After years of helping organizations around the world to deploy and implement SharePoint, Dan Holme has found that there are certain pain points that almost everyone encounters. Some are confusing concepts. Some are unfortunate decisions made based on misunderstanding Microsoft’s UI or documentation. Some are due to unnecessarily complex terminology. And some because there are things we might think that SharePoint should do, but can’t. In this session, Dan will share the most common and problematic scenarios, and their solutions, with the goal of saving you pain, time, and money. Think of this session as “Lessons Learned,” “Best Practices,” or “From the Field” on steroids. Whether you’re new to SharePoint or a seasoned veteran, in this grab-bag session there will be treasures for you!
This session is effectively a “grab bag” of small, hot topics that are underdocumented, over-hyped, or misunderstood by the community. I will vary the content of this session based on the other sessions that are being presented at the event, and based on the current “hot topics” in the SharePoint community.
6. SQL Database Engine service account:
SQL_Service
SQL service ownership account: SQL_Admin
Resources
http://technet.microsoft.com/en-us/library/ms144228.aspx
http://download.microsoft.com/download/8/F/A/8FABACD7-803E-40FC-ADF8355E7D218F4C/SQL_Server_2012_Security_Best_Practice_Whitepaper_Apr2012.docx
SQL Agent service account: SQL_Agent
7. SharePoint Administrator and Setup User
Used by a service admin to perform bit-level
changes
Unique, “generic” SharePoint administrative
account
Not your “normal” user or admin account
12. Web and service application pool accounts
Domain user accounts
Register as managed accounts in the SharePoint farm
Assigned as the application pool identity
Permissions required depend on the web app or service
application
13. My Site web application
SP_MySiteApp
Account for each application pool to isolate access
14. SharePoint Search default content access account
Domain user account
Requires read permission to indexed content
sources
Configure SP_Crawl before creating web apps
Assign Read permission to all other indexed content sources
Create additional content access accounts
15. SharePoint User Profile Synchronization
Domain user account
Requires Replicating Directory Changes
permission on domain
16. Object cache accounts
See http://technet.microsoft.com/en-us/library/ff758656.aspx
Note: this is not the same as BLOB cache or
remote BLOB store. This has to do with versions &
drafts
20. Each farm…
… needs its own “set” of accounts
naming convention
SP_Farm
SP_Farm_Dev
SP_Farm_Test
Why?
21. Account permissions and security settings in
SharePoint 2013
http://technet.microsoft.com/en-us/library/cc678863.aspx
Configure object cache user accounts in
SharePoint Server 2013
http://technet.microsoft.com/en-us/library/ff758656.aspx
24. What is a service account?
The #1 problem with service accounts is….
PASSWORD CHANGES
Service account password is changed
Painful!
Result… Admins set Password never expires
30. SQL alias
SQL Alias
SQLSERVER01.contoso.com
= NYSQL05.contoso.com today
= NYSQLCLUSTER.contoso.com tomorrow
= NYSQLCLUSTER.newcompany.com next year
Configure a SQL alias
CLICONFG.exe on each SharePoint server in the farm
Do not “Fake it out” with a DNS record
Kerberos
Consider “tiers” of aliases to support SQL scaling
Content Databases: SQLSPCONTENT
Search Databases: SQLSPSEARCH
Service Application Databases: SQLSPSERVICES
40. Share sites or documents with external users
Requires full control permission
Share a site
Share a document
Guest links
http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/share-sitesor-documents-with-people-outside-your-organization-HA102894713.aspx
41. Enable or disable external sharing
Read the documentation!
2013 E: http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manageexternal-sharing-for-your-sharepoint-online-environment-HA102849864.aspx
2013 P: http://office.microsoft.com/en-us/office365-sharepoint-online-small-businesshelp/manage-sharing-with-external-users-HA102849862.aspx
2010: http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-a-sitewith-external-users-HA102476183.aspx?CTT=5&origin=HA102849864
Confirm perms assigned in 2013During farm setup: dbcreator and securityadmin fixed server rolesCreating databses: db_owner fixed db role for all SharePoint databasesAdding servers to farm: Given permissions a new server automatically
Discuss the challenges of RTM guidance: what was “guidance” and what was “support”?CONDITIONS APPLYContent databases of up to 4 TB are supported when the following requirements are met:Disk sub-system performance:0.25 IOPs per GB minimum2.00 IOPs per GB recommended for optimal performanceTTFB of 20msArchitecture and tools must support performance expectations, future capacity, backup, restore, high availability, disaster recoveryDiscussion: Does anyone have more than a terabyte of data in their farm? Does anyone have a database larger than 200GB? Are there any negative performance impacts? Does anyone have 2GB / 1GB / 500MB files stored in SharePoint? How do they perform? How fast is your SharePoint farm growing? If you haven’t deployed SharePoint, how do you know how much storage you’ll need?