Clint Richardson's SharePoint Admin Blog

Thanks for attending my SPS Boston presentation on Security Hardening FIS.  During the discussion I referenced a few links that can help with your deployment.

Ports and Protocols visual diagrams

Stop using SP Farm!

The Demise of TMG

Information about SCW and Manifests

I hope you all had as much fun as I did at #SPSBOS.  Thanks again for coming out and supporting the community!

I had a great time this past weekend at SharePoint Saturday Cincinnati.  Thanks to everyone that sat in for my Voluntold admin session.  below you will find a link to my prezi and other info from the talk.

Voluntold admin – SharePoint admin 101

Info on aliasing to SQL

PowerShell to build your farm the right way!

New-SPConfigurationDatabase -DatabaseName SharePoint_Config -DatabaseServer <DB ALIAS> -AdministrationContentDatabaseName SharePoint_Admin_Content

Install-SPHelpCollection -All

Initialize-SPResourceSecurity

Install-SPService

Install-SPFeature -AllExistingFeatures

New-SPCentralAdministration -Port 8080 -WindowsAuthProvider "NTLM"

Install-SPApplicationContent

References:
Todd Klindt (script) 

Come on out this weekend and check out all the great presentations this weekend.  Registration and information. 

I am going to be speaking on the following:

Topic: Security Hardening SharePoint for Internet Sites

Description:
When deploying FIS (For Internet Sites) you have a whole new concern to address.  That concern is the real possibility of your site getting hacked.  This talk will focus on the exact steps to security harden your deployment.  Most of these concepts are foreign as they are not part of the common Intranet install.  I will cover these concepts at a high level and then dive in to the exact settings based on real world experience.

I hope to see you this weekend!

My company has been encouraging us lately to create content for the corporate blog.  I decided to step up and do a 3 part series on SQL Server 2012 and all its great new features.  Check the post out and let me know what you think!

Very excited to relay that I have been selected to speak.  This event is one of the largest SPS’s in the world.  I will be presenting a brand new session:

Topic:
“The Voluntold Admin”

Abstract:
You are the IT admin at Widget Global Mega Corp and your boss just returned from a trade conference. He is all fired up over this “SharePoint” tool everyone has been talking about. He wants you to get up to speed on it pronto. There is just one problem, you haven’t even touched this Sharedpoint Porthole thing?!?!

Never Fear! In this session we will start from the ground floor. I will filter out all the noise and show you exactly what you need to know to make your deployment a success. From concepts, to installation best practices, to daily maintenance. By the end of this session you will know exactly what it takes to deploy and admin SharePoint!

Don’t miss this FREE event.  Details can be found here.

This post is inspired by one I read yesterday.  It has to do with the 35k foot view of new features for the SharePoint admin.  What I have done is further condense the article into a bulleted list.  This can be used as a quick reference for custom meetings or just yours to have on hand.

Requirements:

• Minimum OS: Server 2008 R2 SP1
• Minimum SQL: 2008 R2 SP1
• Supports SQL and Server 2012
• CPU: 4 Cores
• RAM: 12GB (3-tier farm deployment)

General Info:

• DB Attach only upgrade method
• BDC, MMS, UPA, Secure Store, Search support DB attach upgrade
• Site collection level upgrade supported. DB is upgraded but site collection stay 2010 until testing is complete. Not just visual upgrade
• Web analytics now integrated with search. No longer its own SA
• Office Web Apps now its own separate scalable server farm product that SP consumes
• New Service Apps:
  • App MGMT Service
    • Manage SP app licensing and permissions
  • Work MGMT Service
    • Aggregate and synchronize tasks between multiple environments, such as Project Server, Exchange and SharePoint.
  • Translation Service:
    • On the fly translation from 1 language to another
• Supports PowerShell 3.0 and .Net 4.x Framework
• Claims based authentication is the default (classic mode can still be implemented via PowerShell)
• FAST Search is now baked in.
• User Profile Service has a new 1 way AD import mode. Full 2 way FIM UPS stays the same and is still available

SQL:

• SQL has always on HA/DR and improved I/O with SP 2013
• 7 DB have been deprecated in SP 2013
  • 4 Project related DBs
  • Search Property
  • 2 Web Analytics DBs
• 5 New databases
  • Project Service
  • Search Service Application Links Store Database Library
  • Search Service Application Analytics Reporting Store Database
  • App Management Service Database
  • Translation Service Database

I will be speaking this weekend at SPS Louisville. My topic is an expanded version of the one I presented at Cincy SPUG a few months ago. The topic is Security Hardening your SharePoint for Internet Sites deployments. I will cover some concepts and specific information then dive in with a demo. Come on out to this great free event. Information and schedule

The Issue:

• You try to delete search app via Central Admin and PowerShell but it hangs and will not delete the search application. If you run a Get-SPServiceApplication the ID is still listed.

The Fix:

• Run: stsadm -o deleteconfigurationobject -id “GUID of search app from get-spserviceapplication”
• This will delete the search app and allow you to create a new one.

First, thank you to CincySPUG for having me out on April 5th.  I had a great time speaking and talking with everyone afterward.  Also thanks to my company Ascendum for sponsoring the event.

HERE you will find my presentation and links to related tools referenced in the talk.

This talk was based on 3 tiers of a SharePoint FIS deployment.

Here are the bullet points:

TMG/Reverse Proxy

• Used to reduce attack surface area (I.E. A Firewall)
• Use Port bridging from a standard to a high port internally
• Never publish your actual internal URL
• Accept connections on a very limited number of standard ports (usually 80 and/or 443 only)
• Cache at Proxy or SharePoint NOT both
• Allow proxy to load balance your farm. Don’t relay to Windows NLB.

SharePoint

• Always alias to your SQL server via CLICONFG or SQL tools if installed
• DO NOT disableloopbackcheck.  Instead configure backconnectionhostnames INFO HERE
• Enable Windows Firewall if enterprise FW not available
• Use manifests from SharePoint Admin Toolkit to lock the machine down with Security Configuration Wizard
• Enable custom errors in web.config of all apps
• Disabled callstack and debug in web.config of all apps
• Set Anonymous policy at the web application level
• Ensure all service accounts have strong passwords
• All service accounts should be using least privilege method

SQL

• Run SQL service on a high static port
• Block port 1433 and 1434
• If you don’t block 1434 disable SQL browser service
• Enable Windows Firewall if enterprise FW not available
• Lock the machine down with Security Configuration Wizard
• Ensure all service accounts have strong passwords
• All service accounts should be using least privilege method
• Run SQL Server best practice analyzer

I will post the full presentation soon!