What are the accounts used in SharePoint Foundation 2010 for a least privileged configuration

In Many Organization while Implementing  SharePoint 2010 . the first question which may arise is What are the account we need to create and what are the permission levels it should have . I have tried my best to collate the things together and text it in my Blog .


The setup account: This is the account with which the useris logged that runs the setup. This account must be a local administrator on all systems where SharePoint Foundation 2010 setup is run.

Post-Setup Configuration Run-As user: This is the user that runs the PSC tool.
This user must also be a local administrator
PSC runs a prerequisites check .
In addition to being a local administrator on all computers running Office Server, this account also has the following requirements on a remote server running SQL Server to be used as part of a SharePoint Foundation 2010 Services farm

Must be a SQL login
Must be a member of the SQL Server Database Creators Role
Must be a member of the SQL Server Security Administrators Role
This account need not be a local administrator on the server running SQL Server

Thisis the only account given explicit rights on SQL. It will give the database access account the SQL privileges it needs because it has the rights to do so.

The database access account: This is the account that is specified to the PSC tool when creating or connecting to a Configuration Database.
This account need not be the same as the PSC Run-As user and it need notbe a local administrator on any computer running Office Server.
It should also not be a local administrator on the SQL server, and doesnot require any SQL permissions in advance of creating a configuration database. Many of us refer to this as the “farm admin” account, but thisis misleading. The user that accesses the Central Admin Web pages to perform farm administrative activities is the farm admin account.

Central Admin App Pool ID:This account is “automatically” configured by the PSC tool to be the same account as the database access account that is stipulated to the PSC tool when creating a configuration database. This account and the SPTimer account constitute one exception to separate accounts being usedfor all account types.

The SPTimer account: As with the Central Admin App Pool ID, this account is “automatically” configured by the PSC tool to be the same account as the database accessaccount that is stipulated to the PSC tool when creating a configuration database.

The Farm Admin account: As mentioned earlier, this is the user that accesses the Central Admin Web pages to perform farm administrative functions.
This account can create Web applications, site collections, SSPs, configure Search, IFSS, Profile Imports, assigning permissions, and so on.

The following users do not have email address specified

Problem Description:

Unable to set alert on a List for single or multiple users

Error Message:

The following users do not have email address specified: <Username>

Probable cause:

The user’s profiles are not updated in SharePoint even though everything is setup up correctly in Active Directory and in Exchange.

Troubleshooting done:

1.   Checked if the user is stamped with an email address automatically.

2.   If the user's email address is set manually, need to remove the exchange attributes and reconnect the mailbox after running the cleanup agent in exchange, or create a new mailbox if there was no mailbox for the user in exchange server.

3.   Email address is stamped automatically by recipient update service (RUS) a component of exchange server and hence one should not add the email address manually.

4.   When configuring alert, check if the users email address is listed in the people picker. In this case the email address was not displayed; however the email address was stamped automatically by exchange. ( The affected user's email address was not

5.   displayed, but the user who was receiving alerts success had email address displayed in the people picker)

6.   Tried sending a test email from telnet to the affected user and it got delivered successfully which meant that the exchange was working fine.

Resolution:

1.   Went to Central Admin -> SSP -> User profiles and properties -> Configure profile import: The default access account was not specified.

2.   Hence gave the enterprise administrator and the password as the default access account.

3.   Then Selected Start Full import under SSP -> User profiles and properties.

4.   We were then able to see all the users with their email address in View user profiles.

5.   Then went to the SSP->Search Settings -> Content sources and Crawl schedules.

6.   Performed a Full crawl which completed successfully.

7.   We then selected the people picker and found that the all the users were displayed with their email address along with the affected user.

8.   We were then able to set the alert for that user successfully without getting any errors.

If you have any queries/questions regarding above mentioned information then please let me know, Thank you.

Applies to: SharePoint Server 2007-SP2

Server based Search- Exact match and Prefix match in Lync Server 2010

Server based Search- Exact match and Prefix match in Lync Server 2010

Guys,

We are using Lync Serer 2010 since long however you know how the server based search is work? Here are few scenarios; basically Server-based search usage can be configured by using the in-band provisioning setting, AbsUsage.

This in-band provisioning setting having three possible values:

1.    WebSearchAndFileDownload. IP phones (for example, Polycom CX700 IP desk phone) use server-based search, and Lync 2010 clients use GAL download. This is the default.

The Lync desktop client defaults to GAL download for the following reasons:

·       There may be temporary outages for the Address Book Service depending on the server maintenance schedule. When the Address Book Server is unavailable, all prefix and exact match searches fail.

·       Server-based search does not work in branch office resiliency mode.

2.    WebSearchOnly. Both IP phones and Lync 2010 clients use Server-based search.

3.    FileDownloadOnly. Both IP phones and Lync 2010 clients use GAL download.

Server-based search can be used for both exact and prefix searches. The exact and prefix match searches are different, and the various scenarios when the Lync client would perform an exact match search versus prefix match search.

The Lync client sends a SOAP query through HTTPs to the user’s Front End pool. Search results are returned in an XML format.

Exact Match Search

Exact match search is performed by the Lync client whenever it needs GAL contact data for a specific contact. In an exact match query, the Lync client requests the GAL contact data by using a SIP URL or email address. Passing a SIP URL or email address in the request ensures the GAL contact data returned is unique because the SIP URI and email address are both unique contact identifiers.

Prefix Match Search

Prefix search is invoked when a user initiates a search from the following:

·       The main UI search box.

·       The People picker dialog box (that can be opened, for instance, from the Conversation Window, the call forwarding dialog box, or call transfer).

When a prefix search is performed, the client sends a SOAP query with the search term and number of search results to be returned by the Address Book Service. Lync client shows the top 50 results whereas IP phones and Lync mobile clients show the top 20 results.

Thank you.

SharePoint 2010 - Download and Install Prerequisites for Offline Setup

1. Microsoft SQL Server 2008 Native Client – sqlncli.msi – 7.69MB
2. Hotfix for Microsoft Windows (KB976462) – Windows6.1-KB976462-v2-x64.msu – 4.13MB
3. Windows Identity Foundation (KB974405) – Windows6.1-KB974405-x64.msu – 1.47MB
4. Microsoft Sync Framework Runtime v1.0 (x64) – Synchronization.msi – 2.59MB
5. Microsoft Chart Controls for Microsoft .NET Framework 3.5 – MSChart.exe – 1.76MB
6. Microsoft SQL Server 2008 Analysis Services ADOMD.NET – SQLSERVER2008_ASADOMD10.msi = 6.76MB
7. Microsoft Server Speech Platform Runtime (x64) – SpeechPlatformRuntime.msi – 2.81MB
8. Microsoft Server Speech Recognition Language – TELE(en-US) – MSSpeech_SR_en-US_TELE.msi – 23.4MB
9. SQL 2008 R2 Reporting Services SharePoint 2010 Add-in – rsSharePoint.msi – 36.9MB

Enabling and Using Developer Dashboard - Sharepoint 2010

Today I was working with one Client who was having some issues with performance . In Sharepoint 2010 . I found a Out of box Feature which helps in monitoring the performance of the site Developer Dashboard.

The Developer Dashboard is an instrumentation framework introduced in Microsoft SharePoint Foundation 2010. Similar in concept to ASP.NET page tracing, it provides diagnostic information that can help a developer or system administrator troubleshoot problems with page components that would otherwise be very difficult to isolate.

For example, a developer can easily introduce extra SPSite or SPWeb objects into his or her code unknowingly or add extraneous SQL Server queries.

In the past, the only way to debug performance problems caused by the extra overhead of these instances in code would be to attach a debugger to the code and monitor SQL Server Profiler traces. With the Developer Dashboard, a developer can identify this type of problem, either programmatically by using the object model or visually by looking at page output.

Although performance issues and resource usage information is available in the Unified Logging Service (ULS) logs, interpreting the raw data can be very time consuming. With the Developer Dashboard, all the related information is correlated, which makes identifying these types of issues much easier.

How to enable Developer Dashboard and how to use this?

Enable / Disable over stsadm:

stsadm -o getproperty -pn developer-dashboard

stsadm –o setproperty –pn developer-dashboard –pv “On”

Enable / Disable over powershell

Turn On: for onDemain Mode
$service = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
$addsetting =$service.DeveloperDashboardSettings
$addsetting.DisplayLevel = [Microsoft.SharePoint.Administration.SPDeveloperDashboardLevel]::OnDemand
$addsetting.Update()

Turn On
$service = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
$addsetting =$service.DeveloperDashboardSettings
$addsetting.DisplayLevel = [Microsoft.SharePoint.Administration.SPDeveloperDashboardLevel]::On
$addsetting.Update()

Turn Off
$service = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
$addsetting =$service.DeveloperDashboardSettings
$addsetting.DisplayLevel = [Microsoft.SharePoint.Administration.SPDeveloperDashboardLevel]::Off
$addsetting.Update() 

On – Displays the output all the time at the end of the page content
Off – Switch off Developer Dashboard and nothing is rendered
OnDemand – Displays a DeveloperDashboard icon to make dashboard output visible if needed.

In ON Demand - you will see a icon on the top right hand side corner of the site . as Shown below .

also you will see the following details when you click on the icon .

How to use the Developer Dashboard?
Developer dashboard is designed to find performance bottleneck during the page load.
To get an overview about the whole page load performance take a look in the upper right side  on category “web server”. On my test environment the total time of page rendering  is 3801.71 milli seconds.

At the left side you will see the ASP.NET rendering process of all involved controls with their time to render. Here is makes sense to focus only on long running controls.

In this case the longest operation is GetWebPartPageContent (1815.92 ms)

Because sharepoint controls will request data from database, the developer dashboard lists also corresponding sql requests with their execution time.

If you click on the sql command than a popup windows display more details. The long running sql request on my test environment is “Declare @…”

During this request i see the complete SQL query and the corresponding call stack to identify the correct control. Additionally at the end we see the IO Stats in case of a slow running SQL server based on too many IO-operations. 

One additional category exist for webparts to identify the slow running ones. In this case the ListView-Webaprt of the “Shared Document Library” is the slowest one.


Hope This Post helps administrators on resolving Performance issues .



Reference sites- http://msdn.microsoft.com/en-us/library/ff512745(v=office.14).aspx

http://blogs.technet.com/b/patrick_heyde/archive/2009/11/16/sharepoint-2010-enable-using-developer-dashboard.aspx