SharePoint (2003 thru Online): October 2015

Friday, October 23, 2015

Clearing Logs in SharePoint 2010 Front End Server

Clearing Logs in SharePoint 2010 FE Server

We have two different logs. One from SharePoint and one from IIS.



SharePoint 2010 Logs:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS

IIS Logs:
C:\inetpub\logs\LogFiles 

The logs grow enormously and occupy most of the drive space on the Front End Server. This may affect the performance of the Server as all the Transactions are looped thru it.

To control the log files growing, we want to create Scheduled Tasks to delete the logs older than 4 days.

1. Delete SP Log more than 4 days

Created a VB Script file with below code and placed it in a Folder "Scripts" folder on C:\ Drive.

'DelSPLogs.vbs - August 19, 2013
'Venugopal Reddy Gurram
'Deletes SharePoint Logs more than 4 days

Dim i, fso, f, f1, sf, BasePath, CalcResult, fNameArray()
BasePath = "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS"
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFolder(BasePath)
Set sf = f.SubFolders
For Each f1 in sf
     CalcResult = DateDiff("d",f1.DateCreated,Now)
          if CalcResult > 4 then
                ReDim preserve fNameArray(i)
                fNameArray(i) = f1.Name
                i = i + 1
        end if
Next

For Each fName in fNameArray
    FSO.DeleteFolder(BasePath & "\" & fName)
Next


2. Delete .usage Files more than 4 days.

We need to perform this activity manually.

Stop the "SharePoint 2010 Timer" service and start deleting the usage files in below folder.

SharePoint 2010 Logs:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS

Once Completed deletion, start the "SharePoint 2010 Timer" service

Thursday, October 22, 2015

List of all user/group rights for a SharePoint Web Application


The following T-SQL command will list all user/group rights defined for all site collection of web application -- Query to get all the users assigned to roles 


SELECT DISTINCT
CASE WHEN PATINDEX('%\%', FullUrl) > 0 THEN LEFT(FullUrl, PATINDEX('%\%', FullUrl) -1) ELSE FullUrl END AS [Site],
Webs.Title,
Webs.FullUrl,
Perms.ScopeUrl,
UserInfo.tp_Login As Account,
CASE WHEN UserInfo.tp_DomainGroup>THEN NULL ELSE UserInfo.tp_Title END ASUsername,
CASE WHEN UserInfo.tp_DomainGroup>THEN UserInfo.tp_Login ELSE NULL END AS [ADGroup],
NULL AS [SharePoint Group],
Roles.Title AS RoleTitle,
Roles.PermMask
FROM
dbo.RoleAssignment
INNER JOIN dbo.UserInfo ON RoleAssignment.SiteId = UserInfo.tp_SiteID AND UserInfo.tp_ID= RoleAssignment.PrincipalId
INNER JOIN dbo.Perms ON Perms.SiteId = RoleAssignment.SiteId AND Perms.ScopeId =RoleAssignment.ScopeId
INNER JOIN dbo.Roles ON RoleAssignment.SiteId = Roles.SiteId AND RoleAssignment.RoleId= Roles.RoleId
INNER JOIN dbo.Webs ON Roles.SiteId = Webs.SiteId AND Roles.WebId = Webs.Id
WHERE
Roles.Type<>AND tp_Deleted=0
UNION -- Query to get all the SharePoint groups assigned to roles
SELECT DISTINCT
CASE WHEN PATINDEX('%\%', FullUrl) > 0 THEN LEFT(FullUrl, PATINDEX('%\%', FullUrl) -1) ELSE FullUrl END AS [Site],
Webs.Title,
Webs.FullUrl,
Perms.ScopeUrl,
UserInfo.tp_Login As Account,
CASE WHEN UserInfo.tp_DomainGroup>THEN NULL ELSE UserInfo.tp_Title END ASUsername,
CASE WHEN UserInfo.tp_DomainGroup>THEN UserInfo.tp_Login ELSE NULL END AS [ADGroup],
Groups.Title AS [SharePoint Group],
Roles.Title AS RoleTitle,
Roles.PermMask
FROM
dbo.RoleAssignment
INNER JOIN dbo.Roles ON RoleAssignment.SiteId = Roles.SiteId AND RoleAssignment.RoleId= Roles.RoleId
INNER JOIN dbo.Perms ON Perms.SiteId = RoleAssignment.SiteId AND Perms.ScopeId =RoleAssignment.ScopeId
INNER JOIN dbo.Webs ON Roles.SiteId = Webs.SiteId AND Roles.WebId = Webs.Id
INNER JOIN dbo.Groups ON RoleAssignment.SiteId = Groups.SiteId AND RoleAssignment.PrincipalId = Groups.ID
INNER JOIN dbo.GroupMembership ON GroupMembership.SiteId = Groups.SiteId AND GroupMembership.GroupId = Groups.ID
INNER JOIN dbo.UserInfo ON GroupMembership.SiteId = UserInfo.tp_SiteID AND GroupMembership.MemberId = UserInfo.tp_ID
WHERE
Roles.Type<>AND tp_Deleted=0

Audit Permission changes in a Site Collection


By default security changes are not audited. To enable auditing in SharePoint 2007:
  1. Select Site Actions + Site Settings + Modify All Site Settings at the site collection root site.
  2. Click the Site collection audit settings link.
  3. Select the Editing users and permissions option:
Audit1
Once turned on, changes to permissions on sites, lists and items will be audited. To view the audit log:
  1. Click the Audit log reports link on the “Site Settings” page for the site collection.
  2. Click the Security Settings link:
Audit2
This will open the audit log in an Excel spreadsheet. The following example shows a summary showing a single security change resulting from a breaking of permission inheritance:
Audit3
____________________________________________________________________________________________________
By default security changes are not audited. To enable auditing in SharePoint 2010:
  1. Select Site Actions + Site Settings at the site collection root site.
  2. Click the Site collection audit settings link under Site Collection Administration.
  3. Select the Editing users and permissions option:

Once turned on, changes to permissions on sites, lists and items will be audited. To view the audit log:
  1. Click the Audit log reports link on the “Site Settings” page for the site collection.
  2. Click the Security Settings link:
     3. Select the File Save Location to save the Excel sheet.


This will open the audit log in an Excel spreadsheet. The following example shows a summary showing a single security change resulting from a breaking of permission inheritance:

Friday, October 2, 2015

SharePoint 2013 Installation


Issue 1:
During Installing SharePoint 2013 Prerequisites there was an error in installing Application Server Role , Web Server (IIS) Role : Configuration error

Steps to fix (Installing .Net Framework 3.5):
  1. Insert the Windows Server 2012 installation image or DVD
  2. Open a command prompt window (run as Administrator) and run the following:
  3. Dism /online /enable-feature /featurename:NetFX3 /All /Source:D:\sources\SxS /LimitAccess
Note: D:\ is a Label for CD Drive in my case where Windows Server 2012 ISO image.

Make a copy of ServerManager.exe and rename to ServerManagerCMD.exe - leave the copy in System32 folder.

or

rename the file C:\windows\System32\ServerManager.exe with ServerManagerCMD.exe 
and low and behold - it now works