Tuesday, August 20, 2013

Site policies in SharePoint 2013

SharePoint sites rarely seem to be deleted even when they are not used anymore. This makes that the number of sites (and also the required space) can increase very quickly in a SharePoint environment. Site policies in SharePoint 2013 are designed to keep the number of sites in your SharePoint environment under control. It allows you to define through a policy when a site can be closed (and afterwards possibly deleted).

 You can define site policies for a site collection in the root site; these site policies are then available to all sites in the site collection. Go to Site Collection Administration and underneath the Site Settings section you will find the Site Policies page.  Although the documentation on MSDN - Overview of site policies in SharePoint 2013 -  states that there are 4 site policy options – the fourth one – run a workflow - is not available any more as this option has been removed in the final release – this leaves us with 3 options:
  1. Do not close or delete site automatically. This policy option specifies that the site owner must manually delete the site.
  2. Delete sites automatically. This policy option specifies that a site owner can close the site manually, but the site will be deleted automatically based on the deletion event settings specified.
  3. Close and delete sites automatically. This policy option has the same choices as the preceding setting, for deleting sites automatically, but it also enables you to specify how long after a site’s creation date the site will be closed.
Since site policies are defined at site collection, SharePoint provides a mechanism to push out site policies across site collections using the content type hub. For more details on this check out this excellent blog post  – Site policy in SharePoint 2013


Monday, August 19, 2013

SharePoint Server 2013 licensing and external users

 

Microsoft has introduced an important change in their licensing model for SharePoint 2013 by removing the need to acquire client access licenses (CAL) for external users in extranet and internet sites scenario. Yes, that’s correct no CALs are required for external users in SharePoint 2013. For some more info about licensing check out the links below:

Create a mapping to the SharePoint 2013 master page gallery on Windows Server 2012


SharePoint Server 2013 allows you to use your design tool of choice (Microsoft Expression, NotePad++, Dreamweaver, etc…) to create a new look and feel for your SharePoint 2013 environment (Check out this excellent post from Steve Peschka – Using Dreamweaver and Design Manager with SharePoint 2013 )

The look and feel of a SharePoint site is defined by a number of different artifacts and most of these are stored in the SharePoint master page gallery. One of the changes that Microsoft has introduced  to allow for this choice of design tools is to provide WebDAV support for the SharePoint Master Page Gallery (See Master pages, the Master Page Gallery and page layouts in SharePoint 2013 on MSDN for more background info)

If you are a SharePoint developer – you are probably working on the SharePoint Server itself (either Windows 2008 R2 or Windows Server 2012) and to make this integration available you will first need to activate the Desktop Experience feature on the server. On Windows Server 2012 this feature is visible underneath User Interface and infrastructure



After installing the Desktop Experience (this will require a reboot) you can simply open the SharePoint 2013 master page gallery in Windows Explorer.

Friday, August 16, 2013

Managing SharePoint Online with Powershell

With the release of SharePoint 2013 as part of Office 365, Microsoft has also introduced the ability to manipulate SharePoint site collections in the cloud using PowerShell. Before you can start with the SharePoint Online cmdlets you have to install them separately from this link - http://www.microsoft.com/en-us/download/details.aspx?id=35588 . This downloads allows you to run SharePoint Online PowerShell from any host machine. It only requires PowerShell v3 or v4. SharePoint does not need to be installed locally. To use  the SharePoint Online cmdlets, you must must be a global administrator in Office 365.
Once installed you can open the SharePoint Online Management Shell,  it is implemented as  a PowerShell module which also allows you to use it in another PowerShell editor by manually loading the required module Import-Module Microsoft.Online.SharePoint.PowerShell.
To establish a connection to your SharePoint Online tenant you will need to use the Connect-SPOService cmdlet (Remember that you must use the tenant admin site url as a parameter). This will fill up a static internal variable which will be used afterwards. You should clear this internal variable using the Disconnect-SPOService cmdlet.
    Connect-SPOService –Url https://yoursite-admin.sharepoint.com –credential ray.charles@yoursite.onmicrosoft.com



Once you are connected you can manipulate your SharePoint Online environment. There are only 30 cmdlets available in for SharePoint Online – to get a full list type the following command.
Get-Command –Module Microsoft.Online.SharePoint.PowerShell

All cmdlets start with SPO. Most cmdlets are related to site collection management, user and app management. All returned object are simple data objects and most of them are limited in functionality. 


Cmdlet name

                Description

Add-SPOUser

Adds an existing Office 365 user or an Office 365 security group to a SharePoint group.

Connect-SPOService

Connects a SharePoint Online global administrator to a SharePoint Online connection (the SharePoint Online Administration Center). This cmdlet must be run before any other SharePoint Online cmdlets can run.

Disconnect-SPOService

Disconnects from a SharePoint Online service.

Get-SPOAppErrors

Returns application errors.

Get-SPOAppInfo

Returns all installed applications.

Get-SPODeletedSite

Returns all deleted site collections that are in the Recycle Bin.

Get-SPOSite

Returns one or more site collections.

Get-SPOSiteGroup

Returns all the groups on the specified site collection.

Get-SPOTenantLogEntry

Retrieves SharePoint Online company logs.

Get-SPOTenantLogLastAvailableTimeInUtc

Returns the time when the SharePoint Online organization logs are collected.

Get-SPOUser

Returns the SharePoint Online user or security group accounts that match given search criteria.

Get-SPOWebTemplate

Shows all site templates that match the given identity.

New-SPOSite

Creates a new SharePoint Online site collection for the current company.

New-SPOSiteGroup

Creates a new group in a SharePoint Online site collection.

Remove-SPODeletedSite

Removes a SharePoint Online deleted site collection from the Recycle Bin.

Remove-SPOSite

Sends a SharePoint Online site collection to the SharePoint Online Recycle Bin.

Remove-SPOSiteGroup

Removes a SharePoint Online group from a site collection.

Remove-SPOUser

Removes a user or a security group from a site collection or a group.

Repair-SPOSite

Checks and repairs the specified site collection and its contents.

Request-SPOUpgradeEvaluationSite

Requests to create a copy of an existing site collection for the purposes of validating the effects of upgrade without affecting the original site.

Restore-SPODeletedSite

Restores a SharePoint Online deleted site collection from the Recycle Bin.

Set-SPOSite

Sets or updates the values of one or more properties for a site collection.

Set-SPOSiteGroup

Updates the SharePoint Online owner and permission level on a group inside a site collection.

Set-SPOTenant

Sets properties on the SharePoint Online organization.

Set-SPOUser

Configures properties on an existing user.

Test-SPOSite

Tests a SharePoint Online site collection.

Upgrade-SPOSite

Starts the upgrade process on a site collection.

There are no cmdlets available for managing SharePoint objects at a lower scope than the site collection. The following examples show you some examples of the more common cmdlets. To see a list of site collections associated with a subscription or to see the details for a specific site collection use the Get-SPOSite cmdlet. Use the following command to retrieve the details about a specific SharePoint Online site collection. You need to specify the –Detailed option to retrieve information about CompatibilityLevel,ResourceUsageCurrent,ResourceUsageAverage, StorageUsageCurrent,Webcount and the Title.
Get-SPOSite https://yoursite.sharepoint.com –Detailed | select *

A slight variation on the script above allows you to get usage data about all of your different SharePoint Online site collections. The use of –limit all allows you to get all of the SP Online site collection, standard it will only return 200.
Get-SPOSite –limit all –detailed | Export-CSV –path MyReport.csv

There is however a workaround for manipulating objects in SharePoint Online at a lower level using the SharePoint Server 2013 Client Components SDK which enables remote development against SharePoint Server 2013. The Client Side Object Model (CSOM) is an API which allows you to do remote development against SharePoint in a fashion quite similar to the way that you would program on the server (but it is a subset and therefore does not expose all of the same classes).  There are 3 implementations of this API  - one for .NET, one for Silverlight and one for Javascript and they are meant to replace the SharePoint web services. The .Net managed model installs a number of dlls (all using the Microsoft.SharePoint.Client.* namespace) underneath

C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI.
The next sample code shows how you can use these assemblies from Powershell which allow you to do a lot more with PowerShell and SharePoint Online.



$loc = "C:\Powershell" # Location of DLL's

$siteUrl = "https://yoursite.sharepoint.com"

$loginname = "ray.charles@yoursite.onmicrosoft.com"

 

Set-Location $loc

 

Add-Type -Path (Resolve-Path "Microsoft.SharePoint.Client.dll")

Add-Type -Path (Resolve-Path "Microsoft.SharePoint.Client.Runtime.dll")

 

Write-Host "Please enter password for $($siteUrl):"

$pwd = Read-Host -AsSecureString

$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)

# Authenticate against SharePoint Online

$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($loginname, $pwd)

 

 

$web = $ctx.Web 

$ctx.Load($web) 

$ctx.ExecuteQuery() 

 

Write-Host " Current web title is '




$($web.Title)', $($web.Url)"
 

In the next blogpost I will show some additional examples of how you can use PowerShell in combination with the SharePoint CSOM.

 

Wednesday, August 14, 2013

Multilingual User Interface and Language Packs for SharePoint Server 2013


The Language Packs for SharePoint Server 2013 are now also publicly available for download (and not only from MSDN as in the previous months) – go to Language Packs for SharePoint Server 2013 [English] and select the appropriate language in dropdown. Also take a look at Install or uninstall language packs for SharePoint Server 2013 before performing the installation. Remember that you are no longer required to first do an installation of the SharePoint Foundation language packs.


From an end-user perspective there is a big change with regards to the multilingual interface. In SharePoint 2010 an end user could quite easily switch his language using the language picker in the top right of the page (See Multilingual User Interface in SharePoint 2010 for more details).
Unfortunately this is not the case anymore for SharePoint 2013. By default a SharePoint site for which alternate languages are defined will be shown in the language which is defined in the browsers language settings. A user can however change this by editing  his SharePoint user profile – Select About Me (in the top right corner), Edit Profile and next expand the tab menu by clicking the 3 dots and select Language and Region. In the next screen a user is able to select his preferred display language.


Once a user has selected a specific language – the following elements in the user interface will be translated (as shown with the French display language below)
  • The standard SharePoint menus e.g. the ribbon are translated
  • Navigation menu’s also support multilingual scenario’s with the MUI – if you switch your language and translate specific menu nodes in your navigation – these changes are language specific.
  • The headings for list and site columns
  • The managed metadata field type also supports multilingual scenario’s.


In my opinion this is making things way to complicated for end users and we will probably need some other workarounds for automatically setting the display language of a user since the majority will not find these menu options.

Using Information Rights Management in SharePoint Online

With the new Office 365, Microsoft has introduced a new functionality to secure documents using Information Rights Management (IRM) services. It is a persistent file-level technology that stops sensitive information from being printed, forwarded, downloaded or copied by unauthorized users. In Office 365 IRM is available as part of the Enterprise E3 and E4 plan or the Academic Plan 3 and Plan 4. The functionality is similar to Windows Right Management Server (RMS)  – see http://technet.microsoft.com/en-us/library/cc771234(v=ws.10).aspx for more details about RMS in an on premise deployment. When documents are downloaded from an IRM protected SharePoint document library, the supported file types carry the restrictions (in the form of an IRM license) along with the document as part of its content. Supported file types also include PDF next  to the standard Office file types in SharePoint 2013. The IRM protected files are encrypted and rights are restricted to the authenticated user who downloaded the document. IRM protection of PDF files is an extension to the existing ISO 32000 standard (See Microsoft IRM protection for PDF specification for more details) and needs to be implemented by the PDF readers – for the moment it is supported by FoxIT PDF line of products. To be able to use Information Rights Management (IRM) or Windows Azure Rights Management Services (the commercial name for IRM) in SharePoint Online there are 3 major steps required:
  1. First enable Windows Azure RMS on Office 365 level – see Office 365 – Use Right Management Services. RMS is a shared service which can be used by Exchange Online and SharePoint Online and needs to be enabled at tenant level. It is not default enabled.
  2. Next Set up Information Rights Management (IRM) in SharePoint admin center (Office 365). If you get an error here saying “Error: RMS Online is not enabled for this tenant, please contact Office 365 to enable.” – you probably forgot step 1.
  3. Finally configure Rights Management on specific Document Libraries in SharePoint Online.
The IRM permissions map to SharePoint permissions on the document library as outlined in the following table
SharePoint Permissions IRM Permissions
Manage Permissions
Manage Web
Full control of the documents. This allows the user to read, edit, copy, save and modify permission of the document
Edit List Items
Manage List
Add and customize pages
Edit, copy and save permissions. The user can print the document only if the document library IRM settings are configured to allow document printing
View List Item Read permissions. The user can read the document but not copy or edit its content. The user can  print the document only if the document library IRM settings are configured to allow document printing
All other permissions Not applicable, no corresponding IRM permissions
In the IRM permissions can define additional options such as specifying whether documents that do not support IRM protection can be uploaded to the library and whether or not the document can be viewed in the browser. You can also configure additional document access rights which includes rights to print, run scripts to enable screen reader or enable writing to a copy of the downloaded document. The group protection and credential intervals determines the caching policy of the license that applications will use to open the documents. You can also enable sharing of the downloaded documents with users in a specified group.



Before you start implementing IRM in SharePoint Online you should carefully plan for it and define specific usage scenario’s for it since it is not meant to be activated on all information in discriminatory – ask yourself some of the following questions:
  • Which business areas use sensitive information which is frequently exchanged?
  • What needs to be protected (Office documents, e-mails, CAD design drawings, etc ..)
  • How will security policies by applied and how will enforce and control that procedures are being followed.
The introduction of IRM should be part of an overall information architecture and should be viewed upon at as part of a risk management strategy – ask yourself what would be the impact and consequence of information ending up in the wrong hands…
References: