Thursday, March 05, 2015

Snow Class in Nashville

What a great day for a class on Enterprise Content Management (aka Document Management)!!

Thursday, February 12, 2015

InfoPath is NOT dead!

InfoPath is not quite dead in the ground!  Recent
developments show that Microsoft is having a harder time replacing the functionality than they expected.

Tuesday, February 03, 2015

Using SharePoint Apps On-Premise and FBA Custom Sign-In Page

Using SharePoint Apps and a Custom Sign In Page
If you follow the Microsoft recommended setup for SharePoint Apps, you will utilize a new domain name to host your apps. See Microsoft recommended setup on TechNet here -  (Note: if you don’t follow the recommendation of hosting your apps with a different domain name, the problem described below should not be present.)

The Problem
Following the recommend setup means a user navigates to and after selecting a SharePoint app (such as Corporate News App as I used in my testing) that has been configured, the user will be prompted to login again due to the fact that it is utilizing a separate domain name.

If you aren’t using FBA and a custom sign in page then no problem will be present. A problem is presented when utilizing a custom sign in page, as is a best practice when using Extranet Collaboration Manager (ExCM) for SharePoint.

Following our ExCM instructions for a custom sign in page, you would access the sign in page in the _layouts directory. From the app domain, this will return a 403 forbidden error. According to extensive consultation with Microsoft support this is due to the fact that the apps domain does not have access to the _layouts directory in the 15 folder as other apps would.

Ensure Your Apps Are Working
Before going down the recommended path for correction, let’s be sure your apps are properly configured. It can be a complex process to get SharePoint apps configured properly.

We recommend testing without FBA enabled and without a custom sign in page. Doing so takes ExCM out of the picture and ensures your apps are properly configured without introducing additional complexity. If you already have ExCM configured on a web application, either create a new web app for testing or in central administration/manage web applications click on your extranet web app, select authentication providers, turn off FBA, and set it to use the default login page.

Thursday, January 29, 2015

InfoPath and "Cloud" woes

I was recently forwarded an article from a professional colleague that brought a little bit of a dark shadow to the promised land of "the cloud".  I'm a big fan of InfoPath for its ability to empower Power Users to build what they need; especially the ease of accessing web services.

Regrettably in Office 365 it is not possible to make use
of your SharePoint User Profile Service web service with InfoPath Forms Services (InfoPath forms in a browser on SharePoint).  This prevents your online forms from gathering information about users from just the place that was designed to let you do so in SharePoint.  Due to security concerns, Microsoft will simply not allow it.  This is a negligible issue that could be evaluated, in an on-premise implementation, for acceptable risk but the decision is out of your hands when using cloud services.  InfoPath will be replaced in the future, but currently I believe that it has no peer except for 3rd party vendor software.  Please read here for the article about the scenario and further resources.

Friday, January 23, 2015

Add Extranet Security with Registration Approval Workflows

Extranet Collaboration Manager for SharePoint 2013 (ExCM) allows you to create users in three ways:

1. Manually

2. Invitation Registration (via e-mail)

3. Anonymous Registration (potential users visit the Extranet site and click “Sign Up”)

The most common of these is via invitation. When using invitations, there is most likely an existing business relationship with the invitee and the general thinking is that “if you’re invited, you’re approved.” However, there may be certain scenarios where you want to add an approval step for invited users as well.

In addition, there may be instances where you need to implement Anonymous Registrations for user creation. For example, suppose you didn’t know ALL of the email addresses for potential site users. By using Anonymous Registrations, a user can visit the site, fill out the registration from, and create a new account herself. The downside to this is that since your SharePoint Extranet site is available worldwide to anyone with an Internet connection, there is a possibility of invalid or unnecessary account creation.

By turning on approval in ExCM, ALL registrations (both invitation and anonymous) are required to be manually reviewed by someone and either approved or rejected…thus adding another layer of security to your site. However, this could become a very tedious task for approvers since they would have to manually check for new accounts periodically and determine their approval status. By creating a basic workflow, you can email approvers when a new registration occurs and let them know it’s ready to be reviewed.

In 2013 you will first need to activate workflows. Go to Site Settings > Site Collection features and activate "Workflows":

Wednesday, January 21, 2015

Who ya gonna blame?

Yesterday I wrote No Pain, No Gain to talk about the fact that its HARD to have good systems.  That's because systems are the combination of people, procedures and technologies, and no matter what the software platform, or whether on-premises or Cloud, it just takes a lot of hard work for both IT people and Business people to have good systems.  That's fundamentally the reason some businesses have good systems and some don't.

One thing I intended to mention in the article, but forgot, is to make the point that when something is hard and takes a lot of work to do well, some people (me included at times) will look to find someone (or some thing) to blame, rather than just buckling down and working hard to get a good outcome.

With that said, I think IT people, as a group, have been "thrown under the bus" a lot in the last few years.  I think it has come first as a result of some Business people being unable to accept the fact that good systems require hard work, and that means for them too, not just IT.  So, it is easiest to just blame IT.

Tuesday, January 20, 2015

No Pain, No Gain

I recently read this blog post on Sharegate's blog:

Move to Office 365:  Did SharePoint Become the Reason?

The very first line of the post says this:

"It's been a long and exhausting road with SharePoint"

It inspired me to leave this comment, which I realized I wanted to make into a blog post.  So, here it is:

For business people, "IT" has been a long and exhausting road for 30 years or more.  And, one of the rarely spoken truths is that one key reason is because it is "hard to create and maintain good systems".

Systems are the combination of people, procedures and technologies.  It is really hard for organizations to combine those three things and come up with something that is really good.

Friday, January 16, 2015

Display a Security Trimmed Listing of Sites Using SharePoint Search

kudzuDepending on where you live, and how frequently you travel by car, you might have come across vast areas taken over by kudzu.  I’m always amazed at the vast land area kudzu can quickly take over.  I’ll bet if you stared at it for a while, you could actually see it grow.

As SharePoint grows in your organization, so do the number of sites each of your users has access to.  So how do you go about showing a listing of sites the user has access to, especially if their sites are separate site collections or even web applications?

If you don’t provide something for the users, it might be easier for them to find a green crayon in a field of kudzu.  You need something to help users find their sites besides relying on them to have well organized bookmarks. 

Thursday, January 08, 2015

Configure Host Headers for SharePoint Web Applications

My friend and I were driving down the road the other day when he turns to me and tells me that there is this website with links to great extranet security products for SharePoint and even links to SharePoint Training. I had to check this out for myself! “What’s the site?” I ask. “Oh, its” To which I reply “Cool, I’ll look that up as soon as I get home… if I remember it!”

There is a reason we have DNS: it is so we can make things easier to remember. There was no way I was going to be able to remember unless I put it into a song (is 86753O9 going through anyone else’s head right now?)

You see, despite what Juliet may tell you, names are important. Sure a rose by any other name would still be as sweet, but the florist still gives me strange looks when I ask for a dozen #F80000 roses. You do not go around treating people as if they are storm troopers and asking "TK-421, why aren't you at your post? TK-421, do you copy?", so why would you treat your SharePoint web apps like they are storm troopers?

Give your SharePoint web apps names by configuring Host Headers.

Monday, December 22, 2014

New White Paper Addresses Extranet Security Best Practices

In using SharePoint as an extranet platform, one of the first decisions that IT pros face is where to store the extranet user accounts. Which alternative makes the most sense?

This is the topic which our new white paper, The Case for Using Forms-Based Authentication (FBA) and the SQL Membership Provider for Implementing a SharePoint Extranet, addresses.

The paper can be downloaded from the PremierPoint Solutions website.

An extranet is like an intranet which can be accessed from anywhere on the Internet.

Because the extranet is accessible from the Internet, the need for iron-clad security is paramount. Just as important is the need for users to be able to access and use the extranet easily.

But can both of these seemingly opposing goals really be achieved?

According to the white paper, these ostensibly conflicting goals can be achieved by using FBA and the SQL Membership Provider in on-premises SharePoint.