. All SharePoint Server 2010 functionality will fail if this directory is removed, altered, or moved after installation. WSS_WPG read and execute permissions are required to enable IIS sites to load SharePoint Server 2010 binaries.
%ProgramFiles%\Microsoft Office Servers\14.0\WebServices		Read	No		This directory is the root directory where back-end Web services are hosted, for example, Excel and Search. The SharePoint Server 2010 features that depend on these services will fail if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\14.0\Logs		Read, write	Yes		This directory is the location where the run-time diagnostic logging is generated. Logging functionality will not function properly if this directory is removed or altered.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\ADMISAPI		Read	Yes		This directory contains the soap services for Central Administration. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\CONFIG	Read			Yes	This directory contains files used to extend IIS Web sites with SharePoint Server. If this directory or its contents are altered, Web application provisioning will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\LOGS	Modify			No	This directory contains setup and run-time tracing logs. If the directory is altered, diagnostic logging will not function correctly.
%windir%\temp	Read			Yes	This directory is used by platform components on which SharePoint Server depends. If the ACL is modified, Web Part rendering, and other deserialization operations may fail.
%windir%\System32\logfiles\SharePoint	Read			No	This directory is used by SharePoint Server usage logging. If this directory is modified, usage logging will not function correctly.
%systemdrive\program files\Microsoft Office Servers\14	Read, execute			N/A	The permission is granted for %systemdrive\program files\Microsoft Office Servers\14 folder on Index servers.

Local service

The following table shows the local service registry entry permission:

 

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\14.0\LoadBalancerSettings		Read	No		This key contains settings for the document conversion service. Altering this key will break document conversion functionality.

The following table shows the local service file system permission:

 

File system path		Permissions	Inherit		Description
%ProgramFiles%\Microsoft Office Servers\14.0\Bin		Read, execute	No		This directory is the installed location of the SharePoint Server 2010 binaries. All the SharePoint Server 2010 functionality will fail if this directory is removed or altered.

Local system

The following table shows the local system registry entry permissions:

 

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\14.0\LauncherSettings		Read	No		This key contains settings for the document conversion service. Altering this key will break document conversion functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure		Full control	No		This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint Server installation on the machine will not function.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure\FarmAdmin		Full control	No		This key contains the encryption key used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\WSS		Full control	Yes		This key contains settings used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

The following table shows the local file system permissions:

 

File system path		Permissions	Inherit		Description
%AllUsersProfile%\Application Data\Microsoft\Sharepoint		Full control	No		This directory contains the file-system-backed cache of the farm configuration. Processes might fail to start and administrative actions might fail if this directory is altered or deleted.
C:\Inetpub\wwwroot\wss		Full control	No		This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted, unless custom IIS Web site paths are provided for all IIS Web sites extended with SharePoint Server.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\ADMISAPI		Full control	Yes		This directory contains the soap services for Central Administration. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\CONFIG		Full control	Yes		If this directory or its contents are altered, Web Application provisioning will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\LOGS		Full control	No		This directory contains setup and run-time tracing logs. If the directory is altered, diagnostic logging will not function correctly.
%windir%\temp		Full control	Yes		This directory is used by platform components on which SharePoint Server depends. If the ACL is modified, Web Part rendering, and other deserialization operations might fail.
%windir%\System32\logfiles\SharePoint	Full control			No	This directory is used by SharePoint Server for usage logging. If this directory is modified, usage logging will not function correctly.

Network service

The following table shows the network service registry entry permission:

 

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\14.0\Search\Setup		Read	N/A		N/A

Administrators

The following table shows the administrators registry entry permissions:

 

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure		Full control	No		This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint Server installation on the machine will not function.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure\FarmAdmin		Full control	No		This key contains the encryption key used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\WSS		Full control	Yes		This key contains settings used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

The following table shows the administrators file system permissions:

 

File system path		Permissions	Inherit		Description
%AllUsersProfile%\Application Data\Microsoft\Sharepoint		Full control	No		This directory contains the file-system-backed cache of the farm configuration. Processes might fail to start and administrative actions might fail if this directory is altered or deleted.
C:\Inetpub\wwwroot\wss		Full control	No		This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted, unless custom IIS Web site paths are provided for all IIS Web sites extended with SharePoint Server.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\ADMISAPI		Full control	Yes		This directory contains the soap services for Central Administration. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\CONFIG		Full control	Yes		If this directory or its contents are altered, Web application provisioning will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\LOGS		Full control	No		This directory contains setup and run-time tracing logs. If the directory is altered, diagnostic logging will not function correctly.
%windir%\temp		Full control	Yes		This directory is used by platform components on which SharePoint Server depends. If the ACL is modified, Web Part rendering, and other deserialization operations might fail.
%windir%\System32\logfiles\SharePoint	Full control			No	This directory is used for SharePoint Server usage logging. If this directory is modified, usage logging will not function correctly.

WSS_RESTRICTED_WPG

WSS_RESTRICTED_WPG can read the encrypted farm administration credential registry entry. WSS_RESTRICTED_WPG is only used for encryption and decryption of passwords stored in the configuration database. The following table shows the WSS_RESTRICTED_WPG registry entry permission:

 

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure\FarmAdmin		Full control	No		This key contains the encryption key used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.

Users group

The following table shows the users group file system permissions:

 

File system path		Permissions	Inherit		Description
%ProgramFiles%\Microsoft Office Servers\14.0		Read, execute	No		This directory is the installation location for SharePoint Server 2010 binaries and data. It can be changed during installation. All SharePoint Server 2010 functionality will fail if this directory is removed, altered, or moved after installation.
%ProgramFiles%\Microsoft Office Servers\14.0\WebServices\Root		Read, execute	No		This directory is the root directory where back-end root Web services are hosted. The only service initially installed on this directory is a search global administration service. Some of the search administration functionality using the server-specific Central Administration Search Settings page will not work if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\14.0\Logs		Read, write	Yes		This directory is the location where the run-time diagnostic logging is generated. Logging will not function properly if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\14.0\Bin		Read, execute	No		This directory is the installed location of SharePoint Server 2010 binaries. All of the SharePoint Server 2010 functionality will fail if this directory is removed or altered.

All Office SharePoint Server service accounts

The following table shows the all Office SharePoint Server service accounts file system permission:

 

File system path		Permissions	Inherit		Description
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\LOGS		Modify	No		This directory contains setup and run-time tracing logs. If this directory is altered, diagnostic logging will not function correctly. All SharePoint Server service accounts must have write permission to this directory.

User Profile Synchronization service which got stuck at "Starting" state

Issue:

Today I faced an interesting issue which was struck to get started with the UserProfileSynchronization service in the Prodction server.

Best way to solve this issue is through Windows PowerShell by using Stop-SPServiceInstance

Description: User Profile Synchronization service which got stuck at "Starting" state

Resolution:

Get-SPServiceInstance > d:\"List of Services.txt"

Stop-SPServiceInstance -identity ab19ee97-4106-4677-ba7e-52166fef8289

TypeName                         Status                   Id
--------                                 ------                    --
User Profile Synchronization ... Unpro... ab19ee97-4106-4677-ba7e-52166fef8289

Note: It is not required to  change any FIM services,they will start automatically.