Tag Archives: admin

Create a Page in SharePoint sub site is not adding to the sub site but the Root site

I hope the post title did not confuse you. I hit this weird behaviour in SharePoint when I was in “www.sharepoint.com/subsite” trying to create a Page in “www.sharepoint.com/subsite/pages” library. The dialog shows URL of Root Site in “Find It at”

create a page not adding to correct site 1

If you proceed to create the page, it will be added into ROOT SITE! which is not what I wanted

Resolution

To avoid confusing and to make the “add a page” adds pages to the correct site. Please do the following:

  1. Go to your sub site setting page
  2. Go to “Navigation” under look and feel section
  3. Uncheck the field “
  4. Click “OK” an save

Once you have unchecked the field, your “add a page” is now adding to the correct subsite!

 

PowerShell script to disable Limited Access Lock Down mode for all Site Collections

I always like to make use of PowerShell to do stuff. When dealing with a lot of Site Collection, it is advisable to script your task than going through UI one by one to configure.

I have a requirement to take out the Limited Access Lock Down mode introduced in SharePoint 2013. A bit introduction for this feature, this feature actually BLOCK users from browsing a file (via Browser) or check-in/check-out a file (via Office Client such as Word).

limited access user permission lockdown mode

If you activate this lock down mode, SharePoint does not allow browsing of its parent and hence you will receive error when trying to edit a file via Office Client (even if you have contribute permission to the file itself!). If you are only allowing your users (usually external or someone who does not have permission to the entire web or document library) to read the file, you do not need to Deactivate this.

In my environment, its much more complicated where some users are only editable to file from other Sub Site or Site. And Content Owners always assign Individual file for other site’s user to edit. In this case, in order to allow seamless experience, I would need to make sure that this feature is Deactivated at all site collections.

I came out with this PowerShell, Short and Sweet one, to help me. Hope it helps!


Get-SPSite | % {
  Get-SPFeature -Site $_ | ? { $_.DisplayName -eq "ViewFormPagesLockDown"} | Disable-SPFeature -Url $_.Url -Confirm:$false
}

P.S. Run it via SharePoint Management PowerShell. Or else you need to add in “Add-PSSnapIn Microsoft.SharePoint.PowerShell” at the start of this script.

Changing Default HomePage for Document Center to a Document Library

As stated in the Title, it is easier said than done to change the default landing page of a Document Center. If you have done publishing sites often, you will usually go to “Welcome Page” in the site setting page to do it.

welcome page publishing

But in Document Center site, this feature is missing and what’s even worse, that there is no Pages or Site Pages library for you to set the homepage

[I’m referring to the set homepage feature below]

make home page

So how to change the default landing page for SharePoint Document Center?

The trick is simple, all you need to do is to go to the Document Library that you want to make default home page.

Hit on the “Edit Page” menu under Site Action gear.

edit page in document library

Once the Document Library page is in Edit Mode, you shall see additional Ribbon Tabs appear and shown below, Go to “Pages” tabs and now you can set the HOME PAGE! (hidden gem)

document library make homepage

There are alternative ways of doing this such as running PowerShell etc. but I personally find this the quickest and easiest way to do it.

Hope it helps!

 

Do you know? CTRL + SHIFT powerful keys

Do you know that if you hold CTRL + SHIFT and Left click on any program such as “cmd.exe”. You are actually running the program as Administrator?

And instead of hitting “Enter” to open a program, you can do CTRL + SHIFT + Enter to run it as Administrator.

 

Do you know that if you hold CTRL + SHIFT and Right click on any program, you can then run the program as another user such as impersonating someone’s login to open IE browser etc etc.

 

Do you know that if you hit CTRL + SHIFT + ESC, you can easily fire up Task Manager

Be Pro!

SharePoint Search Content Source Crawl Log Access Denied

I have the following issue when setting up SharePoint 2013 Search Service Application.

Whenever I started full crawling my content sources, after certain time (usually the next day). Content Sources page and Crawl Log will give Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
search service application content source access denied

Checking Search Instance Server’s Application Log and you can see the following error

The Execute method of job definition Microsoft.Office.Server.Search.Administration.IndexingScheduleJobDefinition (ID e611e95c-dc0a-40ee-a3a3-c58f2099c2d1) threw an exception. More information is included below.

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Event ID 6398

Subsequently go to Central Administration page > Timer Jobs to look for the respective Timer

Found “Indexing Schedule Manager on xxxServerNamexxx” failed miserably, for every 5 minutes.

It was then found that some user has this issue previously which has got something to do with TASKS folder in your C:\WINDOWS

sharepoint search windows task access denied issue

In case if you do not have the history of your Domain GPO, this particular folder was previously a target for Conficker Worm virus. Refer here. MS recommended to actually change the permission of this folder which then conflict the requirement for SharePoint Search Service.

If you are interest in checking your own GPO setting, you can simply run “rsop.msc” in your server’s RUN command. And you should be able to see the settings made as per below

sharepoint search windows task access denied issue conflicker

 

Workaround

In order to solve the issue, you have to get your AD GPO team to remove this setting from your sharepoint servers. Explicitly for this requirement or else your search cannot crawl.

For temp solution, you have to change the Owner of this TASKS folder and grant

WSS_WPG with minimum “Read” and “Write” access.

Finger Crossed

How to check my CPU Temperature using PowerShell Remotely

Thought it would be helpful to share how to remotely check your Computer temperature especially when you have a computer at home and you want to track if it is HOT. Just in case you don’t want to burn your computer etc etc, for whatsoever reason.

Well. Steps below show you how to do that! Make sure your client machine (the one that you are using) has PowerShell version 2.0 and above (well most of the Windows nowadays has it already). Just do a Search in your program menu and you should see it

  1. First of all, ensure your target computer (the one sitting at home that you want to check) has Firewall Turn off (not recommended). Alternatively, set Exception rules for WMI rules.
    Very briefly, go to “wf.msc” – Windows Firewall of the target computer and enable Inbound Rules for “Windows Management Instrumentation (WMI-In)” – Profile: Domain.
    remotely check cpu temperature - 1
    See detail steps here 
  2. Once firewall is cleared, make sure you have local administrator rights account that can query the CPU temperature in the target computer. (this one is simple) Fire “lusrmgr.msc” in the Run command.
    Check the “Administrators” group and make sure your account is the member.
  3. In order for you to be able to remotely check your computer temperature, you must have connectivity to your target computer. I believe there could have many way you can have connectivity to your target computer. Of what I know, the below three should be enough to fulfill the task
    1. One that I always like to use is Teamviewer. With this, you can easily establish VPN or remotely login to run the script mention in Step 4. (without specifying the -Computer and -Credential).
      Make sure when you install the Teamviewer, you have the VPN Driver installation option ticked.
    2. Allowing RDP to your target computer from public IP. In this option, you need to configure your Home Router to allow port 3389 to hit your target computer. Please go to your router admin page (usually ends of 192.168.0.1 or  192.168.1.1 depending on which is your subnet) and configure port forwarding to your private IP.
      In this way, you will be doing the same steps as option 1 where the only difference is you remotely accessing your home computer and run the script directly onto the target computer. Again, without specifying the -Computer and -Credential parameter in step 4)
    3. Option 3 is kinda most complete one and if you want to learn a little bit deeper for WMI. In this option, you will be granting DCOM port (135) and a fixed port (24158) port forwarding to your remote compute (which is accessible via public IP like what you’ve done in option 2). Refer here for how to fix WMI port.Screen shot example on how I configured the WMI to fixed port. (please pardon the typo)
      configure WMI to fixed port
      At the end of the day, your target computer but be accessible via DCOM port and WMI port from public IP.
  4. Open PowerShell via Administrator rights and run the following PS command

    Get-WmiObject MSAcpi_ThermalZoneTemperature -Namespace “root/wmi” -ComputerName “<IP of your target computer>” -Credential (Get-Credential)

    You will be prompted to specify the credential, use the account that you have administrator rights mentioned in step 2 above.
  5. You should be expecting response like screen below
    remotely check cpu temperature - 3
  6. Look for “CurrentTemperature” and the value is in Celsius

SharePoint Permission Back Up and Restore in PowerShell

Hi SharePoint Admins! I’ve recently worked on a module to enhance SharePoint Backup experience. If you haven’t known SharePoint Native Backup enough, please read this.  SharePoint Native backup supports Backup-SPFarm, Backup-SPSite, Backup-SPFarm, Export-SPWeb.

All these approaches backup the actual content of the file and at times requires the entire Site or List to be restored entirely. If you are using Version History feature, recovering file can be made easier by restoring only the mis-updated files. In additional, the introduction of Recycle Bin since SharePoint 2010 has helped many SharePoint Admins (at least for myself) to recover accidentally deleted files without burning much of your time.

However, there is no Version History for Permission. Whatever permission changes that you have made onto a document, library or site do not keep a backup copy for you to restore in the later time. You can tap on third party product to help you on this, downside is, you have to pay for the service. Some 3rd party products that you can find in the markets are like Lightning Tools and AvePoint . (Personally never tried that but I’m more of a Self Fulfilling kind, where everything can be done by my left hand and my right hand. But please don’t get me wrong, paying more for premier service sometimes can be good as it comes with support and service level assurance)

So much for the introduction, now let’s go into the script!

I uploaded my script to CodePlex – PowerShell to backup/restore SharePoint Webs, Libraries, Folders and Files and inside the source code, you can find two powershell script, namely BackupPermission.ps1 and RestorePermission.ps1.

You would first run the BackupPermission.ps1. This backuppermission.ps1 generates a Permission.xml file that you gonna need it for the RestorePermission.ps1 later.

What this Backuppermission.ps1 does is to loop through your entire SharePoint Farm for Site Collections. Subsequently, for each of the site collection, it back up its Root Web permissions and Sub Web permissions. After backing up the web level permission, it goes to back up all document libraries permission, folder permission within each library and optionally (turn on by default) files permission.

Why do I need to care about backing up the permission? Well, there may have many reasons for that but below are just some for myself…

  1. You screw up the permission and can’t afford to restore the SharePoint Site Collection (cause only Backup-SPFarm was running DAILY)
  2. You do not want to inform the user for backup recovery cause the user will scream at you if the data that you going to restore has been modified by the user.
  3. You do have full confidence to run SharePoint Native Restore-SPSite as you all know, some times it doesn’t Work. Some how.. (MS, no offense on this, well, it does work most of the time but reason 1 superseded this)
  4. You accidentally RESET or Hit the “Delete Unique Permission” button when trying to change a WEB permission. Refer to my previous post on why this will kill your document permission.

 

Here I’m gonna talk about the Permissions.xml that is generated by my BackupPermission.ps1. You can always change the XML to suit your backup needs. Things like Restoring only partial of your Site Collection, restoring only a document library and even up to only a folder or file. By default, if a entity does not contains <RoleAssignments> node, the RestorePermission.ps1 script will bypass updating the permission and it will remains as its current stage (could be Inherting its parent permission or already broken permission. no changes will be done).


<?xml version="1.0" encoding="UTF-8"?>
<SharePoint>
 <Sites>
  <Site>
   <Url>https://mysharepoint.com</Url>
   <RootWeb>
    <Title>SharePoint Portal</Title>
    <Url>https://mysharepoint.com</Url>
    <RoleAssignments>
     <RoleAssignment User="i:0#.w|contoso\appadmin">
      <RoleDefinitionBindings>
       <RoleDefinition Name="Full Control"/>
      </RoleDefinitionBindings>
     </RoleAssignment>
     <RoleAssignment Group="SharePoint Portal Owners">
      <RoleDefinitionBindings>
       <RoleDefinition Name="Full Control"/>
      </RoleDefinitionBindings>
     </RoleAssignment>
     <RoleAssignment Group="SharePoint Portal Visitors">
      <RoleDefinitionBindings>
       <RoleDefinition Name="Read"/>
      </RoleDefinitionBindings>
     </RoleAssignment>
    </RoleAssignments>
    <Lists>
     <List>
      <Title>Documents</Title>
      <RootFolder>
       <Name>Documents</Name>
       <Url>Documents</Url>
       <SubFolders>
        <Folder>
         <Name>Folder A</Name>
         <Url>Documents/Folder A</Url>
         <RoleAssignments>
          <RoleAssignment Group="SharePoint Portal Owners">
           <RoleDefinitionBindings>
            <RoleDefinition Name="Full Control"/>
           </RoleDefinitionBindings>
          </RoleAssignment>
          <RoleAssignment Group="SharePoint Portal Visitors">
           <RoleDefinitionBindings>
            <RoleDefinition Name="Read"/>
           </RoleDefinitionBindings>
          </RoleAssignment>
          <RoleAssignment Group="SharePoint Portal Members">
           <RoleDefinitionBindings>
            <RoleDefinition Name="Contribute"/>
           </RoleDefinitionBindings>
          </RoleAssignment>
         </RoleAssignments>
        </Folder>
        <Folder>
         <Name>Folder B</Name>
         <Url>Documents/Folder A - Copy (8)</Url>
        </Folder>
       </SubFolders>
       <Files>
       </Files>
      </RootFolder>
     </List>
    </Lists>
    <Webs>
    </Webs>
   </RootWeb>
  </Site>
 </Sites>
</SharePoint>

What you are seeing above basically showing a backup xml that if you restore using this, only 1 site “https://mysharepoint.com” will be processed.  The permission of this site will have the following permission

  • appadmin (SPUser) – Full Control
  • SharePoint Portal Owners (SPGroup) – Full Control
  • SharePoint Portal Visitors (SPGroup) – Read

Subsequently, the script will continue to loop and restore List (in my backup script, this node stores only document libraries.) with Title “Documents” which is inheriting parent permission.

Folder “Folder A” within this document library will have unique permission while “Folder B” will inherit library permission which follows the Web permissions.

 

Well if you don’t really care at all, simply running BackupPermission.ps1 and RestorePermission.ps1 should be able to help you recovering you web permission.

To complete the entire process, set a Task Scheduler job to backup your farm permission regularly!

Scripting your SharePoint Farm Backup with PowerShell in Task Scheduler

Hi guys,

Today, I would like to share one of the SharePoint admin must-do deployment steps which is to configure a task scheduler and to backup your SharePoint Farm. Note that this is working for both 2010 and 2013 environment.

Also, I’m leveraging this SP Farm Backup script created by good people (thanks for making this powerful and useful script). Please ensure that you have downloaded them and configure the params.xml file base on your corporate needs.

For the interest of those who want to just reference my configuration, below are the xml I used for my SharePoint Farm


<?xml version="1.0" encoding="utf-8"?>
<backup version="2.3">
 <params>
 <backupserver>SERVER_HOST_NAME</backupserver> <!-- Name of server if backup share is on remote server -->
 <sendemail>TRUE</sendemail> <!-- Option: TRUE/FALSE -->
 <smtpserver>SMTP_IP</smtpserver>
 <environment>My SharePoint (Staging)</environment>
 <emailfrom>yihaa_5@hotmail.com</emailfrom>
 <emailto>yihaa_5@hotmail.com</emailto> <!-- Multiple recipients must be comma separated -->
 <emailcc></emailcc> <!-- Multiple recipients must be comma separated -->
 <backupwebconfigonly>FALSE</backupwebconfigonly> <!-- IMPORTANT: If set to TRUE then web.config is backed up and NOT Virtual Directories -->
 <exportsolutions>TRUE</exportsolutions> <!-- Option: TRUE/FALSE -->
 <backupiis>TRUE</backupiis> <!-- Option: TRUE/FALSE -->
 <backupgac>TRUE</backupgac> <!-- Option: TRUE/FALSE -->
 <backupulslogs>TRUE</backupulslogs> <!-- Option: TRUE/FALSE -->
 <backup14hive>FALSE</backup14hive> <!-- Option: TRUE/FALSE -->
 <backupfulldays>Sunday</backupfulldays> <!-- Used in conjunction with option 1 of backupoption - Days must be comma separated -->
 <backupthreads>1</backupthreads> <!-- Option: 1 to 10 -->
 <backupsites>TRUE</backupsites> <!-- Option: TRUE/FALSE -->
 <includemysites>FALSE</includemysites> <!-- Option: TRUE/FALSE -->
 <backupconfigonly>FALSE</backupconfigonly> <!-- Option: TRUE/FALSE -->
 <backupshare>FarmBackup</backupshare>
 <backupoption>0</backupoption> <!-- Option: 0/1/2 -->
 <daystoretain>30</daystoretain> <!-- No. of days backups to retain (Must be greater than 1 day. Default: 7 days)-->
 </params>
</backup>

The key consideration of the above configuration is on the number of days to retain (daystoretain). You would need to really consult your technical manager in order to craft out the backup data retention period.

Once you have the SP Farm Backup script ready,  create a text file name “CreateTaskSchedulerForSPBackup” and subsequently change the extension to “.ps1” file (PowerShell extension).

Copy the below PowerShell script into the newly created CreateTaskSchedulerForSPBackup PowerShell


$A = New-ScheduledTaskAction -Execute "F:\TaskScheduler\Farm-Backup.bat" -WorkingDirectory "F:\TaskScheduler\"
$T = New-ScheduledTaskTrigger -Daily -DaysInterval 1 -At (Get-Date).Date
$S = New-ScheduledTaskSettingsSet

Register-ScheduledTask -Action $A -User "$($env:USERDOMAIN)\spfarmadmin" -Trigger $T -Settings $S -Force -TaskName "SharePoint Farm Backup" -RunLevel 1 -Password "xxxxxxxx"

For above PowerShell, there are certain things that you need to change based on your environment.

Farm-Backup.bat Path

It is assuming that you have copied all the SP Farm Backup downloaded script (together with your params.xml) into F:\TaskScheduler\ Folder of the server running the task scheduler. You only need to configure Task Scheduler in 1 of your SharePoint server only.

Task User Account

For most of the environment, your SP Farm Admin account is not always the local admin account where you access the server and create the task schedule. You will have to explicitly specify the Farm Admin account in the PowerShell as well as the Password of this account so that when the task is running, it takes in the Farm Admin account to perform Backup.

You need to use Farm Admin account to execute the backup script. Else you will hit access denied during the backup job.

Note that your password is entered in plain text. If you wish not to dispose the Password in Script. You can refer to last section on how to do it.

Backup Directory

It is also assume that you have created a Shared Folder in the server where you want to store the backup files. It must be a Network Shared Folder. In my example, it will be in “\\SERVER_HOST_NAME\FarmBackup” . 

Few things you need to consider when creating this shared folder:

  • Central Admin app pool account must have read/write access to the location of the backups.
  • SQL Service account must have read/write access to the location of the backups.
  • When running a farm backup from STSADM or Windows PowerShell, the account you’re running it as must have read/write access the location of the backups.
  • The location must be accessible from the SharePoint machine the backup is running on.
  • The location must be accessible from the SQL instance that SharePoint is trying to back up.

automated task scheduler for SharePoint Backup

Now that you have the script, kindly open PowerShell with Administrator rights in the server where you want to create the Task Scheduler.

Run the CreateTaskSchedulerForSPBackup.ps1

To double check if the task is created successfully, you go to Task Scheduler (taskschd) and check. The task “SharePoint Farm Backup” will be created.

automated task scheduler for SharePoint Backup output

How to avoid storing password into PowerShell Script.

As mentioned just now, you may want to avoid storing your password into the PowerShell Script.

In order to do that, you can use the PowerShell Script below to archive that.


$password = Read-Host -AsSecureString "Enter your password and hit Enter"
$bstr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$plainPassword = [RunTime.InteropServices.Marshal]::PtrToStringAuto($bstr)

Register-ScheduledTask -Action $A -User "$($env:USERDOMAIN)\spfarmadmin" -Trigger $T -Settings $S -Force -TaskName "SharePoint Farm Backup" -RunLevel 1 -Password $plainPassword

Save the CreateTaskSchedulerForSPBackup.ps1 and reruns it via PowerShell.

I hope the script to create task schedule can save you some time. It happens to me that manually creating Task Scheduler can be very error prone as there are many clicking in the Task Scheduler UI, repeating the same creation steps in difference farm environment can be very tedious too.

PowerShell script to test SharePoint Send Mail

Thought it would be good to share some of my script to the public

Copy the below script and save as .ps1 file. Run it in SharePoint Management Shell with Admin Rights.


$webUrl = Read-Host "Enter SharePoint Web Url, e.g. https://sharepoint.com"

$web = Get-SPWeb $webUrl;

if($web)
 {
 $header = New-Object System.Collections.Specialized.StringDictionary
 $to = Read-Host "Enter Email TO address (e.g. abc@def.com) "
 $header.Add("To",$to);
 $header.Add("From","ahcheng@ahcheng.com")
 $subject = Read-Host "Enter Email Subject "
 $header.Add("Subject",$subject);
 $header.Add("content-type","text/html");

$body = Read-Host "Enter Email Body Content "
 $sent = [Microsoft.SharePoint.Utilities.SPUtility]::SendEmail($web,$header,$body);
 if($sent)
 {
 Write-Host -f Green "Email ($to) Sent successfully"
 }
 else
 {
 Write-Host -f Red "Email failed to send"
 }
 }

Exception trying get context compatibility level: System.IO.FileNotFoundException

Bump into this error when hitting my SharePoint 2013 Web Application.

HTTP/1.1 200 OK Server: Microsoft-IIS/7.5 Date: <DATE TIME> GMT Connection: close

Exception trying get context compatibility level: System.IO.FileNotFoundException: The site <URL> could not be found in the Web application SPWebApplication Name=<WEB_APP_NAME>.
 at Microsoft.SharePoint.SPSite.LookupSiteInfo(SPFarm farm, Boolean contextSite, Boolean swapSchemeForPathBasedSites, Uri& requestUri, Boolean& lookupRequiredContext, Guid& applicationId, Guid& contentDatabaseId, Guid& siteId, Guid& siteSubscriptionId, SPUrlZone& zone, String& serverRelativeUrl, Boolean& hostHeaderIsSiteName, Boolean& appWebRequest, String& appHostHeaderRedirectDomain, String& appSiteDomainPrefix, String& subscriptionName, String& appSiteDomainId, Uri& primaryUri)
 at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.GetContextCompatibilityLevel(Uri requestUri)

Subsequently, i tried to run powershell Get-SPSite <url>

Get-SPSite : Cannot find an SPSite object with Id or Url : xxxx

Tried to go to central admin and view all site collections. Amazingly, there is no Site Collection attached to the Web Application.  The site collection was GONE by no reason…

Steps to Recover the Site Collection

  1. Run the following Powershell.
    $tempSite = Get-SPDeletedSite
    $tempSite.Restore()
  2. That simple…