Rich Finn

Just completed applying the security rollups for WSS/MOSS to fix the Elevation of Privilege security vulnerability as well as fixing the daylight savings time change issues.  I followed Shane Young's post on performing the install and it was relatively painless and worked fine.  I did see the 'Failure to start service SPSearchServiceInstance...' warning during step 8, but running stsadm -o osearch -action start (as described on TechNet) after the configuration wizard completed restarted the Search service without any problems.

One thing I was a little confused about was the proper order of how to apply things in a farm because of the warning that pops up in the Configuration Wizard about needing to install the updates and run the Configuration Wizard on all other servers before the one currently being configured.  Shane describes his install for only one server, and Joel Oleson says that you need to install and run everything on all servers on his FAQ about the patches, but doesn't give any particular order.

I really don't think it the order matters, but here's what I did on my 2x1 farm (2 WFEs and 1 Application Server).  Central Admin runs on the App server.

1) Installed the executables on all servers.  The WFEs required reboots after each patch was applied.

2) Ran the Configuration Wizard on the App server.

3) Ran the Configuration Wizard on the WFEs.

I think that the only thing that matters is that the patches are applied to all servers in the farm before the Configuration Wizard is run anywhere.  Then it doesn't matter the order of the servers that you run the Configuration Wizard, just make sure you run it on all of them.

The Community Kit for SharePoint: Internet/Extranet Edition (CKS:IEE) is a tool that contains many useful pieces for both users and administrators of a publicly accessible SharePoint site and extends the already powerful Forms Based Authentication functionality of MOSS.

Here's the play-by-play for installing the CKS:IEE and creating an anonymously accessible Internet site that has FBA enabled for sub-sites using the CKS:IEE:

1) Go to the CodePlex site for the CKS:IEE project.

2) The CKS:IEE doesn't set up Forms Based Authentication so I needed to follow the post by Dan Attis: Office SharePoint Server 2007 - Forms Based Authentication (FBA) Walk-through - Part 1.  If you haven't set up Forms Based Authentication yet, this is THE post to follow, as it gets FBA up and running with minimal complexity. I set my site up with the Collaboration Portal template, rather than the Blank Site that Dan used in his post. 

Make sure you can browse to the site and login using the default MOSS FBA login page before you install the CKS:IEE solution.

3) Download FBAManagement.zip from the CodePlex site, extract all the files, and run deploy [your_site_url] from a command prompt.  The wsp will be added to the solution store, deployed to the site specified, and the features will be activated.

4) Edit the default page of your site, add the Login Web Part to the page from the FBA Self Management group on the Add Web Part dialog.
 

Set the Chrome Type on the Login Web Page to None.  This will hide the web part when a user is logged in.

5) I want to have the default page of the site be anonymous, so that when users go to the URL, they are presented with the home page, not the login page.  To set up anonymous access, I followed Bil Simser's post Enabling anonymous access in SharePoint 2007.  I had to close all browser windows after I followed Bil's steps to get it working right. 

When I went back to the site, here's what I saw:

You'll notice that everything is visible to the unauthenticated user. Document Center, News, Reports, etc.  When you first set up anonymous access, everything is accessible to the anonymous user, so you need to scale back the permissions on the sub-sites.  This is accomplished by editing the permission on the sub-sites, and then turning off anonymous access.

a) Break inheritance by clicking 'Edit Permissions' in the Actions menu of the Site Permissions list of the sub-site.

b) Click the Anonymous Access link of the now visible Settings menu.

c) Click the radio button to allow anonymous users to access nothing.

I did this for all subsites, and here's how it looked when browsed by an unauthenticated user.

The View All Site Content link is still there in the Quick Launch, but you can deal with that later when you set up your custom master pages and page layouts.

6) The Login Web Part understands the QueryString values that are present in the URL if the user is trying to access a page they don't have permissions to (ie: ?ReturnUrl=%2fSearchCenter%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252fSearchCenter&Source=%2fSearchCenter) This way you can have a page that is managed via CMS services, and when the user logs in correctly, they will be taken to the page they were originally trying to access. 

The first step for this to happen is to change the forms login page in the web.config for the site. Change the line

<forms loginUrl="/_layouts/login.aspx" />

to

<forms loginUrl="/Pages/login.aspx" />

Now, create a new page in the root site's Pages library named Login.  Add some text like 'You are trying to access a page with invalid permissions, please try again.' and add the login web part.  Should look something like this:

Publish the page. 

That's it! We now have a publicly accessible site with Forms Based Authentication that has a default page with anonymous access, and a login page that is managed by SharePoint with CMS content placeholders on it, rather than the flat out-of-box login page.

I plan on having posts that explain using the other web parts included with the CKS:IEE, and I'm also looking to put a custom workflow on the Site Membership Review List. So stay tuned...

Just received a nice little sting...

I love the Telerik Editor for MOSS, so I use it almost on every page.  I wanted to perform an upgrade to the 4.4.0.0 version, but I just got slammed by a big gotcha!

I've always followed the Telerik documentation for adding the editor to a page layout.  But I must say, after today, I don't agree at all!

When Telerik releases a new version of the RadEditor, they change the version number on the assembly, naturally.  The downfall of this is that because of the new version number, you have to go to every page layout and change the version number in the Register tag at the top of the page.  This stinks!

To keep yourself from having this same problem, place the control reference in the web config file of the sites that you are using the RadEditor.  This will allow you to update the control reference only once next time, not on every single page layout file.

This should be done for all Telerik controls used on page layouts...

Here's another little thing that might be worth doing:
The image browser in the RadEditor for MOSS doesn't allow you to traverse the site structure like the OOB MOSS RichTextEditor, therefore you can't choose images from the SiteCollectionImages library.  To fix this, open the editor's tools file (located at \Program Files\Common Files\Microsoft Shared\web server extensions\wpresources\RadEditorSharePoint\4.1.0.0__1f131a624888eeed\RadControls\Editor) and rename the ImageManager tool to MOSSImageManager.  Got this gem on the Telerik forum...

Bless me father, for I have silenced.  It's been 22 days since my last posting.

Ahhh... So I'm stoked that I now have some new ground to break! The last gig is just about up, and I'm getting ready to start on the next one.  This is one of my favorite points in a project.  The blank slate. The white canvas.

Looks like this one's going to be an Internet facing branding portal, where the client can provide advertising and marketing agencies with brand guidelines and product images.  The client previously used a graphics server product that was built by Adobe, but is no longer supported.  Equilibrium's MediaRich for SharePoint product looks like it's going to be a good fit in MOSS for the needs that the client has.

This client also has some interesting requirements around how a user is able to access the site, and it looks like the Community Kit for SharePoint: Internet/Extranet Edition Forms-Based Authentication solution is going to hit the mark pretty close.  We're going to need a custom workflow on the Site Membership Review List, but that should be fairly easy to integrate into the solution.

We're going to be doing some CMS with some heavy customizations, too, so that should be a lot of fun.  We've got a very talented designer that we're working with, and I can't wait to see how the final product is going to look.  From the comps I've seen, it's going to be very slick. 

I'm also looking forward to getting back to the blogging.  Being that we've got the CKS: Internet and MediaRich lined up, I'm hoping to document the process of the install and configuration, as well as the migration of client's digital assets from the old, unsupported Adobe product to the Equilibrium product.  Did I mention that the Adobe product is no longer supported? Well, it's not. Nice.

So, stay tuned.  I'm warming up a new VHD in my dev domain in the morning...