Hacking Sharepoint

Look & Feel Configuration


The Look and Feel of SharePoint can be changed by modifying the assorted .master files that can be found in the “C:/Program Files/Common Files/Microsoft Shared/web server extensions” directories. The two main master files are application.master and default.master.

The application.master file controls the look of application pages, these pages are common to all sites and libraries, the main example is the one found by clicking “View All Site Content” in the left menu.

The default.master file controls the look of all of the other content pages that a site uses. The main file on disk is copied into each site when it is created, this allows each site to have it’s own look and feel. However, this also means that if the default.master file is changed it needs to be updated on every site. The simplest way to sync all of the default.master files is to use the Microsoft Office SharePoint Designer (formerly FrontPage), in this product when you find the default.master file in a site you can revert to the main default.master rather than the site’s current version.

The styling for the SharePoint site can be found in the Dropbox. This zip file contains the modified application.master, default.master, and KU images and style folder. The folder can be copied into the Images directory at:

Program Files/Common Files/Microsoft Shared/web server extensions/12/TEMPLATE/IMAGES

The application.master can be copied into the Layouts directory at:

Program Files/Common Files/Microsoft Shared/web server extensions/12/TEMPLATE/LAYOUTS

The default.master file can be copied into the Global directory at:

Program Files/Common Files/Microsoft Shared/web server extensions/12/TEMPLATE/GLOBAL

Once these files and folders are in place all new sites created will utilize the KU styling included.

Broken Microsoft-ism


When applying a SSL key to a given SharePoint site you must fix all of the .css files used by the site themes to not refer to:

background-image:url(“http://localhost:2415/topnavhover_simple.gif”)

Otherwise, IE will complain about unsecured content each time a page is loaded.

Simply remove the http://localhost:2415 as these files are never actually served to the clients. Yes you read that right, the site wide CSS style sheets tell the Enterprise SharePoint Product to refer to files on the clients computer.

Also, you will need to apply the “updated” theme to each site in the entire SharePoint install to make all of the errors go away.

This content was proudly stolen from Nick, I removed the rants from the Unix guy against Microsoft. Keep in mind we wouldn’t have this information if it wasn’t for his wonderful tweaky adherences to standards!

Splitting a single Sharepoint site

Disclaimer


This is the method we chose, this is by no means the best method nor is it the only method but quite simply the method we chose.

Our Scenario


We deployed SharePoint to initially fix a glitch. We had several departments within the School and across campus that continually needed access to a file share on the server. This worked for some time but then they wanted to be able to do more with it, access it over the web, collaborate on documents. This seemed a task for which SharePoint was ideally suited.

We performed a basic single server deployment and from there proceeded to delve into a level of SharePoint hackery that no-one should ever undertake. If you would like details you can find them in this article. over the span of a year we saw significant growth in the user of SharePoint, albeit mostly in a file-serving capacity but that was expected.

We are in a position now where we need clean everything up. Initially we shot ourselves in the foot by providing extraordinarily tweaky sets of permissions and it has become increasingly difficult to prevent users from accessing data they shouldn’t. Our solution is to try and get back to the three roles in SharePoint, Owner, Member and Visitor. Additionally we wanted to have more flexibility in terms of storage for the databases.

Pre-requirements


Make sure that both the new SharePoint server and it’s SQL server backend are configured properly, see article for details on how to do this.

Alert staff that the intranet may be down for several hours to several days depending on the size of your content and your personal level of tweakiness.

Prevent users from inadvertently accessing the SharePoint site, several ideas come to mind the easiest may be to just unplug the server from the network during the backup. Once the backup is complete disable the IIS service and copy the backup file wherever it needs to go.

Backup Existing Site


Farm Administrator Account

I have had a lot of success using stsadm to perform this type of migration. There may be other ways that are better, but this route seems to work best for me. Logon to the existing SharePoint server and open the console. You will need to use the stsadm utility, if it’s not in your path it can be found by searching under C:Program FilesCommon Files.

In order for the backup to successfully complete you will need to know that URL for your site, if you are unsure you should check in the SharePoint Central Administration site. For this example the name of the site is https://sharepoint.company.com. So you would type the following at the command line:

    stsadm -o backup -url https://sharepoint.company.com -filename SharePointSite.bak
    * Depending on the size of the content it may take quite a while for the backup to be complete.

Create Upload Site


Farm Administrator Account

On the new SharePoint server you will want to create a new site that is blank that has unique permissions for only your user account. Additionally you may want to prevent from showing up in any of the normal navigational links on the site. This will be your work area, call it whatever you want it will be completely deleted when we’re done.

Restore Site


Farm Administrator Account

The restore can be done over an smb share if you like, or by copying the previously created backup file onto the new server. Depending on your network it may be a good idea to copy the file to the new server and run from there. There will be a performance impact on the SQL server if you have a significant amount of data, so if other services use the same SQL server you may want to find a time when this will be less of an impact.

Logon on to the new SharePoint server and open a command shell, we will use stsadm to perform a restore of the existing content into a blank site. Assuming you are using https://intranet.company.com for the new site and created a blank site called temp you would enter the following at the command line:

    stsadm -o restore -url https://intranet.company.com/temp -filename SharePointSite.bak -overwrite
    * Depending on the size of the content it may take quite a while for the restore to be complete.

Once the restore is complete you will have your existing site living under your new work area on the server. This site’s content should no be living on the SQL server.

Splitting the Sites


Site Owner Account
Farm Administrator Account

This process will be repeated for each site you wish to create. Basically you delete all the sites but the one you want to keep. Then you backup the newly created site to a file, delete the entire site in SharePoint and start all over from the Restore site heading.

Restore Sites


Farm Administrator Account
Site Owner Account

The end result of the previous steps leaves you with individual backups of the sites you want to separate into their own databases. Using your Farm Administrator Account you will create a new site. In the SharePoint Central Administration site, you will need to set the minimum and maximum number of sites under the Content Databases page. In our arrangement there will be one “Portal” site. This will basically have a list of all the sub sites hosted on the server.

For each site behind the Portal site you will need to create a Content Database using the SharePoint Central Administration site. These databases will be stored on the SQL server which provides us the the flexibility we need if a site’s content grows larger than the server’s disk space. This also allows us to create a separate backup for each site and the ability restore one site without affecting any of the other sites on the server.

Once the databases are created you will need to perform a restore of that sites backup file to its new home on the SharePoint server.

    stsadm -o restore -url https://intranet.company.com/sites/HRDept -filename HRDeptSharePoint.bak -overwrite

You will perform the Content Database creation and restore operation for each site you will be hosting on the server. Each of these sites will be given the default permission of the Site Owner Account being set as the only user.

Defining Site Permissions


In our environment we have created departmental security groups which we can use in each site’s Member’s role. Usually this is an adequate setting, but using this structure we can define in the Visitor’s role other department’s or individual’s who need read access to that particular site.

This arrangement now allows us to define groups and sites when special requests are needed to allow cross-departmental collaboration or read-only sites.

iSCSI Solutions

iSCSI provides a cost-effective, unified method for accessing storage from various vendors. My example is an old free-standing Compaq Drive array and a rack mounted Dell Drive array. Both of these attach to the head server via regular SCSI. Keep in mind that the local connections to the data doesn’t matter, they could be external SAS enclosures or SATA drives, the “SCSI” part of iSCSI is an over the network thing and not a local requirement thing.

Ideally Microsoft would provide this software as a purchased product or an add-on but sadly it is only available via OEM channels, which usually means it’s bundled in an iSCSI solution. Don’t get me wrong there are several very nice iSCSI solutions from all the big vendors. But if cost is important to you then the cheaper you can get it, the better.

There are two methods that I’ll cover the first is a Windows solution using freely available iSCSI Target software from MySAN, and the other is a Linux solution using  completely free software available from anywhere. For my purposes I’ll be covering Ubuntu 8.04 LTS.

I will provide links to all the software that I mention in the links section below.

Nimbus


From the Nimbus website.

    Nimbus Data Systems, Inc. develops Unified Storage systems and software that dramatically simplify storage management, lower operating costs, and improve IT availability. Nimbus Unified Storage is the premier storage infrastructure for server and desktop virtualization, rich content, cloud computing, storage consolidation, and high-performance computing. To date, over 15,000 companies in 28 countries have implemented Nimbus technology.

In 2006 Nimbus released free iSCSI target software for use in Microsoft Windows.

    San Francisco, CA, August 14, 2006 – Nimbus Data Systems today announced MySAN™, the first and only free iSCSI target software for Microsoft Windows. With MySAN, anyone can create an IP SAN in seconds using their existing server and storage hardware. MySAN works by turning any Windows partition (such as a hard drive, internal RAID array, external storage system, or even Fiber Channel storage) into an iSCSI target. This storage can then be assigned to any computer on an Ethernet network using iSCSI, giving users a vendor-neutral IP SAN instantly.

Windows Solution


The first thing you will need to do is perform a basic Windows installation onto your computer. The server I am using is an EOL Dell PowerEdge 1750. The machine that you decide to perform this installation on must have at least two network cards. There is nothing fancy you need to worry about for the installation but the MySAN software required Windows Server 2003 SP1 and .net 2.

I had no success getting this software to install on a Windows 2003 R2 Server with SP2 and .net 2 installed. If you have access to the software like AdminStudio you could potentially modify the InstallShield installer to not perform this check as I’m pretty certain it doesn’t matter.

The following list is a set of steps you can follow to successfully install the pre-req’s for the MySAN software:

  • Install Windows Server 2003 *
  • Install Windows Installer 3.0 *
  • Install .net 2.0 Redist
  • Install Windows Server 2003 SP1 *

* Reboot required

Obtain the MySAN software from the vendor as well as the license key. The registration is free and provides access to a portal that provides links to both the software and key.

  • Install Nimbus MySAN

Linux Solution


The process in Linux is significantly less complicated, any Linux distro can do this just how you obtain the iSCSITarget software will differ based on your preference. For this I’m using Ubuntu 8.04 LTS Server edition so the steps will work perfectly well on any of the Ubuntu versions supported.

The first thing you will need to do is configure a basic server install for Ubuntu, there is no special requirements for either hardware or software. The lone exception is once the install is complete you will need to perform an update and then install the iSCSITarget software. Perform the following tasks after the intial installation is complete:

  • sudo apt-get updates
  • sudo apt-get upgrade
  • sudo apt-get install iscsitarget

Installation is complete at this point and all that is left is configuring the target, you can use either a loopback file or actual media. The benefit of using a file is the ability to run a cron job that would run once a day that would check the utulization of the file and expand as needed.

Configuring the Linux iSCSITarget


There is only one file that needs to be modified on the server, /etc/ietf.conf. This file contains the settings for the iSCSI target software and there are a few things that you define here. You will need to set the target name and the path for the disk you are sharing out.

You will want to decide if you want to share the entire filesystem or if you want to share out a file. To the client it doesn’t matter, they see a drive with however much space you define. If you decide to share out an entire filesystem like /dev/sdb modify the /etc/ietf.conf file:

LUN 0 Path=/dev/sdb, Type=fileio

If you decide to share out a file, you will need to create the file first using dd, then export the path to the actual file:

dd if=/dev/zero of=templun3 count=0 obs=1 seek=200G

You can then edit your /etc/ietf.conf file:

LUN 3 Path=/path/to/file/templun3, Type=fileio

MySAN Target Configuration


Once the software has been installed you will need to configure it. On the General tab you may need to click refresh to see your network card, otherwise select the network card you wish to use. Under the targets tab you will need to define which drives you want to make available, if no drives appear you may need to add them through Disk Management.

Create a partition using Disk Management, define a drive letter for your storage and format it. MySAN does not support mounting a drive into a folder. Once the drive has been formatted open the Nimbus MySAN application and click the Refresh button. Next you will need to define the target name for the disk, select the disk and click Add, a dialog appears asking for a target name. This will be the name that your clients will see when you configure the iSCSI initiator, I chose “iscsi.san” for my target name.

Once you have defined your network settings, drive settings and provided a name for the drive you wish to share out, the On button should light up on the General tab. Select On and click Ok, this will start the Nimbus MySAN service and make the disk available on the network.

iSCSI Initiator Configuration


I will cover the Windows iSCSI initiator as there may be differences between the various implementations but the main things are covered. You will need to provide the MySAN software with the name of the client’s iSCSI initiator. In Windows this can be found in the Control Panel and the iSCSI Initiator applet.

* If you do not see the iSCSI Initiator you can download it from Microsoft for free and install it, no reboot is required.

Open the iSCSI Initiator on the client, the node name is displayed on the General tab. You may need to change the default name generated at install as it may not work with MySAN. I changed mine to iscsi.client, you will need to provide this name to the MySAN software on your server.

On the server under the Hosts tab of MySAN click Add and provide the name of your client. Click on the Targets tab, select the drive you wish to make available to this client and in the Host with Access dropdown select your client and click Ok.

Back on the client open the iSCSI Initiator, click the Discovery tab, enter the IP or DNS of your server and click Ok. On the Targets tab select the newly listed target and click Logon, the status will switch from inactive to Connected. You can optionally decide if you want the multi-pathing, and to automatically restore the connection on boot.

You may need to open Disk Management on the client and import the newly created disk and format it. After that is done the drive is completely usable.

Links


Windows Server 2003 Trial (http://technet.microsoft.com/en-us/windowsserver/bb430831.aspx)

Windows Installer 3.0 (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5fbc5470-b259-4733-a914-a956122e08e8)

.NET Framework 2.0 Redist (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5)

Windows Server 2003 SP1 (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=22cfc239-337c-4d81-8354-72593b1c1f43)

Microsoft iSCSI Software Initiator (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=12cb3c1a-15d6-4585-b385-befd1319f825)

MySAN Free Registration Site (http://www.nimbusdata.com/skyline/index.php)

Ubuntu 8.04 LTS (http://www.ubuntu.com/getubuntu/downloading?release=server-lts)

AdminStudio Professional (http://www.acresso.com/downloads/downloads_4886.htm)

iSCSI Defined (http://en.wikipedia.org/wiki/ISCSI)

iSCSI at Microsoft (http://www.microsoft.com/windowsserver2003/technologies/storage/iscsi/default.mspx)

Nimbus MySAN Press Release (

http://www.echannelline.com/usa/story.cfm?item=21125

)

Configure simple Sharepoint farm

Requirements:

Windows Setup

Install Windows Server in a default configuration for both servers, install the latest service pack and all updates. The SharePoint server should also have the Application Server Role and SMTP.

Active Directory Configuration

Setting up SharePoint in a farm is slightly more complex than a stand-alone installation. For a simple farm like the one we’re setting up a handful of accounts need to be created in advance. These accounts provide the needed functionality for SharePoint as well as provide required security that most administrators want.

The following accounts should be created as regular domain users with complex passwords:

  • Setup Account: This will be the SharePoint local admin and used during installation

    • This account needs to have a login on the SQL instance

  • Farm Account: This is the Database Access Account used to connect to SQL

    • This account needs to have the following roles on the SQL instance hosting SharePoint

      • dbCreator
      • SecurityAdmin

  • Index Account: This is used by the indexing service on SharePoint
  • Content Account: This account is used by the indexing service to search the content

SQL Server Setup

Install SQL onto the server that will become your SQL Server. My preference is to create a named instance for each app that will be connecting to a database, otherwise use the default instance. Make sure that you have set the proper collation during SQL setup. Stop all services for your newly create SQL instance before the service pack install to avoid a reboot. Apply the most recent SQL Server service pack from the Microsoft Download site. Then restart the services related to your SQL instance.

SharePoint Setup

Logon to your SharePoint server with the Setup Account you created, you may need to add it to the local Administrator group first. You may also want to add the user accounts from the domain that will be your Farm Administrators to the local Administrators group if they are not Domain Admins.

Download the appropriate build of SharePoint for our preferred architecture. Run the SharePoint.exe from your download location and choose the Advanced option. After setup is complete you may want to download any updates there may be to your computer using Microsoft Update.

Run the configuration wizard to finish the SharePoint configuration. The Database server will be the name of your SQL server, then a backslash, then the name of your SQL instance, if you created one. The Database name you can leave at the default or change it to something more meaningful. The Database access account is the Farm account you created earlier. This account should also have the dbCreator and SecurityAdmin roles on the instance or the wizard will fail.

You can specify an alternate port number for the Central Administration website, I would recommend you do this otherwise you may forget the random one. For authentication you can leave the default, which is NTLM or you can choose Kerberos. If choosing Kerberos you will need to configure your SPN properly.

The advanced button on the last page of the wizard gives you the option of allowing SharePoint to create users in your domain. I’m not sure what your stance may be on this, but in production that may not be a good idea. Please consult with either your Domain Administrator or Security Administrator if you have questions.

Once everything is defined the installation should progress normally. If things are working properly the final configuration will take a while to complete. If there is a problem logs are stored in the web server extensions folder in Common Files on the drive where SharePoint was installed.

Central Administration Site Configuration

Some things will need to be configured after the setup and configuration wizard complete. You will need to add the user accounts of the SharePoint administrators to the Farm Administrators group. This can be done under the Operations tab. You will need to configure the Search service with the user accounts you defined for Indexing and Content, this can also be done under Operations. Finally you will need to create your initial site, this is done under the Application Management tab. After you have the Administration site and the initial site created you may want to define more friendly names to them, this is done using the Alternate Mappings on the Operations tab.

Site Collections

In order for each site you create to be hosted on a separate content database, you will first need to limit the number of sites that can be created on the initial or portal site. This is done in Application Management, using the Content Databases tool. The value you want to change is the Maximum Number of Sites. This number needs to be larger than the Site Level Warning which can be set to zero.

Once you have defined these values then you will simply add new content databases for each of your sub sites. Each site is accessed through a special URL that is displayed after your default url. The default path is /site/ and you can have as many of these as you want to help define what each site collection contains. Like departmental sites, research sites, organizational sites the list can be as long as you need.

SharePoint Upgrade

Current Situation:

The SharePoint server which host’s the School of Engineering’s (SOE) intranet has exceeded the Microsoft recommended size for a single server hosting content. The recommendation is that if your data exceeds 5GB that you should move to hosting that content on a SQL server.

Proposed Solution:

Create a new server to host the front end for the SOE intranet and have the data hosted on an existing SQL server.

Impact Statement:

Several things will change as a result of this problem. Currently each tab on SharePoint represents a departmental site and is logically separated from other sites. In order to host the data on SQL these tabs will be separated into individual site collections. A site collection represents a database object on a SQL server.

The main intranet site will become in effect a “portal” to other sites hosted on the server. This change will provide greater flexibility for future growth. We have seen an increase in requests for SharePoint sites and this can now be supported. The intranet will be broken down into categories and each category will be represented by a tab on the main page.

Categories:

  • Research Projects
  • Student Projects
  • Educational Departments
  • SOE Departments

These categories will become the top navigation bar on the main site and each tab will contain a list of site links below it. Each link is a separate site collection on the SQL server as well as a separate site on SharePoint. Access to these sites will be based on group membership, but everyone will see all site links on the main Engineering portal.

Additionally this change will allow us to provision sites for specific security needs if needed. For example, currently it is very difficult to allow three people the ability to change a document, but only four people the ability to read it. With the new structure in place, a Document Workspace site can be created for a given project and the three people who need to change something would become that sites Members, while the four people who need read access would become that sites Visitors. There is no limit within the foreseeable future on the number of these sites as we can expand the SQL server to store data on the SOE’s Storage Area Network (SAN).

SharepointAccessibility