Archive for Configuration

Fine Grained Permissions in 2013

Stu / October 31, 2014 / No comments

Setting item level permissions was straight forward in SharePoint 2010, you selected the items you wanted to break inheritance on and selected the Permissions item. When moving to SharePoint 2013 and trying to do the same thing, to a lot of users this functionality appears to no longer exist. Worry not!

To set item level permissions for an item (or multiple items) select the candidate items and switch to the Items tab in the ribbon.

Shared With

Notice the ribbon item called Shared With. This is what replaces the Permissions item from 2010. Click it and a list of users that the item is shared with loads.
Read more

Category: Configuration, Security, SharePoint / Tags: ,

Automate Metadata Property Creation

Stu / December 1, 2013 / No comments

Looking for an easy way of ensuring newly created site columns have a metadata property in the default search service application?

Luckily, there’s a setting for this, although it isn’t that easy to find, unless you know it’s there.

Before showing you how to enable this, it’s important to point out a couple of important requirements for this to work.

  • The site column you want a metadata property automatically created for must be used by an item\document and contain data in at least one instance. Failing to do this will mean the SharePoint indexer will not pick up the new column or add it to the crawled property list for the Search application.
  • The column must not have a crawled property defined for it, I’ll show you where you can check this next.

In your Central Administration site, navigate to the search service application’s management page.
Read more

Category: Configuration, SharePoint / Tags: , ,

Loopback Check and 401.1 Error

Stu / October 30, 2013 / No comments

SharePoint Short #18

If you’re developing a web service for SharePoint, or trying to access one of the SharePoint web services, through server code and get a 401.1 Unauthorized exception, it’s worth checking if the status of the loopback check, especially if you’re using a host name for the site.

Since Windows 2003 (SP1) a loopback security check was added. The purpose of this check is to prevent access to the web application if there is an attempt to access it from the same server hosting the site, using a fully qualified domain name or host name.

If you’re getting this exception on a dev\test environment, the simplest solution is to disable the loopback check. Do this by opening the registry editor and navigate to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

From there, right click the LSA folder and add a new DWORD value called DisableLoopbackCheck. Set the value to 1 and then reboot the server. Do this for all Web Front Ends in the farm.

If, on the other hand, this is happening on a production environment, do not disable the loopback check as this will remove a security check that may compromise your environment. Instead, add the host names that should bypass this check by adding another key to the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

Right click the MSV1_0 folder and add a new Multi-String value called BackConnectionHostNames. Set the value to the host name you want to exclude. If there are more than one, add them on separate lines and do not include the protocol, just the host name. Reboot the server and apply this to all Web Front Ends in the farm.

For the last configuration, you could define a group policy to apply this across multiple servers, but I’ll leave that for another day!

Category: Configuration, SharePoint Shorts / Tags:

LDAP Role Provider Argument Exception

Stu / September 11, 2013 / No comments

If you’re seeing the following error in the ULS logs, hopefully it’ll be as simple a fix for you as it was for me:

LdapRoleProvider.GetRolesFor() exception: {0}.System.ArgumentException: The (&(((ObjectClass=group))(member=CN=Some User,CN=Users,DC=domain,DC=local)) search filter is invalid.

at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()

at Microsoft.Office.Server.Security.LdapRoleProvider.GetRolesFor(String userOrGroupDN, DirectoryEntry groupContainer, LdapDistinguishedNameManager ldapDnManager, List`1& userRoles)

To resolve this error, all that’s required is to updated the Group and User filter values for the role provider in the forms web application and the security token’s web configuration files.

The role provider settings I had looked something like:

<roleManager>
  <providers>
    <add name="SPRoleManager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="domain.local" port="389" useSSL="false" groupContainer="CN=users,DC=domain,DC=local" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="((ObjectClass=group)" userFilter="((ObjectClass=person)" scope="Subtree" />
  </providers>
</roleManager>

Notice the values for groupFilter and userFilter((ObjectClass=person).

This is correct for the Central Administration web configuration. For the forms web application and security token’s configuration this should be updated to (&amp;(ObjectClass=person)).

Perform an IIS reset and next time you log in the exception in the ULS log should be resolved.

Category: Configuration, SharePoint / Tags: , ,

User Profile Sync

Stu / July 10, 2013 / 2 comments

Sometimes, when trying to create an alert in SharePoint you receive the following error message:

You do not have an e-mail address.
Alert has been created successfully but you will not receive notifications until valid e-mail or mobile address has been provided in your profile

The obvious things to check here are the outgoing mail server settings in Central Administration.

It may be the case that you recently added an email address to the account in question, or after receiving the above error added an email address to the user’s profile in Central Administration.
Read more

Category: Configuration, SharePoint / Tags: , ,
« Older Entries  
Follow

Get every new post delivered to your Inbox

Join other followers: