Fabian Williams SharePoint Blog

Solving problems with SharePoint day and night

SharePoint Template Question Revealed – Where is the Intranet Collaboration Template in 2010


So I am on a client site this week yet again and I am doing an Envisioning, ADS, and a SharePoint Intranet Base Install.  Now that I am about to talk Taxonomy and Information Architecture, we touched on just having a few sites to begin with so they are not overwhelmed,  but more importantly I only have a limited time on this project and there are quick wins that I can have by using that old Microsoft Office SharePoint Server (MOSS) templates called “Intranet Publishing Portal Template” which was under the Publishing Tab for Creating Sites. Now in SharePoint Server 2010 that Template is not in the GUI under that Tab, however you can get to it and provision a site using that Template using PowerShell


I have seen a few conversations by folks in the community that I have great respect for taking the position of both using that Template for provisioning new sites in the SharePoint 2010 world v/s NOT using that Template and rather using the newer templates on Microsoft SharePoint 2010

Microsoft does have some guidance on it on the Technet Planning Sheet Sites


Pay attention to the last paragraph on the page which reads in part…

“Some Microsoft Office SharePoint Server 2007 site templates, such as the site directory, news, and collaboration portal templates, are not available as an option in SharePoint Server 2010…These templates are also still available as options in the UI if the SharePoint Server 2010 farm is upgraded from Office SharePoint Server 2007. Otherwise use the social tagging features in SharePoint Server 2010 to get much of the functionality provided in these templates”

How To

SO here we go…

If you are provisioning a Site Collection for an Intranet Site in SharePoint 2010 “I have seen” where folks use Templates out of the Tabs of either of the below two screenshots below. There are several food for thought as to using one over the other; one way is to start out with a Blank Site and just activate the features you need accordingly.


New SharePoint Site


New SharePoint Site

Powershell to the Rescue

So you can, with three (3) commands gain access to the Template that you had in MOSS, see below for the command and execution


Just to Verify; run the following command and look 9 from the bottom


To actually provision the site you need to run yet another PowerShell command as indicated below which identifies the template of choice with the other parameters needed.


And BoooYaaaH you have your Intranet Collaboration Site Created in SharePoint 2010 with all the starter sites at your disposal.



In Closing

Remember I told you. Microsoft does not have this in the GUI for whatever reasons which means that I did above is probably unsupported or has issues buried somewhere, or maybe not. The truth of the matter is that I dont know.

Use at your own risk

I welcome any questions, comments, rants 🙂



September 21, 2010 Posted by | PowerShell, SharePoint 2010, SharePoint Administration, SharePoint How-To, SharePoint Migration | Leave a comment

How To: Installation of SharePoint 2010 in a Small Farm Topology

Part1:  Full Installation on Small Farm up to Managing Service Applications

Synopsis:  This is a two part blog, I will be focusing on the General Installation and configuration, then I will discuss how to set up User Profile Services which I know gives a few folks he willies in part 2.

In this blog  we will run through the process of installing SharePoint 2010 in a small Farm Environment.  In this topology we have two servers and a Windows 7 Guest. The roles are below:

Server 1: VMWare Windows Server 2008 Standard

Role:  Domain Controller and Mail Server

Specs: Windows 2008 Standard 2048 MB Ram, 80 GB HDD

Server 2: VMWare Windows Server 2008 Enterprise

Role: SharePoint 2010 Server

Specs: Windows 2008 Standard 3072 MB Ram, 80 GB HDD

Additional Software: Visual Studio 2010 Professional

Workstation: VMWare Windows 7 Ultimate

Role: Guest

Specs: Windows 7 Ultimate 2048 MB Ram, 60 GB HDD

Additional Software: Microsoft Office 2010 Professional Plus, Visio 2010, Project 2010, Adobe Acrobat


The first thing that i advise clients and something that I do even for my environment is prepare whats know as a Farm Preparation Guide which details the Physical Architecture, Logical Architecture, Specs, Accounts Username and Passwords, License keys, etc. I also go as far and moving the installation bits locally on the server to reduce I/O.  Once I am satisfied, I run setup…


Above: Launching Setup


Once setup is launched, the very first thing you need to do is “Install software Prerequisites”

N.B. I thoroughly advise you to Uninstall any items that maybe on your computer that constitutes one of the prerequisites that you will be installing in this section I specifically call out “Windows Identity Foundation” which will blow up your installation if already installed. Click the link to install pre-reqs


Above: Splash screen with Options for Installation

Below are the items that will be installed as prerequsites for SharePoint 2010, if any of these fail, you MUST correct it before moving forward even though the installation may allow you to continue. I have seen instances where my “Microsoft SQL Server 2008 Analysis Service ADOMD.NET” failed to install and it allowed me to continue then blew up later on.  Click Next to begin…


Above: SharePoint Pre-Reqs


Above: Accept the Terms and Proceed


Above: Status Bar as the Pre-reqs are installed

Below here is an instance where I had a failure and I installed the Pre-Req directly by downloading it of MSDN and applying it myself, w/out doing it in the tool.  That is why you see that some of the items are set to “no action taken”


Above: All Pre Reqs installed

Next you need to provide the appropriate license key.  I am often asked if the build installs anything different based on the Key.  The answer is the build installs everything but features are disabled or not available based on the key, but can be later turned on by providing the necessary key.


Above:  Enter your License key here


Above: Accept the Terms…

Personally, I will tell you that I have NEVER chosen “Standalone”; I always do Server Farm, because I want the extensibility ‘yes even in my lab environment’ to add Servers and Roles Later on. So in this Instance I choose “Server Farm” and continued. 


Above: Options for Installation

Yeah, you want to select “Complete” here if you have your own instance of SQL already and want more options for configuration later on.


Above: Determining the role of the Server you are installing


Above:  Installation Progress

Once the Installation is complete (assuming that there is only one server in the Farm) if there are more than one server then stop here and complete the installation of the other servers and then run the “Products and Configuration Wizard” on the sever that will be doing Central Administration Duties.


Above: Once the installation of the bits are complete, the Configuration of the Farm Begins once you click close and the check box is enabled.

Make sure that you have your Farm Prep guide (previously mentioned in this post) with all your information before moving forward, you will need account names, server names, etc


Above:  This begins the configuration phase of the Farm

As part of the configuration, a few services has to be stopped and restarted.


Above:  Installation about to begin.

If this is the first server then you choose “Create a new Farm” if it isnt then you must choose the other.


Above:  Choosing whether you are creating our adding to a farm


Above:  My DC is also hosting my SQL Server

New to SharePoint 2010 is the concept of a Passphrase for configuration; this passphrase is used for such things as

  1. Adding additional severs to the farm
  2. Acting as the Public Key in your Secure Store Configuration
  3. etc


Above: Applying the passphrase

Here you will get a random port number to begin with, typically i use 9999 in my installations. and here is where you will choose NTLM or Kerberos as your authentication provider. If you are using Kerberos see this techNet article http://technet.microsoft.com/en-us/library/ee806870.aspx 


Above: Configuring SharePoint


Above: Configuring SharePoint


Above: Progress bar in part of the Configuration


Above: Configuration Complete

The next steps in the Configuration is done in the Central Administration page.  The wizard is pretty good here, I would highly recommend you use it, even for as much as going back afterwards and making changes to the Service Applications or deleting and/or recreating to suit your needs, it is invaluable in teaching you how the configuration should be


Above: the initial configuration page in Central Admin

Point to note here is that the Wizard driven configuration uses the Farm Account for all the Service Applications, you will need to go to the “Services on Server” or “Service Applications” themselves to change the relationship of the Default App Pool and Service Accounts to which you want to run your specific Service Application under. Obviously, before you do that you create your Managed Accounts first.



Above: the conclusion of the Wizard Driven Configuration


Above: Just a demonstration of what the Service Application and Service Account looks like

Next, I am going to register a few Managed Accounts to run some of my Service Applications. Things I want to run separately are:

  • User Consumable Web Application/ Sites
  • User Profile Service
  • Search/ Crawl
  • Secure Store

to name a few


Above: Registering a Managed Account


Above: Consuming that Managed Account for a specific Service Application


Below I am setting up all my Managed Account so you can see which ones i separate out


Above:  All the Managed Accounts that I configured. This assumes that you have these accounts configured in Active Directory

Below is an example of me changing not only the Managed Account but also the Application Pool that a Service Application runs under. I want my Secure Store Service to run under its own App Pool and its own Managed Account



Above: by NOT clicking on the word “Secure Store Service” but clicking on the blue bar between the words, then clicking on Properties in the Ribbon..


Above: This is the properties window of the Service App


Above: I am creating a new Application Pool and associating it with my Managed Account.


Above: the progress bar for the activity i am doing

Once completed you will see the display window below


Above: A successful change to a Service Application


Above: the new Properties window for the Secure Store Service Application

Conclusion and Prelude to Part 2 of the Blog

So after you finish the initial configuration and before you get into the Managed Accounts as I did, you are prompted to create a Top Level Site, you can either elect to do it or skip, choice is your; I omitted that from this blog for brevity. Next we will go into Configuring User Profile Service.


Hope this was useful, as always, comments, critiques are welcomed.


June 6, 2010 Posted by | SharePoint 2010, SharePoint 2010 RTM, SharePoint Administration, SharePoint General, SharePoint How-To | 21 Comments

How To: Create, Configure, Consume SharePoint 2010 Secure Store in Business Connectivity Services

Synopsis: I have seen quite a bit of confusion out there regarding how to use Secure Store Service for SharePoint 2010.  While MSDN does have interesting articles, there has been no Alpha to Omega process that shows the relationship to the LOB System, Security Groups representive of the BCS Consumers, BCS Access Account representive of the Credential Owner [Impersonated User], and how to wire it up in SharePoint Designer 2010. This blog hopefully will dispel all fears about Secure Store and answer a MSDN Forum question while at it.

UPDATE: – On 10/14/2012 I have added another blog post Series that will extend this post for SharePoint 2013 employing WCF, .Net Assembly and OData with SharePoint Apps see it HERE


The Blog is broken up into sections

  • Prep Work
    • Active Directory Users in Play
      • The Service Account I am selecting as the Impersonated User (Credential Owner)
      • The Security Group where all the people that will consume BCS Data will reside
    • SQL Server Security
      • Who has Access to What
  • Setup
    • Creating & Configuring the Secure Store Object
    • Creating & Configuring the External Content Type in SharePoint Designer 2010
      • Creating External Connection with Secure Store
      • Creating the External Content Type
    • Reviewing the External Content Type (ECT)
    • Reviewing the Security on the ECT
  • Test & Validation
    • Creating an External List derived from the ECT
    • Logging on as a User from the Security Group AND Secured in the permission setting of the ECT
    • Logging on as a User from the Security Group NOT Secured in the permission setting of the ECT

Part 1: Setup


Above:  This represents the AD Account [appBCSUser] which I will use as the Impersonated User i.e. the Broker if you will that will connect to the LOB system on behalf of the Group of people who should have access to the data but DOES NOT have access to the database. This is something your DBA will love because he doesn’t have a flurry of people having accounts on his/her DB.


Above: This represents the AD Security Group [SecureStoreBCSUsers] that have access or should have access to LOB Systems. You can of-course have multiple of these for any number of LOB Systems. Note here that Fabian and Hardeep are in this list, we will be the test users later on.


Above:  Lets look into CA now and set up our environment


Above:  Click Applications Management then Manage Service Applications


Above: We are interested in the Secure Store Service so we click it


Above:  We already have some there from previous Labs, but we will create a new one… click New


Above:  We create a Target Application ID [note this cant be changed once committed], Display Name which can be the Same App ID, and so on.


Above:  I populate the fields and choose “Group” as my Target Application Type. MSDN has a good explanation as to why you want to do that over other options. the Long and Short is that it allows me in this example to tie an AD Group FabianLab\SecureStoreBCSUsers to a single set of credentials i.e. the FabianLab\appBCSUser account. Ill show a few other options below


Above:  By default it wants to know how you will collect the credential of the Impersonated User in my case it is a Windows Account so this works.


Above: I change it around a bit for kicks by adding the word Testing infront of the default text


Above:  Here are a few other options that you can use. SSS is a Claims Aware SSO solution and can take in just about any Authentication Mechanism


Above:  So here because I only log on to CA with the Farm Admin Account, I set that as the target App Admin, however here is where we start to make the App Work for our design. In Members, you can see that i have my AD Group Account earlier. This means that I dont have to meddle with the SSS App anymore, just add and subtract from the AD Security Group.


Above:  It processes once i click OK


Above: Now i have a NEW SSS App, but wait you may ask… what about the Impersonated User.. we are coming to that…


Above:  We click on the custom actions available and select SET CREDENTIALS to set the Mapping for the Impersonated Users to the Group that we will Manage of “Allowed Users”…


Above:  Our trusty Silverlight App shows the progress of us opening a Dialog Pane


Above: The default look of the Credential Mapping


Above: I populated the values with my User Account previously mentioned in the AD Step

Part 2: Validation and Testing



Above:  So in SQL Sever you can clearly see that the only account that has Access to the Database “FabianPlayPen” is the AD User mentioned above right…


Above:  We create a new External Content Type by defining the name and Selecting External system to define our Connectivity


Above:  We choose SQL from the list of choices


Above: We define our SSO connection. One note here though in full disclosure, I had tried a few times to make this work and did a typo, so I re-did my SSS App and called it FabianLABSSSMSDNForumQ from what i had it last but the steps are the same.


Above:  Here you may or may not get challenged for credentials when you click OK. The credentials you put here are or should be your own; assuming that you are in that Security Group that will be mapped to the Impersonated User. If not, then you need an account in that Security Group List.


Above:  Once completed you will be able to connect to your LOB System, expand it and perform any operation allowable to you


Above: In our instance lets just create a FULL CRUD operation


Above: Validation that it is complete


Above: Click the “Save” button to push the ECT up to the BDC Metadata Store.


Above:  Now we can check a place where alot of Gotchas happen. Now one may assume that because they have access to the LOB system via the impersonated user and Group Mapping you are done… You’d be wrong, now you NEED to have permission to use the ECT and I already have mine set up by default under “Set Store Permission” to add myself, the search account, and my service account by default. You may need to put your security group here to make it seamless, but because i am doing demos and want it to break depending on my use case, i leave it fluid.


Above:  to do that, click the custom actions and select “Set Permissions”


Above: Do your business here by adding the users you want to have access. Here note that Hardeep doesnt have access while he IS a member of the Security Group.


Above:  Once done, now we can create our External List by choosing our ETC recently created.


Above:  Commit to the System and cross your fingers…. Voilla!


Part 3: UAT


Above: Logged on as Me…


Above: Logged on as Hardeep



Hopefully this helps you understand the mechanism of SSS, alot more can be done in Code using Visual Studio, have full all. Your comments and reposts are welcomed.

April 16, 2010 Posted by | Business Connectivity Services, Secure Store, SharePoint 2010, SharePoint Administration, SharePoint Designer 2010, SharePoint Development, SharePoint How-To, SQL Server | | 68 Comments

How does Tagging Work in SharePoint 2010 for MySites – Microsoft Forum Question

This post is to give illustration to a Microsoft Forum Question regarding Tagging pages and how it is represented in activity feeds that I see as an individual tagging items in my SharePoint environment, and also what my colleagues will see if they are following my activities.  I do not believe that you can see activity feeds in Outlook without code so i did not pursue it in this post



Above:  The question posed on the MS Forum


Above: A basic Site in SharePoint 2010 with me logged in (see upper RHS)


Above:  I click on “Tag & Notes” to tag this entire page as requested in the question. Please not the tool tip when I hover over “My Tags”


Above:  This is the Tag I created and saved off, note the Tag name and options available



Above:  My Tag is created and you can even see it under the suggested Tag Icon


Verification and Validation



Above:  I go to my MySite and go to my Profile



Above:  I am on the main page of my MySite Profile… I love the new look and feel very Facebooky.. is that a word..l


Above:  I click on Tags and Notes and I can see the Tag i just created as well as a few others i did for BCS External Lists…


Above:  I go to my mysite page as myself to demonstrate what i will see; obviously i see my colleagues updates…


Above:  I log in as one of my colleagues and as you can see “He” sees my activity roll; but not my tags. However I did not “as this individual” opted to share the came common interest, I wonder what would happen then?…

April 16, 2010 Posted by | SharePoint 2010, SharePoint Administration, Tags and Ratings | 6 Comments

Yet another area where External List Differ from “other” SharePoint Lists

So, i was playing around with a question I saw on a Microsoft Forum and i took it a step further.  The question related to ratings, tags, and MySites.  But what got me thinking was if you can do Ratings on External Lists; as i am finding out more often than not, although Microsoft claims that External Lists are Lists like all others, they are infact not.  In a previous post I determined that you are not able to use SPMetal to create a LINQ to SharePoint Class with connectivity to the List.  I have also determined as you can discern from the image below that you are also not able to do Ratings. See below for prosperity.




April 15, 2010 Posted by | Business Connectivity Services, SharePoint 2010, SharePoint Administration, Tags and Ratings | Leave a comment

Question: Not able to get Email Alerts when using an Email Enabled Windows Security Group in SharePoint 2007

I have a situation where I have an email enabled security group with individual users in it, this security group is added to a SharePoint group. Here are some known

  • I am using the Site Owner to Add Alerts on behalf of users
  • if you enter the email address a user into the "Send Alert To" field and click ‘check name’, it resolves to the User
  • if you enter the email address of the Security group into the "Send Alert To" field and click ‘check name’, it come back "No Matches Found", same if you go to the Browse Icon
  • If you try to create the alert anyway using the security group, it creates the alert but tells you that there is no email address associated with the security group
  • If  you just add the preferred name of the Security Group to the "Send Alerts To" field then it resolves; but it creates the alert but tells you that there is no email address associated with the security group


  1. I created a new Email Enabled Security Group and two Test users today
    1. Test user 2 is a member of the Email Security Group
    2. I am able to send emails to test user 1, test user 2, and the security group in Outlook
  2. I did a full import into SharePoint and they all show up WITH their associated Email Address in the Profile
  3. I added the Security Group [Add User] directly into the Site as a contributor
    1. Tried to setup an alert. you get what is in top bullet 3 and 4
  4. I added the Security Group to a SharePoint Group, then added the SharePoint Group to the Alerts; failed…

I pulled down a feature from CodePlex http://www.codeplex.com/AdvancedAlert and tried list number 4 above; failed, but if i added an Individual User to the SharePoint Group and did number 4, the individual user gets alerts

I saw this out there also.. tired it… failed http://blog.gavin-adams.com/2007/10/26/sending-alerts-to-groups-in-sharepoint-2007/



I found out that the Web Application Pool along with a few other accounts are Local Accounts


So the test/fix

· I created a new Web Application and used a domain account they had out there as the Web App Pool account

· I NOW am able to resolve the Security Group Email address

· I NOW can receive the initial alert email

· Once I added the Security Group to a Permission Group in SharePoint for the site (View, Read, Contribute) directly

    • I can receive security trimmed email alerts

Next we document and use the KB article 934838 to change the accounts in production

Tuck this one away people…

March 11, 2010 Posted by | SharePoint Administration, SharePoint Error/Resolution, Strange Stuff | Leave a comment

Glimpse into Mysites and the new Social Aspect of SharePoint 2010

Synopsis:  Just wanted to show off some of the slick features in the new SharePoint 2010 MySites and the brand new Social Aspect that comes with User Profiles and Tagging.



Above:  A look at your profile in SharePoint 2010, hmmm think about usability, it seems like I have worked with other social media products that have a similar structure and layout. I want to call out the status update bubble on my profile picture which your colleagues will be able to see upon updates. Also want to call out the “Ask Me About” section with bulleted items, these items are now Tags which will assist you in finding other people with shared skill sets and interest. Notice the “ My Organization Chart” also, pulled in directly for Active Directory or your ‘source of record’ for your profiles.



Above: A really slick Silverlight Application which allows you for lack of a better word “Fan” through your organizational structure as you would your music/video album; usability again.   This view as i clicked on Dave Chappelle are my direct reports.  Yes, I robbed the pictures from my Facebook friends profile pictures.  In this example, Dave doesnt have any direct reports to him. Notice fanned out left and right are my direct Reports Bart Tubalinal (@bart_tubalinal) and Hardeep Singh (@hardeepsinghm) my work colleagues in real life, obviously this image is not a true reflection of our internal structure …my disclaimer..



and how could I forget to display Jamar Wright (@jamarwright)  dude.. what was i thinking…


Above:  Notice however how Hardeep has people below him and how they are represented, in fact, how we are all represented in the Organization Chart.  Visually it is very appealing and structurally easy to navigate.


Above:  Calling out how the Organization Structure even at layers below is very transparent and easy to navigate.


Hope you like it.. it is really cool

March 9, 2010 Posted by | SharePoint 2010, SharePoint Administration, SharePoint General | , , | 8 Comments

How to Backup Solutions, Sites in SharePoint 2010 Beta using Central Admin and STSADM


So the idea here is to prepare to move my work I had in SharePoint 2010 Beta to Release Candidate.  I spent quite a bit of time in SharePoint Saturdays, Conferences, and just figuring stuff out just to ditch it as I upgrade my environment. That said, I wanted to backup as much as i can from my work especially my solutions i created for BCS and the LOB System Databases I used in my Demos. What I will outline below is the methods Out of Box (OOB) that you can use in SharePoint 2010 Beta [hopefully noting much changes in RTM, unless they make it better] to backup your solutions and web apps. I can certainly do this while i build out my next environment which will be after much consideration:

  • A Portable Solution i.e. my IBM Lenovo T61P Dual Core 2.33 with 8 GB RAM
  • Windows 7 x64 Professional
    • Virtual Box
      • One Host as Windows Server 2008 R2 Core
        • Active Directory
        • SQL Server
        • Some kind of SMTP Server
      • One Host as SharePoint Server 2010 RC
        • Squeeze Every Bit of Service App as possible on it
  • Office 2010 RC
  • Visual Studio 2010 RC

Step 1 – Identify the items you want to Backup/Preserve

I identified the following items to keep as i move forward with the some prioritization

  • Must Have
    • Backups of My Visual Studio Solutions as a part of a SharePoint Solution
    • Backups of my Content Database
    • Backups of my Other Databases for Demo Purposes
  • Nice to Have
    • Actual MDF and LDF from SQL because i am a meticulous person; some call it anal
    • The Solution Folder under My Documents for Visual Studio 2010, so I can have my code source files
  • Everything Else
    • All my files along the way worth saving especially drivers, pictures, sample docs to mess with

Step 2 – Perform the Backups in a few Flavors

Using Central Administration in SharePoint 2010 Beta

The first thin I did was to open Central Admin. For our purposes today we will be working with the “Backup and Restore” section; second column second row


After you click Backup and Restore you have a few options, we are actually going to use both of them so we can get the experience. Obviously that is overkill but this serves as a tutorial for us later on. First we will tackle the Farm Backup and Restore then the Granular Backup


Once you click “Perform a Backup” under “Farm Backup and Restore” you get the window below



First we will option to backup all the solutions we have created and at least have saved thus far in the Solution Gallery in SharePoint


Once you have finished selecting the files; in this case only solutions to backup. We also have a directory configured for the drop spot for for our backup files. We then will click next…


We can Monitor the process by clicking the Refresh Button/Link


We can see the processing is Preparing Below


Now the process is running


Finally, the process finishes…


Once we are done, we can inspect the results. Below you will see the status, elapsed time, and location.


Next we will backup using Full Backup process the Web App and all items for Port 80


See status below…





Below you will see the folders that are created by default when using the OOB tool and “Farm Backup and Restore”



The second option available to us in SharePoint 2010 Beta for backup is the Granular Backup which allows you to do a “Site Collection” backup. We have two SC’s under a managed path that we will backup.


I goofed with the nomenclature here below, but i wanted you to see the error handling now in SP 2010; very descriptive.


Once the SC is identified, you must provide a path and a File Name, unlike the previous method where you had to just determine the folder, here just as in STSADM commands, you must specify the file name.


Below you will see the Site Collections available; we did BCSAlpha first, now we do Charlie…




As you will note below; there is a backup file created for both BCSAlpha and Charlie


Next, just for show I will do the same backup by using STSADM commands. What i found interesting is that the file sizes were different using this method.  You should also notice the “SharePoint Root” folder is now “14”


And now for Charlie….


Next I opened up SQL Management Studio and made a backup of my Databases




There you have it….

March 1, 2010 Posted by | SharePoint Administration, SharePoint General, SharePoint How-To, SQL Server | 5 Comments