Ever wanted item level security in SharePoint without the headaches? It’s easier than you might think.
Business Goal: Provide a personalized dashboard where application owners can confirm they still need the system access they have. This access review should be quick and easy, so limiting the display to only records they need would be great.
Technical Design: SharePoint custom list with a multi-person column (“team”) and view filter [Me] to display only your records. The multi-person column can hold any user in the User Information List of your site collection. If you don’t see someone’s name here you will need to first grant them permissions (i.e. Contributor) and then come back to edit. The permission grant will register their name into the site collection so you will see it in the drop down menu. Despite having multiple values the =[Me] filter works perfectly to match only records where the visitor’s name is listed. You can also use DataSheet edit mode here to fill down (or copy/paste) and update many records quickly. Generally on a project like this many records will have a common “team” of people to review.
Action Steps
Create custom list with your columns plus a multi-person column “team”
Grant site permissions
Populate the list. For “team” select people who will see/edit their own records.
Modify the default view, add filter “team=[Me]‘”
Test with a few pilot users
Send one email with the link and everyone will see a personalized list when they visit.
NOTE: “security through obscurity” is not a best practice for highly sensitive or confidential data. If the data has a firm require to not be viewed by a third party you’ll want to implement SharePoint’s true item level security feature. http://www.codeplex.com/SPDActivities has a great action step for granting security that can help automate to create a sustainable and reliable security enforcement. (thanks to @unclepaul84)
Video Walkthrough (03:39)
How to build the sample list in full step-by-step video with a demo of the final working product.
In a large environment admins often see mess leftover from previous upgrades. Recently I looked at a system that had many sites upgraded from SharePoint Portal Server 2003. They still had the old top menu, any had were using broken CSS themes that made for ugly looking homepages.
USE[SITE_sharepoint_054]
SELECT‘http://sharepoint/’+ Webs.FullUrl
FROMNavNodes
INNERJOINWebs ON NavNodes.WebId = Webs.Id
WHERE(NavNodes.Name =‘Create’)
The above TSQL query can be run directly from SQL Management Studio against your content databases to locate any sites that have the “Create” navigation node. The Microsoft.SharePoint.Navigation.SPNavigationNode class provides our hook to go find SPS 2003 sites across the environment.
From there you can reset the navigation and remove these nodes to give a cleaner for streamlined appearance.
The “Site Settings \ Reset to site definition” feature can then be used to reset ASPX pages to out-of-the-box look and feel. Lastly, I think it’s a good idea to apply a new theme. Often unghosted (customized) ASPX pages also have a FrontPage 2003 theme applied. Choosing a new theme overwrites those references with new clean CSS that looks much better.
Recently I needed to get the current user and their manager’s Active Directory profile to auto-populate a form. Itay Shakury wrote a great blog post titled Get the current user without writing code that covers the first need (current user) by reading UserProfileService.asmx. But I needed more.
The strategy was to use 2 data connections and query the 2nd with the manager user ID from the first. At that point you can map any document text field to be ready only and get the default value from one of these data connections.
The Microsoft Management Console has been around for years, since Windows NT 3.5 I believe, and it is a great tool. Recently I helped create a custom .MSC file to watch SharePoint’s “heartbeat” in real-time and had a lot of fun with the results so I’ll share them here.
Give it a name (i.e. “Current Web Connections”) and click “Finish”
Feel free to repeat #3 to #6 to add multiple nodes to the tree. This way you can monitor more than one metric across the farm. With the left hand tree complete you are now ready.
Customize each node with:
Perfmon counters
Servers
Colors
Chart scale
Simply right click in the blank space, choose “Add Counter”, and follow the steps you would just like in Perfmon.exe I personally like to add the same counter for each server in my farm so that on one chart I can see, for example, all of the CPU usage on all machines.
Once you’re pleased with the look and feel click “File \ Save As” and give a filename for the .MSC
You can now open multiple instances (windows) and tile them across the screen to have a real-time view of SharePoint’s “heartbeat” across all the web front ends in your farm.
Why do I need this?
Establish a performance baseline (what is normal CPU? during the work day? at night during scheduled jobs?)
Troubleshoot a broken server (easily see differences)
Become more familiar with the impact of a topology design (slow crawls = 100% CPU?)
In working with InfoPath Forms Services in MOSS 2007 I found that the web based form experience is great. And I like InfoPath but even I don’t want a logo bumper sticker to stare at all day.
By editing “ifsmain.css” on the SharePoint web front end’s 12 hive you can override the system styling to hide this element. The IE developer toolbar helped me find the CSS class (ToolbarBranding) to add the “display:none” attribute. Screen shot below.
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\INC\ifsmain.css
On a SharePoint site’s hidden Workflow History list you might stumble across some strange numbers. The Event Type is used to store a numeric value and below I’ve listed what each means in plain English.
Following up on my earlier post about the popularity of VBScript. Again, I love new technology but we sometimes need the older tools to “git r done” today. Please watch the 18 minute screen cast video for a real demo of each script. Also, the download is available right here:
This demo covers my “dashboard” and “grid” script collection.
Explore C$
Free disk
GAC listing
Grid install apps
Grid file version
Grid windows service
Grid SPN
Grid WMI query
HOSTS compare
Kerberos (NTAuthenticationProvider)
Registry get/push
Web.config compare
WMI reboot
The design is simple yet powerful. Drag and drop (noun to verb) from server to script. Examples:
explore c$ on these 5 machines
push this reg key to 6 machines
compare windows services on these 12 machines
show me the Kerberos settings for these 7 machines
I began this family of short and simple VBS scripts back when I first deployed MOSS to production and have built them up over the years. They have completely changed the way I work. No more slow implementation. No more uncertainty about configs. Implement change quickly, spend your time on the whiteboard, and be 100% sure the configs are consistent across the board … every time.
Please take 5 minutes to watch the below video and glance over the screenshots. Then download the ZIP and build your own RDP files for your servers. If you find this useful or write new scripts please leave a comment or hit me up on Twitter. I’m always looking for ways to improve. Thanks for reading.
I don’t travel nearly as much as many of you but I have two indispensible mini hardware items I bring along each time. These splitters are cheap but handy. I’ve made many friends and networked new business contacts too. Electrical outlets at the airport are notoriously hard to find and disappearing fast. During the recession airlines are looking for every cost cut including yanking power from general consumption to reduce the electrical bill. If I find somebody already plugged in I simply ask if I can add a splitter and I’m now able to find power almost anywhere.
For music the same idea applies but in the give (not take) direction. Somebody I’m having a conversation with that might be stranded and bored. I can offer them music and let them choose the song so we get to talk more about things we like. Anyway, nothing SharePointy but still fun. It seems to work better on the younger iPod generation.
Maybe you’ll find these tips useful and … as always … safe travels!
PS – I wrote this while stuck at Hartsfield (ATL) for weather delays using a shared outlet.
So everybody is talking about PowerShell and that’s great. I love object oriented languages for scripting too. PS is amazing. But what about our old friend VBScript? Our workhorse for the past decade?
Reasons why VBScript can be cool
Great samples. Across the blogosphere we have thousands of articles, snippets, and walkthroughs to pull from. Save time, copy and reuse.
Wide compatibility. Even Server 2003 or Windows XP RTM will be able to run this stuff. No Windows Update, no prep work, no doubts.
Familiar/proven. There are many people that know this tool and how to use it. As we learn new tools we need the old ones for our day jobs.
Quick edits. While true of any scripting language “right click \ edit” is very handy and I generally dislike compiling dot net for admin work.
Editors. Even SharePoint Designer 2007 can read and colorize VBS. With PowerShell 2.0 we now have ISE and I really like it. Using a GUI is required to get the work done quickly and correctly no matter what the language.
After a few years in the server admin business I’ve realized the tools evolve and so do we. But ultimately our creativity and awareness of “fit” between tool and goal are what get things done. So if the shoe fits … pull out an old script, dust it off, and give it new life! A production outage is no time to read a reference book.
I’ll follow up by posting the code of my favorite VBScripts I use today in a real live production MOSS 2007 environment. It gets the job done. Yes, it should be re-written in PowerShell for SP2010 and Server 2008. The “grid” scripts are my favorite and present on a single page configuration across machines for snazzy things like:
File versions
Windows services (state/startup mode)
Keberos NTAuthenticationProvider in IIS 6.0
Applications installed (registry)
Web.config modifications
Lastly, empirical evidence suggests a fondness for this quirky old language via search results.
I came across this WSS error message today while working on incoming email updates and was stuck. The browser clearly showed the list has no inbound email enabled and offered no alternatives on how to enable. My enable failed, the address is taken, and I have no way to remove.
SQL Studio to the rescue!
OK. First of all I know, I know I know. TSQL against the databases even in read only mode is frowned upon. What I am doing here is far beyond supported, not safe, and I am a crazy man. Again, I know this. I had no other options and needed a solution.
DELETE
FROM [SharePoint_Config].[dbo].[EmailEnabledLists]
WHERE [Alias] =‘my_old_alias’
The config database holds a central table the incoming email references to get the site, web, and list GUID for where to place the message. I found my old email alias in here despite the fact the web GUI showed it was disabled. I wrote a select statement and copied the output to notepad in case I needed to INSERT this row back. I then changed “SELECT *” to “DELETE” and killed the one row. Flipping back to IE and clicking OK, it worked perfectly! Never had any issues since and this was weeks ago. Like they say on TV … “don’t try this at home”