Category Archives: Powershell

PowerShell script to disable Limited Access Lock Down mode for all Site Collections

I always like to make use of PowerShell to do stuff. When dealing with a lot of Site Collection, it is advisable to script your task than going through UI one by one to configure.

I have a requirement to take out the Limited Access Lock Down mode introduced in SharePoint 2013. A bit introduction for this feature, this feature actually BLOCK users from browsing a file (via Browser) or check-in/check-out a file (via Office Client such as Word).

limited access user permission lockdown mode

If you activate this lock down mode, SharePoint does not allow browsing of its parent and hence you will receive error when trying to edit a file via Office Client (even if you have contribute permission to the file itself!). If you are only allowing your users (usually external or someone who does not have permission to the entire web or document library) to read the file, you do not need to Deactivate this.

In my environment, its much more complicated where some users are only editable to file from other Sub Site or Site. And Content Owners always assign Individual file for other site’s user to edit. In this case, in order to allow seamless experience, I would need to make sure that this feature is Deactivated at all site collections.

I came out with this PowerShell, Short and Sweet one, to help me. Hope it helps!


Get-SPSite | % {
  Get-SPFeature -Site $_ | ? { $_.DisplayName -eq "ViewFormPagesLockDown"} | Disable-SPFeature -Url $_.Url -Confirm:$false
}

P.S. Run it via SharePoint Management PowerShell. Or else you need to add in “Add-PSSnapIn Microsoft.SharePoint.PowerShell” at the start of this script.

PowerShell script to Open or Close SharePoint Web Parts

If you ever need to make changes to your SharePoint Web Parts such as hiding/showing, this post will help you to cut down unnecessary time.

Run the PowerShell script below via SharePoint Management Shell.

Change the Parameter accordingly base on your environment.


$web = Get-SPWeb [URL]
$f = $web.GetFile("Pages/Default.aspx");

if( $f.CheckOutStatus -eq "None" )
{
  $f.CheckOut();
}
$wpm = $f.GetLimitedWebPartManager("Shared")
$webParts = $wpm.WebParts | ? {$_.GetType().Name -eq "ContentEditorWebPart"} //Change for your own web part type
if($webParts.GetType().Name -eq "Object[]")
{
  $webParts | % {
    #$wpm.CloseWebPart($_);
    $wpm.OpenWebPart($_);
    $wpm.SaveChanges($_);
  }
}
else
{
  #$wpm.CloseWebPart($webParts)
  $wpm.OpenWebPart($webParts)
  $wpm.SaveChanges($webParts)
}

$f.CheckIn("");
$f.Publish("");

The example above will check if the page is check out before making any changes to the web parts. Subsequently, it closes/opens all content editor web parts within it and check in and publish the page. You can additional perform more tasks such as DeleteWebPart or AddWebPart, MoveWebPart or only make changes to only certain type of web part by changing PowerShell rules

 

How to check my CPU Temperature using PowerShell Remotely

Thought it would be helpful to share how to remotely check your Computer temperature especially when you have a computer at home and you want to track if it is HOT. Just in case you don’t want to burn your computer etc etc, for whatsoever reason.

Well. Steps below show you how to do that! Make sure your client machine (the one that you are using) has PowerShell version 2.0 and above (well most of the Windows nowadays has it already). Just do a Search in your program menu and you should see it

  1. First of all, ensure your target computer (the one sitting at home that you want to check) has Firewall Turn off (not recommended). Alternatively, set Exception rules for WMI rules.
    Very briefly, go to “wf.msc” – Windows Firewall of the target computer and enable Inbound Rules for “Windows Management Instrumentation (WMI-In)” – Profile: Domain.
    remotely check cpu temperature - 1
    See detail steps here 
  2. Once firewall is cleared, make sure you have local administrator rights account that can query the CPU temperature in the target computer. (this one is simple) Fire “lusrmgr.msc” in the Run command.
    Check the “Administrators” group and make sure your account is the member.
  3. In order for you to be able to remotely check your computer temperature, you must have connectivity to your target computer. I believe there could have many way you can have connectivity to your target computer. Of what I know, the below three should be enough to fulfill the task
    1. One that I always like to use is Teamviewer. With this, you can easily establish VPN or remotely login to run the script mention in Step 4. (without specifying the -Computer and -Credential).
      Make sure when you install the Teamviewer, you have the VPN Driver installation option ticked.
    2. Allowing RDP to your target computer from public IP. In this option, you need to configure your Home Router to allow port 3389 to hit your target computer. Please go to your router admin page (usually ends of 192.168.0.1 or  192.168.1.1 depending on which is your subnet) and configure port forwarding to your private IP.
      In this way, you will be doing the same steps as option 1 where the only difference is you remotely accessing your home computer and run the script directly onto the target computer. Again, without specifying the -Computer and -Credential parameter in step 4)
    3. Option 3 is kinda most complete one and if you want to learn a little bit deeper for WMI. In this option, you will be granting DCOM port (135) and a fixed port (24158) port forwarding to your remote compute (which is accessible via public IP like what you’ve done in option 2). Refer here for how to fix WMI port.Screen shot example on how I configured the WMI to fixed port. (please pardon the typo)
      configure WMI to fixed port
      At the end of the day, your target computer but be accessible via DCOM port and WMI port from public IP.
  4. Open PowerShell via Administrator rights and run the following PS command

    Get-WmiObject MSAcpi_ThermalZoneTemperature -Namespace “root/wmi” -ComputerName “<IP of your target computer>” -Credential (Get-Credential)

    You will be prompted to specify the credential, use the account that you have administrator rights mentioned in step 2 above.
  5. You should be expecting response like screen below
    remotely check cpu temperature - 3
  6. Look for “CurrentTemperature” and the value is in Celsius

SharePoint Permission Back Up and Restore in PowerShell

Hi SharePoint Admins! I’ve recently worked on a module to enhance SharePoint Backup experience. If you haven’t known SharePoint Native Backup enough, please read this.  SharePoint Native backup supports Backup-SPFarm, Backup-SPSite, Backup-SPFarm, Export-SPWeb.

All these approaches backup the actual content of the file and at times requires the entire Site or List to be restored entirely. If you are using Version History feature, recovering file can be made easier by restoring only the mis-updated files. In additional, the introduction of Recycle Bin since SharePoint 2010 has helped many SharePoint Admins (at least for myself) to recover accidentally deleted files without burning much of your time.

However, there is no Version History for Permission. Whatever permission changes that you have made onto a document, library or site do not keep a backup copy for you to restore in the later time. You can tap on third party product to help you on this, downside is, you have to pay for the service. Some 3rd party products that you can find in the markets are like Lightning Tools and AvePoint . (Personally never tried that but I’m more of a Self Fulfilling kind, where everything can be done by my left hand and my right hand. But please don’t get me wrong, paying more for premier service sometimes can be good as it comes with support and service level assurance)

So much for the introduction, now let’s go into the script!

I uploaded my script to CodePlex – PowerShell to backup/restore SharePoint Webs, Libraries, Folders and Files and inside the source code, you can find two powershell script, namely BackupPermission.ps1 and RestorePermission.ps1.

You would first run the BackupPermission.ps1. This backuppermission.ps1 generates a Permission.xml file that you gonna need it for the RestorePermission.ps1 later.

What this Backuppermission.ps1 does is to loop through your entire SharePoint Farm for Site Collections. Subsequently, for each of the site collection, it back up its Root Web permissions and Sub Web permissions. After backing up the web level permission, it goes to back up all document libraries permission, folder permission within each library and optionally (turn on by default) files permission.

Why do I need to care about backing up the permission? Well, there may have many reasons for that but below are just some for myself…

  1. You screw up the permission and can’t afford to restore the SharePoint Site Collection (cause only Backup-SPFarm was running DAILY)
  2. You do not want to inform the user for backup recovery cause the user will scream at you if the data that you going to restore has been modified by the user.
  3. You do have full confidence to run SharePoint Native Restore-SPSite as you all know, some times it doesn’t Work. Some how.. (MS, no offense on this, well, it does work most of the time but reason 1 superseded this)
  4. You accidentally RESET or Hit the “Delete Unique Permission” button when trying to change a WEB permission. Refer to my previous post on why this will kill your document permission.

 

Here I’m gonna talk about the Permissions.xml that is generated by my BackupPermission.ps1. You can always change the XML to suit your backup needs. Things like Restoring only partial of your Site Collection, restoring only a document library and even up to only a folder or file. By default, if a entity does not contains <RoleAssignments> node, the RestorePermission.ps1 script will bypass updating the permission and it will remains as its current stage (could be Inherting its parent permission or already broken permission. no changes will be done).


<?xml version="1.0" encoding="UTF-8"?>
<SharePoint>
 <Sites>
  <Site>
   <Url>https://mysharepoint.com</Url>
   <RootWeb>
    <Title>SharePoint Portal</Title>
    <Url>https://mysharepoint.com</Url>
    <RoleAssignments>
     <RoleAssignment User="i:0#.w|contoso\appadmin">
      <RoleDefinitionBindings>
       <RoleDefinition Name="Full Control"/>
      </RoleDefinitionBindings>
     </RoleAssignment>
     <RoleAssignment Group="SharePoint Portal Owners">
      <RoleDefinitionBindings>
       <RoleDefinition Name="Full Control"/>
      </RoleDefinitionBindings>
     </RoleAssignment>
     <RoleAssignment Group="SharePoint Portal Visitors">
      <RoleDefinitionBindings>
       <RoleDefinition Name="Read"/>
      </RoleDefinitionBindings>
     </RoleAssignment>
    </RoleAssignments>
    <Lists>
     <List>
      <Title>Documents</Title>
      <RootFolder>
       <Name>Documents</Name>
       <Url>Documents</Url>
       <SubFolders>
        <Folder>
         <Name>Folder A</Name>
         <Url>Documents/Folder A</Url>
         <RoleAssignments>
          <RoleAssignment Group="SharePoint Portal Owners">
           <RoleDefinitionBindings>
            <RoleDefinition Name="Full Control"/>
           </RoleDefinitionBindings>
          </RoleAssignment>
          <RoleAssignment Group="SharePoint Portal Visitors">
           <RoleDefinitionBindings>
            <RoleDefinition Name="Read"/>
           </RoleDefinitionBindings>
          </RoleAssignment>
          <RoleAssignment Group="SharePoint Portal Members">
           <RoleDefinitionBindings>
            <RoleDefinition Name="Contribute"/>
           </RoleDefinitionBindings>
          </RoleAssignment>
         </RoleAssignments>
        </Folder>
        <Folder>
         <Name>Folder B</Name>
         <Url>Documents/Folder A - Copy (8)</Url>
        </Folder>
       </SubFolders>
       <Files>
       </Files>
      </RootFolder>
     </List>
    </Lists>
    <Webs>
    </Webs>
   </RootWeb>
  </Site>
 </Sites>
</SharePoint>

What you are seeing above basically showing a backup xml that if you restore using this, only 1 site “https://mysharepoint.com” will be processed.  The permission of this site will have the following permission

  • appadmin (SPUser) – Full Control
  • SharePoint Portal Owners (SPGroup) – Full Control
  • SharePoint Portal Visitors (SPGroup) – Read

Subsequently, the script will continue to loop and restore List (in my backup script, this node stores only document libraries.) with Title “Documents” which is inheriting parent permission.

Folder “Folder A” within this document library will have unique permission while “Folder B” will inherit library permission which follows the Web permissions.

 

Well if you don’t really care at all, simply running BackupPermission.ps1 and RestorePermission.ps1 should be able to help you recovering you web permission.

To complete the entire process, set a Task Scheduler job to backup your farm permission regularly!

SharePoint Limited Access Permission – Careful when using BreakInheritance

This post is for SharePoint Developer or Admin who deals with SharePoint APIs (PowerShell or C#)

I have recently discovered a killing command from SharePoint that could kill your SharePoint Day. At times, you will need to configure a Unique permission to document/file for Content Sharing purposes. Typical feature which your end user will ask is to Share a certain document or folder to only certain group of people. Although it is recommend to Share using SharePoint Group which more manageable when it comes to a big Content management system, sometime you prefer to make a easier way out by just assigning to the Individual Users. (Less group to manage and you CAN Afford to loss the permission when things go wrong… and yes, this post will tell you why and how it goes wrong)

With much user friendly SharePoint “Share With” feature, you could break inheritance, grant new user permission so on and so forth. You can’t stop user from doing it, cause it is so apparent nowadays in SharePoint 2013

break and grant permission

Or you can run PowerShell script to Get the ListItem (or to be precise, SPSecurableObject Base Type object), subsequently execute  $object.BreakInheritance($false) and start adding SPRoleAssignment object.

If you have noticed this API

void ISecurableObject.BreakRoleInheritance(bool copyRoleAssignments)

 

This command allows you to quickly remove all existing RoleAssignment (from inheriting parent object permission) and so you can start adding Custom permission that you desired.

Important! This is Extremely Dangerous. Why? Because if you carefully loop into the $object.RoleAssignments (SPRoleAssignmentCollection) property, you will discover that some role definition bindings are named “Limited Access”. In SharePoint 2010, you can easily notice this definition through the permission setting page whereas in SharePoint 2013, it is hidden by default (which is more scarier cause you didn’t even know its existence).

Why is this Limited Access permission? There are many articles out there telling you why and why. I’m not gonna cover that here.

But if you really intend to so-called Cleanse the messy permission list that you have already added, the advice is Don’t.

Let me give you an example of how this BreakInheritance way of breaking parent permission can cause you problem.

By executing BreakInheritance(False), you are technically removing ALL Role Assignments from this object, which include the Limited Access permission granted automatically by SharePoint. You will usually see a lot of limited access for Document library and Web, cause the children within it are likely to be requested (by user) to have unique custom permission.

reset and break with false

 

For Example

  • Web 1 
    • Document Library A
      • Folder a (Break inheritance)
        • File
      • Folder b 

Assuming you have a “Folder a” with broken inheritance permission for UniqueUserA. Upon granting this unique permission, SharePoint automatically creates a Role Assignment for UniqueUserA with “Limited Access” permission to Web1 because Document Library A is inheriting permission from Web1 and hence it is added into Web1 instead.

Somehow or other, you need to change/script to change the permission for Web 1 object up there (the one with Limited Access), by purging the limited access granted to UniqueUserA. the permission that you granted previously to “Folder a” will be DELETED automatically! Yes, Automatically, seamlessly, without-your-knowingly.

And what is going to happen after that? Your lovely user UniqueUserA will send email you, telling you that he has no permission to access files or folder a. Not to mention if you have many Unique permission granted for sub folders within that document library.

Now, the Task you need to ask yourself is – How to still be able to remove existing permission while preserving the Unique configured child permission.

I came out with a simple PowerShell script that allows me to clear the permission. I think it can be easily translated into C# for code behind implementation.


#############################################################################
# Clearing Permission while keeping Limited Access user - Important #
#############################################################################
function ClearPermission
{
 Param([Microsoft.SharePoint.SPSecurableObject]$obj)

 $roleAssignments = $obj.RoleAssignments;
 $count = $roleAssignments.Count;
 for($i = 0; $i -lt $count ; $i++)
 {
  $roleAssignment = $roleAssignments[$i];
  $bindingCount = $roleAssignment.RoleDefinitionBindings.Count
  $clearCounter = 0;
  for($j = 0; $j -lt $bindingCount ; $j++)
  {
   $roleBinding = $roleAssignment.RoleDefinitionBindings[$clearCounter];
   if($roleBinding.Name -ne "Limited Access")
   {
    $roleAssignment.RoleDefinitionBindings.Remove($clearCounter);
   }
   else
   {
    $clearCounter++;
   }
  }
 }
 $obj.Update();
}

What it simply does is to loop through the Role Assignment Collection and delete only Binding with definition of Limited Access. Note that I do not loop via ForEach loop as when you looping the collection, you cannot delete the object within the collection. You can try and you will end up seeing error.

How to use:


Add-PSSnapin Microsoft.SharePoint.PowerShell

$w = Get-SPWeb https://yoursite

ClearPermission $w;

#add your unique permission here.

#additional code to add role assignement (permission)

$user = $w.EnsureUser("domainX\LoginNameY");

$roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($user);

$roleDefinition = $w.RoleDefinitions["Full Control"]

$roleAssignment.RoleDefinitionBindings.Add($roleDefinition)

$w.Update();

Hope it helps

Scripting your SharePoint Farm Backup with PowerShell in Task Scheduler

Hi guys,

Today, I would like to share one of the SharePoint admin must-do deployment steps which is to configure a task scheduler and to backup your SharePoint Farm. Note that this is working for both 2010 and 2013 environment.

Also, I’m leveraging this SP Farm Backup script created by good people (thanks for making this powerful and useful script). Please ensure that you have downloaded them and configure the params.xml file base on your corporate needs.

For the interest of those who want to just reference my configuration, below are the xml I used for my SharePoint Farm


<?xml version="1.0" encoding="utf-8"?>
<backup version="2.3">
 <params>
 <backupserver>SERVER_HOST_NAME</backupserver> <!-- Name of server if backup share is on remote server -->
 <sendemail>TRUE</sendemail> <!-- Option: TRUE/FALSE -->
 <smtpserver>SMTP_IP</smtpserver>
 <environment>My SharePoint (Staging)</environment>
 <emailfrom>yihaa_5@hotmail.com</emailfrom>
 <emailto>yihaa_5@hotmail.com</emailto> <!-- Multiple recipients must be comma separated -->
 <emailcc></emailcc> <!-- Multiple recipients must be comma separated -->
 <backupwebconfigonly>FALSE</backupwebconfigonly> <!-- IMPORTANT: If set to TRUE then web.config is backed up and NOT Virtual Directories -->
 <exportsolutions>TRUE</exportsolutions> <!-- Option: TRUE/FALSE -->
 <backupiis>TRUE</backupiis> <!-- Option: TRUE/FALSE -->
 <backupgac>TRUE</backupgac> <!-- Option: TRUE/FALSE -->
 <backupulslogs>TRUE</backupulslogs> <!-- Option: TRUE/FALSE -->
 <backup14hive>FALSE</backup14hive> <!-- Option: TRUE/FALSE -->
 <backupfulldays>Sunday</backupfulldays> <!-- Used in conjunction with option 1 of backupoption - Days must be comma separated -->
 <backupthreads>1</backupthreads> <!-- Option: 1 to 10 -->
 <backupsites>TRUE</backupsites> <!-- Option: TRUE/FALSE -->
 <includemysites>FALSE</includemysites> <!-- Option: TRUE/FALSE -->
 <backupconfigonly>FALSE</backupconfigonly> <!-- Option: TRUE/FALSE -->
 <backupshare>FarmBackup</backupshare>
 <backupoption>0</backupoption> <!-- Option: 0/1/2 -->
 <daystoretain>30</daystoretain> <!-- No. of days backups to retain (Must be greater than 1 day. Default: 7 days)-->
 </params>
</backup>

The key consideration of the above configuration is on the number of days to retain (daystoretain). You would need to really consult your technical manager in order to craft out the backup data retention period.

Once you have the SP Farm Backup script ready,  create a text file name “CreateTaskSchedulerForSPBackup” and subsequently change the extension to “.ps1” file (PowerShell extension).

Copy the below PowerShell script into the newly created CreateTaskSchedulerForSPBackup PowerShell


$A = New-ScheduledTaskAction -Execute "F:\TaskScheduler\Farm-Backup.bat" -WorkingDirectory "F:\TaskScheduler\"
$T = New-ScheduledTaskTrigger -Daily -DaysInterval 1 -At (Get-Date).Date
$S = New-ScheduledTaskSettingsSet

Register-ScheduledTask -Action $A -User "$($env:USERDOMAIN)\spfarmadmin" -Trigger $T -Settings $S -Force -TaskName "SharePoint Farm Backup" -RunLevel 1 -Password "xxxxxxxx"

For above PowerShell, there are certain things that you need to change based on your environment.

Farm-Backup.bat Path

It is assuming that you have copied all the SP Farm Backup downloaded script (together with your params.xml) into F:\TaskScheduler\ Folder of the server running the task scheduler. You only need to configure Task Scheduler in 1 of your SharePoint server only.

Task User Account

For most of the environment, your SP Farm Admin account is not always the local admin account where you access the server and create the task schedule. You will have to explicitly specify the Farm Admin account in the PowerShell as well as the Password of this account so that when the task is running, it takes in the Farm Admin account to perform Backup.

You need to use Farm Admin account to execute the backup script. Else you will hit access denied during the backup job.

Note that your password is entered in plain text. If you wish not to dispose the Password in Script. You can refer to last section on how to do it.

Backup Directory

It is also assume that you have created a Shared Folder in the server where you want to store the backup files. It must be a Network Shared Folder. In my example, it will be in “\\SERVER_HOST_NAME\FarmBackup” . 

Few things you need to consider when creating this shared folder:

  • Central Admin app pool account must have read/write access to the location of the backups.
  • SQL Service account must have read/write access to the location of the backups.
  • When running a farm backup from STSADM or Windows PowerShell, the account you’re running it as must have read/write access the location of the backups.
  • The location must be accessible from the SharePoint machine the backup is running on.
  • The location must be accessible from the SQL instance that SharePoint is trying to back up.

automated task scheduler for SharePoint Backup

Now that you have the script, kindly open PowerShell with Administrator rights in the server where you want to create the Task Scheduler.

Run the CreateTaskSchedulerForSPBackup.ps1

To double check if the task is created successfully, you go to Task Scheduler (taskschd) and check. The task “SharePoint Farm Backup” will be created.

automated task scheduler for SharePoint Backup output

How to avoid storing password into PowerShell Script.

As mentioned just now, you may want to avoid storing your password into the PowerShell Script.

In order to do that, you can use the PowerShell Script below to archive that.


$password = Read-Host -AsSecureString "Enter your password and hit Enter"
$bstr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$plainPassword = [RunTime.InteropServices.Marshal]::PtrToStringAuto($bstr)

Register-ScheduledTask -Action $A -User "$($env:USERDOMAIN)\spfarmadmin" -Trigger $T -Settings $S -Force -TaskName "SharePoint Farm Backup" -RunLevel 1 -Password $plainPassword

Save the CreateTaskSchedulerForSPBackup.ps1 and reruns it via PowerShell.

I hope the script to create task schedule can save you some time. It happens to me that manually creating Task Scheduler can be very error prone as there are many clicking in the Task Scheduler UI, repeating the same creation steps in difference farm environment can be very tedious too.

PowerShell script to test SharePoint Send Mail

Thought it would be good to share some of my script to the public

Copy the below script and save as .ps1 file. Run it in SharePoint Management Shell with Admin Rights.


$webUrl = Read-Host "Enter SharePoint Web Url, e.g. https://sharepoint.com"

$web = Get-SPWeb $webUrl;

if($web)
 {
 $header = New-Object System.Collections.Specialized.StringDictionary
 $to = Read-Host "Enter Email TO address (e.g. abc@def.com) "
 $header.Add("To",$to);
 $header.Add("From","ahcheng@ahcheng.com")
 $subject = Read-Host "Enter Email Subject "
 $header.Add("Subject",$subject);
 $header.Add("content-type","text/html");

$body = Read-Host "Enter Email Body Content "
 $sent = [Microsoft.SharePoint.Utilities.SPUtility]::SendEmail($web,$header,$body);
 if($sent)
 {
 Write-Host -f Green "Email ($to) Sent successfully"
 }
 else
 {
 Write-Host -f Red "Email failed to send"
 }
 }

Setting up a Single-box SharePoint 2013 Virtual Machine.

First thing first, below are some files which you would need in order to setup your own SP2013 Environment. VMware Workstation 9 – here SharePoint 2013 – here SQL 2012 – here Windows 2012 Server – here Visual Studio 2012 – here Here we go.

VMWare Workstation

  1. Install VMWare Workstation on to your local PC, Ensure that your local PC has got at least 8 gb RAM. You would need to allocate some of the RAM to your 2012 server later.
  2. Once completed the Workstation installation (i would not go through how you install software as it is simple), create a “New virtual machine“, choose Typical installation, PLEASE select option “I will install the operating system later“, else you will encounter error later. Then click Next until the vm files are created in your document folder “Documents\Virtual Machines\Windows Server 2012”
  3. Before powering on your vm, please map your Windows Server 2012 ISO file to boot up and install.

Windows Server 2012

  1. There is nothing much critical to explain here. Just follow the setup wizard.
  2. Once completed, you will be asked to enter the administrator password bla bla bla.
  3. Remember to rename your windows name to something meaningful.. NOT Something like win-is2xx92243d which is totally making no sense. To configure this, go to Server Manager > Local Server > Click Computer Name > Change > Rename your server and click OK.Configure Windows 2012 Computer Name
  4. Restart your computer.
  5. Next, it is always good to set your Server IP address. Though this is not actually required for a Single Box Setup. But good to learn? =) Configure Server IP Windows 2012 1 then Configure Server IP Windows 2012 2
  6. Next is to setup Active Director Domain Services (AD DS), this is required for you to create services account for sharepoint and sql later on. Note! dcpromo.exe is deprecated for windows 2012. Sadly.
  7. Kindly go to Server Manager > Dashboard > Add Roles and Features
  8. Select Role-based or Feature-based installation
  9. Select your server from the Server Pool list and click “Next”
  10. Check on “Active Director Domain Services” check box, a prompt up will be displayed. Click “Add Feature”.
  11. Now, click NEXT all the way down until the installation completed.

Promote Windows 2012 to a Domain Controller

  1. Once your server 2012 added AD DS, you have to promote your server to a domain controller.
  2. In the Server Manager, you may notice this Alert icon. Click on it and click on “promote this server to a domain controller”. Configure Domain Controller Windows 2012 1
  3. In the “Active Director Domain Services Configuration Wizard”, Select Add a new forest, put your favorite name. Configure Domain Controller Windows 2012 1
  4. Click Next, leave the rest default and specify your DSRM Password Configure Domain Controller Windows 2012 2
  5. Click Next all the way down until you see “Install” button. Kindly ignore those warning message. Click Install. Reboot and  you are done with DC Promo.

Service Account

  1. Now that your DC is up, you would need FEW accounts to setup your SharePoint 2013 environment. Note that i did not mention how many account required, because, ultimately, it depends on how segregated you want your farm to be. For Single Box solution and Less Error Prone. You may only need 3 accounts.
    1. Setup user account
    2. Server farm account or database access account
    3. SQL Server service account.
  2. Refer here  and here for the detail account.
  3. Open Run (Windows + R) then enter “dsa.msc” to open Active Director Users and Computers.
  4. Right Click  your Domain and add a new OU (this is my usual practice to park my sp account into an OU) Configure Service Account 1
  5. Add those 3 accounts.

SQL 2012

  1. Map your “SQLServer2012SP1-FullSlipstream-ENU-x64.iso” file to vm
  2. Run the ISO file in your VM, Select Installation Tab on the left and click New SQL Server stand-alone installation or add features to an existing installation.
  3. Click OK after the Setup Support Rules is completed, enter your product key (if you don’t have, use evaluation =D ), click OK. Include SQL Product Updates. Click OK~ These are pretty boring. Configure SQL 2012 2
  4. Next, select Role Mode. For evaluation purpose, i select All features with default.
  5. Name your SQL Instance
  6. Specify your services account. In my case, i use “SQL Server service account” that i have created previously. Configure SQL 2012 4
  7. Specify the Admin Account using the same SQL Server service account. account. (Well, this is for evaluation, you can still opt to use other account) Configure SQL 2012 5
  8. Analysis Configuration – Specify the same service account.
  9. Distributed Replay Controller – Specify the same service account and the Controller Name as your Server Name
  10. Click NEXT, NEXT, NEXT to install.. go get a coffee and come back after 30 mins…
  11. ..
  12. OK~ Next thing is to get setup the SharePoint Setup Account permission. Base on the article here. You have to grant the account (In my case “spsetup”) with DBCreator and SecurityAdmin permission.
  13. At this time, your server only allow Windows Authentication mode to access to your Database Engine. Please kindly Grant the SQLService account with Local Administrator right temporary. Log Off and switch to this account.
  14. Open your SQL Management Studio, Login via Windows Authentication, Right click on the “Login” node and “New Login”
    Configure SQL 2012 5.5
  15. Select the SharePoint Setup Account “spsetup” and go to Server Roles. Check the 2 server roles “dbcreator” and “securityadmin”
    Configure SQL 2012 6
  16. Click OK to proceed.
  17. For SharePoint 2013, there is one additional step is to change the Max Degree of parallelism to 1. Go to Database Engine, Right Click and Select Property. Under Advanced panel. Change the value to 1.
    Configure SQL 2012 7
  18. Click OK to proceed. Once this is completed, you may Switch User back to SharePoint Setup Account now (via Alt + Del + Insert)Note: Remove the SQLService account from local admin group once you are done with setting up the permissions.

SharePoint 2013

  1. Map your SP2013 iso file to your virtual machine (if you haven’t)
  2. Go into your vm and install SP2013 pre-requisites. The next few steps are for Offline Pre-requisite installation.
  3. Run Powershell with Administrator rights. Ensure you have executed the following command before Set-ExecutionPolicy RemoteSigned
  4. Run the following command. Make sure the path is where you store the pre-requisite files. Also, copy the “prerequisiteinstaller.exe” from your SP2013 iso to the same folder where your script is located.
    $SharePoint2013Path = "C:\Prerequisite"
    Start-Process "$SharePoint2013Path\PrerequisiteInstaller.exe" –ArgumentList "/SQLNCli:$SharePoint2013Path\PrerequisiteInstallerFiles\sqlncli.msi /IDFX:$SharePoint2013Path\PrerequisiteInstallerFiles\Windows6.1-KB974405-x64.msu /IDFX11:$SharePoint2013Path\PrerequisiteInstallerFiles\MicrosoftIdentityExtensions-64.msi /Sync:$SharePoint2013Path\PrerequisiteInstallerFiles\Synchronization.msi /AppFabric:$SharePoint2013Path\PrerequisiteInstallerFiles\WindowsServerAppFabricSetup_x64.exe /KB2671763:$SharePoint2013Path\PrerequisiteInstallerFiles\AppFabric1.1-RTM-KB2671763-x64-ENU.exe /MSIPCClient:$SharePoint2013Path\PrerequisiteInstallerFiles\setup_msipc_x64.msi /WCFDataServices:$SharePoint2013Path\PrerequisiteInstallerFiles\WcfDataServices.exe"
    
  5. After running the script, i encountered the following error “The tool was unable to install Application Server Role, Web Server (IIS) Role
  6. After 2 rounds of rebooting. The pre-requisite installation is finally done.
  7. Open the SharePoint Installer Splash Screen and hit Install SharePoint Server.
  8. Put in the Evaluation Product Key. NQTMW-K63MQ-39G6H-B2CH9-FRDWJ
  9. Click Next  until the installation is completed (yawn..)
  10. Once the installation is completed, leave the check box default “Run SharePoint Products Configuration Wizard”. Close your installation wizard.
  11. In the SharePoint Configuration Wizard, click Next.
  12. System will prompt you to stop the 3 services account, IIS, SP Admin Service, SP Timer Service, click Yes to continue.
  13. Select “Create a new server farm” and click OK.
  14. At this point, you may want to setup an ALIAS for SQL connection. (Good practice!)
  15. Fire Up “Run” and enter “cliconfg”.
  16. Under Alias tab, enter “sql” name and select “TCP/IP” and your sql server name (basically the same server since we are setting up a single box server.)
    Configure SharePoint 1
  17. Click OK and exit the CliConfg.
  18. Back to the SharePoint Product Configuration Wizard, enter the ALIAS that you just created as the SQL name.
  19. Next, specify the Login ID for “Server farm account or database access account” created earlier. (In my case “spfarm”).
    Configure SharePoint 2
  20. Specify the passphrase and click Next
  21. Specify the Central Admin port number and the authentication mode. Use NTLM for simplicity.
    Configure SharePoint 3
  22. Click Next to start configuring. Again you can go get some drink and come back like 20 mins time
  23. Tada~
    Configure SharePoint 4
  24. If you open your Task Manager, you will noticed that there is one new windows services running “AppFabric Service” which took you 300++mb of RAM. You may actually reduce the RAM usage to make room for other services. Refer here on how to reduce the AppFabric Memory Usage
  25. Once you close the Product Configuration Wizard, IE will be fired up to performance Configuration. Select all services if you like. Also, you may use a separate service account for the services that you intend to add. I would not recommend turning on Search Service Application as this will take up A LOT OF YOUR MEMORY!!!! Please note. Do it only if you have a lot of RAM in your VM Host.
  26. The Configuration may take quite some time. It happened to me before that it stuck forever. In case the screen doesn’t refresh or whatsoever, try to open the Central Admin again. The Services will still be created at the backend.

Configure SharePoint 5

Create Site Collection

  1. Once the Central Admin is done, you may proceed to create a Site Collection for your primary Web Application – 80
  2. Click on “Create Site Collection” under Application Management tab.
  3. Ensure the Web Application is selected correctly. Put in the Name and select your Site Template
    Configure SharePoint 6
  4. Specify the Primary Site Collection Admin – AHCHENG\spsetup
  5. Click OK!!! and Welcome to SharePoint 2013!

 

Note: If Newsfeed or MySite is having this “We’re almost ready!” error, please kindly check here to add your server as part of cache cluster

Configuring SharePoint Calendar Overlay using Powershell

When comes to deployment, my always first rule is to automate the deployment steps.

You could always use site backup and restore for deployment. But that is not my preference, always. Simply because you can’t do this every time when you hit a problem or when you need to reconfigure the whole site.

Well, after some tracing on the Calendar list object class. I found the CalendarSetting property of calendar list.

Unfortunately, there isn’t a fully integrated API for you to configure SP calendar overlay. You have to parse the calendar setting in XML structure yourself. But that really isn’t bad.

You simply have to follow the structure as shown…

<AggregationCalendars>
 <AggregationCalendar Id='%%RANDOM GUID%%' Type='SharePoint' Name='%%VIEW NAME%%' Description='' Color='2' AlwaysShow='True'
 CalendarUrl='%%Calendar URL%%'>
  <Settings WebUrl='%%WEB URL%%' ListId='%%LIST ID%%' ViewId='%%VIEW ID%%' ListFormUrl='%%DISPLAY FORM URL%%' />
 </AggregationCalendar>
</AggregationCalendars>

Where

%%RANDOM GUID%% : GUID e.g. “{76018083-3ed1-4a4c-b332-734106113448}”
%%VIEW NAME%%: View Name
%%Calendar URL%%: URL to the calendar that you want to overlay. e.g. “/Lists/My Calendar/calendar.aspx”
%%WEB URL%%: URL of your SharePoint site.
%%LIST ID%%: Calendar List ID that you want to overlay.
%%VIEW ID%%: View ID of the Calendar that you want to overlay.
%%DISPLAY FORM URL%%: Display Form URL of the Calendar e.g. “/Lists/My Calendar/DispForm.aspx”

Note the Color attribute for  AggregationCalendar, this attribute takes in the index number of the colour choices (you can refer to the SharePoint Calendar Overlay page for this)