21 October, 2012

Checking the User Profile Sync permissions – SharePoint 2010


When configuring the User Profile Sync in SharePoint, you would have certainly read up Spence Harbar’s post on configuring the User Profile Sync. If you haven’t, then here’s a link you should definitely bookmark:


Spence has by far the most comprehensive guide on configuring the UPS. If you read and understand the above post, you won’t go wrong with UPS configuration.
The aim of this post was to talk about a little less known script to check to see if your UPS permissions are set correctly.

The script is called PowerShell Administration Library for SharePoint – “Administration.ps1″ by Tobias Lekman.

You can a few handy functions. Really worth checking it out.

Since we are talking about User Profile, I want to draw your attention to an interesting function called Check-Replicatechanges. It’s as simple as loading up the PowerShell script and run a Check-Replicatechanges DOMAIN\UPSServiceAcc and it does a check on the specified User Profile Sync account to see if it has permissions fit for Forefront Identity Manager to perform its magic.


This tool is very handy if your AD infrastructure is run by another team and you don’t have Domain Admin permissions.

http://lekman.codeplex.com/releases/view/65930

Curtsey: www.jeremytaylor.net.

There was an error in callback


Problem Description:
When you search for user accounts using "Browse" People-Picker icon, the following error message may occur and the user accounts may not be resolved

Error Message:
"There was an error in callback".

Probable cause:
This issue normally happens if WSS_WPG group does not have any permissions on this registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure".

By default, WSS_WPG group has FULL control access to the above mentioned registry key.

This particular key contains a binary value called AppCredentialKey – it is used to encrypt/decrypt the data passed by PeoplePicker-SearchADForests. This key is created using setapppassword command and used in one way trust relationships. Application pool accounts need at least read access to the above mentioned registry key for successful People Picker behavior.

Resolution
1)      Check WSS_WPG group permissions and confirm whether the application pool account of the web application present in that group 
2)      Later check the registry key - "HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure" and identify permissions allocated for WSS_WPG group in the Permissions window of the registry key.
3)      If WSS_WPG group does not present in Permissions window, add the 'WSS_WPG' group with read or full control permissions.  

If you have any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues. Thank you.

19 October, 2012

SharePoint Connections


SharePoint Connections will help corporations get more out of SharePoint. 

Fall 2012 SharePoint Connections is your independent, technical conference, offering you the latest information about SharePoint 2013 as well as how to use SharePoint 2010 and earlier SharePoint versions to their fullest potential. Our SharePoint experts teach you the latest SharePoint technical knowledge and how to apply it to your situation. 

At SharePoint Connections, Microsoft SharePoint MVPs and SharePoint technical trainers interact with you and your peers, members of the SharePoint community, in workshops and one on one. You'll learn from experts who will teach you techniques to make SharePoint work in the real world. And you'll get your questions answered and come away with knowledge that will benefit your company, your coworkers, and yourself. 

Who will be speaking at SharePoint Connections? Experienced technical presenters, who have taken SharePoint apart, studied it thoroughly, used it in the real world, and figured out how it works. We choose speakers based on their SharePoint expertise, their technical knowledge about administration or development issues, and their ability to explain what they know so you understand it. 

Don't miss SharePoint Connections if you are a SharePoint admin or developer who needs technical information and real-world help with SharePoint's many challenges, including
  • Administering SharePoint
  • Developing for SharePoint
  • Customizing and integrating SharePoint into your business
  • Fine-tuning your deployment
  • Making SharePoint work for your end-users' needs
  • Plus SQL Server and SharePoint, SharePoint and Visual Studio, SharePoint performance, search in SharePoint, SharePoint social features, and so much more!
Use one of the two ways to register today!

Online Registration or Phone 203-400-6121


14 October, 2012

Your client does not support opening this list with Windows Explorer

Few days before, one of my clients reported an issue in which he is not able to open the document library in explorer view. One thing I would like to highlight here is that the resolution of this issue varies from OS to OS (OS: Operation System) so that’s why I have mentioned the machine configuration in the next point.

Machine configuration:
Operating System: Windows Vista
Explorer Version: IE 8.0
Office Version: Office 2010

Error Message:
Your client does not support opening this list with Windows Explorer

Checks to be followed:

Start / Restart Web Client Service
1)      Open the "Run" prompt (key combination Start+R)
2)      Type services.msc and press Enter.
3)      Locate Web Client service
4)      Make sure your service startup mode is set to automatic (right click it, select "Properties", and under "General" tab select "Automatic" from the "Startup Type" dropdown"
5)      Start the service or restart it if it’s already running.

Auto-detection of proxy
the way to turn this off is in Internet Explorer:
1)      In Tools select Internet options.
2)      Select Connections tab
3)      Click Lan settings button
4)      Under Automatic configuration clear the automatically detect settings checkbox.

If you have any queries/questions regarding the above mentioned information then please let me know, Thank you.

11 October, 2012

How can you set up RMS-based protection to the documents users store in SharePoint?


You can use Windows Rights Management Services (RMS) to protect SharePoint documents in the two most recent releases of SharePoint; SharePoint Server 2010 and SharePoint Server 2007 both include RMS support. However, there are some restrictions and complexities you should be aware of if you plan to set up RMS with your SharePoint installations.

An important thing to know is that RMS can only encrypt SharePoint documents and subject them to RMS access control restrictions when they are downloaded from a SharePoint 2010 or SharePoint 2007 document library. RMS doesn't leave SharePoint documents encrypted while they're stored on the SharePoint server. This restriction exists so that SharePoint can index and scan the documents on a SharePoint storage provider. RMS applies its restrictions to a document only right before it's downloaded to a client computer. Similarly, when an RMS-protected document is uploaded to a SharePoint site, RMS removes all protection from the document until a new download request is received.

SharePoint-RMS integration ensures that security restrictions are enforced even after a document has left a SharePoint server, which is something that can't be achieved using the standard SharePoint permissions. SharePoint-RMS integration also automatically enforces an organization's RMS document security policies. A SharePoint administrator can centrally define different RMS policies for the document libraries hosted on a SharePoint server. Therefore, individual users don't have to decide what protection they need to apply to documents they post in SharePoint libraries. RMS permissions are defined at the SharePoint document library level: Documents in a library automatically inherit the library's RMS permissions. This protection applies to both existing and new documents in the SharePoint library.

The RMS protection of SharePoint data is, just like the RMS protection that's bundled with Windows and Microsoft Office, only possible for certain file formats. Out of the box, it supports Word, Excel, PowerPoint, InfoPath, and XPS files. Extensions to apply RMS protection to other file formats (e.g., .pdf, .cad) can be added through special software from Microsoft partners such as Liquid Machines (now part of Check Point Software Technologies) and GigaTrust.

RMS support for SharePoint can be set up using either RMS SP2 or RMS V2, which is bundled with Windows Server 2008. Provided you already have a functioning RMS infrastructure, enabling RMS protection in SharePoint is relatively straightforward. The main configuration actions are
  • enabling RMS support on the SharePoint server
  • setting the actual RMS restrictions in the configuration of a given document library
You can enable RMS support in SharePoint by selecting either the Use the default RMS server specified in Active Directory or Use this RMS server option in the Information Rights Management section of the SharePoint Central Administration\Operations configuration section.

To set RMS restrictions on a SharePoint document library you must use the Information Rights Management section in the Permissions and Management configuration section of the document library. When you select the Restrict permission to documents in this library on download check box, you can further refine the RMS protection as follows:
  • Allow users to print documents.
  • Enforce users to verify their credentials every x number of days. This setting can be useful when someone who has access to RMS-protected confidential data leaves your organization; the individual will retain access to the data only for x days after his or her last successful authentication to an RMS server.
  • Reject files that don't support Microsoft Information Rights Management (IRM). Selecting this option results in SharePoint rejecting the upload of document formats that don't support RMS.
  • Remove RMS protection on a particular date. This setting is useful for publishing company financial results, for instance. After the quarterly results are published, the RMS protection policy on the quarterly results SharePoint library automatically changes -- meaning that the RMS restrictions are removed.
Microsoft provides more detailed guidance on how to set up SharePoint-RMS integration in the article "Deploying Windows Rights Management Services with Microsoft Office SharePoint Server 2007 Step-By-Step Guide," which is available from Microsoft's website.

Courtesy: www.sharepointpromag.com