Friday, August 15, 2014

Configuring Global Registration Fields in Extranet Collaboration Manager (ExCM) 2013


Registration is one of the core concepts in Extranet Collaboration Manager 2013. There are two types of registration; Anonymous and Invitation. The most common, by far, are the Invitation Registrations. You send an e-mail to a potential new user, they click on the Registration link provided and they are taken to the custom Registration Page on your site. Here is an example:




This page can be completely customized to capture the data you want from your users.  In the example above, we are capturing the following (field type in parentheses): 

·        First Name (Text) 

·        Last Name (Text) 

·        Company Name (Text) 

·        Job Title (Text)

·        Phone Number (Text) 

·        Zip Code (Text) 

·        Captcha (Captcha) 

·        Site Policy (Policy)
 

In addition to the field types above, you can also implement the following field types: 

·        Description – Provides a way to enter lines of text for descriptive or informational purposes 

·        Choice – Presents selections as either a drop down, radio button, or checkbox 

There are two ways you can edit the fields that appear on the Registration Page: by Site Collection via the User Interface (UI) and globally via the web.config file.  In most cases, you will want to capture certain fields on every site (First Name, Last Name, Company Name, etc.), so it makes sense to configure those globally and add the more specialized fields (Captcha and Policy) via the UI.  However, what if you were running ExCM on hundreds of sites?  It would be very time consuming to go into each site and configure the additional fields.  In that case, you would want to choose the common fields for ALL your sites and configure them globally.  In this blog, we will look at how to configure all the field types globally via the web.config file. 

First, let’s take a look at the area in the web.config file for the content site where the global Registration fields are declared.  Here is the provided tag example from our help site:
 
 
This example includes First Name, Last Name, Company Name, Job Title, and Phone Number by default, and all are of the type “text” marked as “required” with the following elements: 
fieldType="Text"
isRequired="true" 
The “name” of the field (how it will appear on the Registration Page) is declared in this way: 
add fieldName="First Name" 
Now, let’s take a look at how to add the additional field types here in the web.config file so that they are available globally.  First, here are examples of the remaining three types:
Description
<add fieldName="Description" fieldType="Description" description="Enter the characters you see." />
 
Captcha
<add fieldName="Captcha" fieldType="Captcha" isRequired="true" imageStyle="Basic" />
where imageStyle="Basic\GreenDiagonals\PurplePlaid"
 
Choice
<add fieldName="State" fieldType="Choice" isRequired="true" displayType="DropDown" options="AL,AK,AS,AZ,AR,CA,CO,CT,DE,DC,FM,FL,GA,GU,HI,ID,IL,IN,IA,KS,KY,LA,ME,MH,MD,MA,MI,MN,MS,MO,MT,NE,NV,NH,NJ,NM,NY,NC,ND,MP,OH,OK,OR,PW,PA,PR,RI,SC,SD,TN,TX,UT,VT,VI,VA,WA,WV,WI,WY" />

Policy
The Policy field is a little more complex because it typically contains HTML content, which is invalid in an XML attribute.  As a result you, we will need to add the policy message content to a resource file (.RESX) and place it in the App_GlobalResources directory of the IIS site.
<add fieldName="Policy" fieldType="Policy" policyLabel="Resources:mycompany,RegistrationField_PolicyLabel" policyMessage="Resources:mycompany,RegistrationField_PolicyMessage" />
We have provided a zipped collection of files for use with Global Policy Fields that can be downloaded from here:
In it, you will find the following files:
 

Note that I have also used “ACME” in the sample config files to remain consistent with the blog post.  In your case, you will basically want to replace all instances of “ACME” with your company name.
The first is the resource file itself.  This is where we will enter the HTML changes we want to make for the Policy Field. The next is a sample anonymous master page that I will use for this blog.  In my environment, I have Anonymous Access turned off on both my Web App and IIS for this site, so I will need to reference this anonymous master page to allow the users to see the Policy Field.

The third is a text file that simply contains the HTML portion of the resource file to make editing easier.  Decoded, it looks like this:



The “policy_web_config” file is the Policy Field tag that will need to be added to the content site web.config file for the Registration Field as mentioned earlier: 

<add fieldName="Policy" fieldType="Policy" policyLabel="Resources:ACME,RegistrationField_PolicyLabel" policyMessage="Resources:ACME,RegistrationField_PolicyMessage" /> 

Finally, “PrivacyStatement.aspx” and “ServiceAgreement.aspx” are sample files we can edit to suit our needs.  For the purpose of this blog, we will only configure the Service Agreement.  The configuration of the global Privacy Statement would follow the exact same steps.
The first thing we need to do is create a folder in the 15 hive to store our custom Policy.  By default we would create it here: 

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\TEMPLATE\LAYOUTS 

In this case, I will create a folder named “ACME”:
 
Once it’s created, we need to copy the following files from the zip file into our new directory:
 
Now we need to edit the “ServiceAgreement.aspx” file to reflect our customizations.  I have highlighted the areas I changed below:
 
 
The first change I made was to reference the “anonymous.master” master page due to my environment configuration.  Next, I gave the header the name “ACME Service Agreement,” and did the same for the PageTitle and PageTitleInTitleArea tags.  Finally, I put a very brief custom agreement in the “descriptiontext” tag.

Next, let’s make the necessary edits to the included resource file.  The area we are looking for is at the bottom of the file:
 
The full text as it appears there is as follows:
data name="RegistrationField_PolicyLabel" xml:space="preserve">
    <value>I accept</value>
  </data>
  <data name="RegistrationField_PolicyMessage" xml:space="preserve">
    <value>Clicking &lt;STRONG&gt;I accept&lt;/STRONG&gt; means that you agree to the &lt;A href=&quot;javascript:ShowPopupDialog(&#39;/_layouts/ACME/ServiceAgreement.aspx&#39;)&quot;&gt;service agreement&lt;/A&gt; and &lt;A href=&quot;javascript:ShowPopupDialog(&#39;/_layouts/ACME/PrivacyStatement.aspx&#39;)&quot;&gt;privacy statement&lt;/A&gt;. </value> 
  </data>
 
Notice I have simply changed the path from “/SPSolutions/ExCM” to reflect our newly created folder “/ACME.”  Once the changes have been saved, we just need to copy the resource file to the “App_GlobalResources” directory under our content site:
 
The final step is to add the Policy Registration Field in our web.config file using the “policy_web_config” example from the zip file.  This will make it globally available to all Site Collections in our Web App:
 
In addition, I will also go ahead and add the rest of the global field types we mentioned at the beginning of this post:
 
Now we’re ready to take a look at the update Registration Page with our Global Fields:
 
And here is how our customized Service Agreement now appears:
 

As mentioned earlier, you can follow the same steps to also customize the Privacy Agreement.

Tuesday, July 29, 2014

Configure ExCM Password to Meet Corporate Complexity



One of my favorite help desk stories is the lady that was attempting to use “DocDopeySneezySleepyGrumpyBashfulHappy” as her password. When asked about it she stated, “Because it had to include 7 characters.”



These days, you would at least need to throw Snow White in there as well because most places require at least 8 characters… and do not get me started on alpha numeric and at least one special character with no repeating characters!
As an IT guy, I have been the recipient of a tongue lashing from a few “less-than-happy” end users, when I informed them that the password they were attempting to use does not meet their companies’ complexity policy. I have also spent the better part of 20 minutes informing a user that the word “Window” does in fact have a repeating character in it. Wouldn’t it be easier if we did not have end users passwords? But I do not think that either is going away anytime soon, so the best we can do is make it as easy as possible (or, at the very least, less likely that users will call us with password issues).

In this article, I will walk you through how to lock out a user after a certain number of unsuccessful attempts, how to change the length of time that a user has to attempt a password, and how to configure ExCM to enforce your company’s password policy. Before continuing with these steps, ensure that you have at least read and hopefully implemented our steps on Enabling User Automation as these steps give you even more options when it comes to password security.

To begin, you need to navigate to your ExCM web app’s web.config file. To do so, open IIS Manager by typing “INETMGR” into a command prompt. Once opened you will need to navigate to the IIS site for the extranet web application. Go ahead and make a backup copy of the web.config file by right clicking on it, choosing copy and paste it into the same directory. Now that we have an “Uh-Oh” copy, let’s open the web.config file.


The first change that we are going to make is the number of tries a user gets before the account is locked out. To do so, we need to do a search for the text “maxInvalidPasswordAttempts="10"”.  It should be in the membership “defaultProvider” section. By default this value is set to 10, which would give the user 10 attempts.


If Acme Corporation had a requirement of 3 invalid attempts before being locked out, and that is the only change we need to make, it would look like “maxInvalidPasswordAttempts="3”. Then, we could just save our web.config file and test it using a test account. (FYI, it is not wise to test using your admin account as you will need this account to unlock the user… not that I have ever done that. Or if I did, it was only to show you what not to do.)

However, I am not done just yet. Let’s say that I also want to adjust the amount of time that a user has to make their attempts to log in. By default the user gets 10 tries in 10 minutes. If you were making changes along with me, your user would now have 3 attempts in 10 minutes.

As most of the bots that we are trying to protect against would likely make more than one attempt a minute, it is probably safe to drop this number down as well, so the user can try again quickly without getting locked out. (Please note that users have the ability to reset their own passwords, so unless there is a regulation against it, I suggest giving users a higher number of attempts than configured in these steps, and allowing them to reset their passwords once they have exhausted their guesses.)

To adjust the time allowed for guessing a password, we will search for “passwordAttemptWindow=”10”” and just as before, we will change that number to match the number of minutes to which you would like to change the window.

 

Now that we have narrowed the number of attempts and how much time users have to attempt to enter their password let’s also ensure that the password cannot be guessed within the first few tries by making certain that the ExCM password meets your company’s password policy.

On the registration screen, when users first type in their password, they are presented with a strength meter that indicates if the password meets a predefined complexity level. By default, ExCM checks to see if there are 6 characters. To change this we need to navigate back to the same web.config file and search for “minRequiredPasswordLength=“6””. (It should be found in the same section as the last two steps.) As before, simply change the “6” to the number of characters that your complexity policy requires. Save the file and this will satisfy your length

 

Unless you are collaborating with psychics (and possibly even then), you may want to find a way to inform your users of what the password should look like before they (not the psychics) get frustrated at trying to figure out your complexity policy. With the web.config file open, do a search for “passwordMessage”.


Make sure to adjust this message to fit your complexity policy as well as update the “passwordExample” as these will display on the registration screen to help guide your users into selecting a secure password that satisfies your organization’s password complexity policy.

Thursday, July 17, 2014

Create Random String in InfoPath Form


     A question came up in class this week during our SharePoint 2010 InfoPath and Workflow Deep Dive.
     How do we create a random string in InfoPath?  The background is that one of the students wants to use an InfoPath form for access requests.  The form would submit to a SharePoint Library which would then e-mail the approver.  A confirmation code would be created by the form and forwarded to the user once the request was approved.
     Well, unfortunately there is not a function that will allow us to magically create a random number so we're going to have to put some effort into creating a pseudo random string.

SharePoint Site Provisioning and Governance Assistant Free Edition 5-minute Feature Video


Aaron Wood, our Manager of Software Engineering and Support, created a 5-minute video to highlight the features you get with SPGA Free Edition.

(FYI, there is truly no "catch" with SPGA Free Edition.  We would like to see more companies benefiting from automated SharePoint site provisioning (with proper governance) and have decided to adopt a "Freemium" model from here on out with the product.  If the Free Edition features are all you need, then you can install and use the product on-premises with free permanent license key(s), forever.  And yes, you can run it on multiple servers in a farm.  And yes, we do sell annual support agreements, for professionally-staffed ticket-based technical support, for those companies that desire to have paid support on the Free Edition.)

Here is the video:


Sunday, July 13, 2014

Using SPGA’s Governance Features – Automating Change Requests, such as Adding Users to SharePoint Groups



The letters SPGA stand for Site Provisioning and Governance Assistant. There is certainly a lot of governance that is covered in the initial site provisioning process, such as always having proper approvals, and having the sites stamped out to your exact specifications each time without failure. To paraphrase something SharePoint MVP Dan Holme said at SPC 14:

If a policy isn’t enforced by the technology, it’s not a policy, it’s a guideline.
 
This is exactly what SPGA does, it uses technology to enforce your governance standards. While most purchase SPGA for its ease of site provisioning, while maintaining those governance standards, what about activities that occur post-site creation (i.e. end user change requests)?
The single most important post-site creation item that comes to mind for most organizations, would be adding users to groups. If you care about governance in your environment, you probably have some policies regarding who gets access to what. If you allow your users access to maintain their own groups, how is the technology enforcing those policies? It’s probably not, so they are just guidelines.

Here are a few top benefits of using SPGA to manage your group membership:
  • Your SharePoint environment will be more secure than ever because you can now easily ensure that you’ll never have unauthorized access to a site
  • For the first time ever, you can use approval workflows to approve security modifications.
  • You can finally answer the previously unanswerable question, “how did user X get access to the HR site?” 
This article will detail how to create a SPGA Request Profile, for adding users to groups on their site.
Besides the governance process mentioned above, I’ll give you two more benefits of using SPGA to add users to groups. First, how many times are your SharePoint administrators called because a site owner has removed their own access to the site trying to modify permissions? I’ve been there, I know it happens. Managing permissions in SharePoint can be complicated to those that don’t manage permissions frequently.

Monday, July 07, 2014

SharePoint Site Provisioning and Governance Assistant (SPGA) Free Edition - Installation and Demo Video


A couple of weeks ago, we released the Free Edition of SharePoint Site Provisioning and Governance Assistant (SPGA 2010 and 2013).  You can read about it here if you missed the announcement.

We also recorded the webinar that we recorded last week about the new product.  Here is a 30 minute excerpt that we uploaded to YouTube that gives you a quick overview of the product and an actual installation and usage demo.  The live demo starts 3 minutes and 10 seconds into the clip:


Friday, June 20, 2014

Synchronizing SharePoint Managed Metadata with External Business Data


The primary gap in SharePoint 2010 and 2013 Managed Metadata Service Application is the lack of ability to synchronize the Term values in a Term Set with an external business data source (No, you can't do this with the out-of-the-box Business Connectivity Services feature).

For example, if you could automatically on a schedule, synchronize a Vendors Term Set with the Vendor names that exist in your Purchasing system's database, this would allow you to:

  1. Assign the appropriate Vendor name to a SharePoint document, such as a contract, that relates to that vendorAs I noted in my article earlier this week, assigning metadata values to documents in SharePoint can really improve findability of documents.  (If Vendor names is not the best example for your organization, how about Customer names, or Product names, or Facility names, etc?)
  2. Rely on the existing business process to keep the Term values up-to-date because the external system (Purchasing system in this case) is maintained by the appropriate individuals that handle that part of the business.

Enterprise-ready SharePoint Self-Service Site Collection Creation for FREE


In previous posts, I discussed the pain involved with creating new site collections in an enterprise environment.  There was a tease in my last post about a free solution for this.  We've been excited about this for several months and it's finally here.  Site Provisioning and Governance Assistant - Free Edition is now available from PremierPoint Solutions.

Enterprise ready SharePoint self-service site collection creation for free
SPGA Free fills all the deficiencies with both manual site collection creation and SharePoint's self-service site creation

With SPGA Free, administrators define the types of sites available for request, along with other optional parameters, such as who to assign as site collection administrators, where the site goes in your farm, and which quota template should be used.  Those optional parameters can also be directed by the information completed in the request form if you choose.  Your users have a place to easily fill out a form and start the process.  Standard SharePoint approval workflows may be used to ensure proper approvals are obtained prior to provisioning.

This is very exciting news for SharePoint administrators.  Best of all it is completely free, and you can get it installed, configured, and provisioning sites in less than an hour.  

I really think this could be a real game changer for SharePoint administrators and users everywhere.  Give SPGA Free a try and let us know what you think.

SPGA Free Edition Quick FAQ
  • Where do I get more information on the new free edition of SPGA?
  • What is the difference between the SPGA product PremierPoint Solutions has sold for years and this new free edition?
  • How can I get support?
    • SPGA Free has a full set of documentation, including articles, to help you in installing, configuring, and using the product - click here to view.
  • What if my company requires or desires a formal support contract for this product?
    • You do have the option of utilizing PremierPoint Solution's professionally staffed support engineers to receive the same level of support available with the Premium Edition of SPGA.  Click here for more information on obtaining formal support.
  • I'd like to use the free edition to start.  What if I decide to upgrade to Premium or just want to try the premium edition out at some point?
    • The installer is the exact same.  The features that are active are based on your license key.  So you may start with the Free Edition, and then trial or purchase the Premium Edition and simply update your license key.


Wednesday, June 18, 2014

Enterprise Ready Self-Service Site Creation


In my previous article, What process do you use to provide new SharePoint site collections to your users, I made mention of SharePoint's out-of-the-box self-service site creation process not being an enterprise ready solution.  This is a widely accepted opinion for very valid reasons. 

Working as a SharePoint Administrator, and with other administrators, there are two main reasons self-service site creation is not a viable enterprise solution.  The first is lack of approvals.  There should be someone, or some team, that ensures the request makes sense for your SharePoint environment.  Without approvals, there is no way to do so.  Everyone I have worked with required some sort of approval process, usually a business owner over an area and an IT approval as well.  You don't want the approval to become a bottleneck, just a brief stop along the way that ensures the integrity of your SharePoint environment.

How Much Value is Your Organization Getting From SharePoint Managed Metadata? – and, My Top 5 Benefits


SharePoint Managed Metadata Term Store ToolI can remember sitting in the session at SPC 2009 in Las Vegas where the Microsoft Program Manager in charge of the SharePoint 2010 Managed Metadata Service Application proudly proclaimed that Managed Metadata was the best new feature of SharePoint Server 2010.  Normally, I don’t care for braggarts, but after seeing how the features worked and how good it was, I really felt like this guy truly had a license to brag on himself and his team.  They did a great job!

We will soon be coming up on five years of organizations having the opportunity to take advantage of the benefits of Managed Metadata.  How much value has your organization got out of this feature set?  Have you even started to use it yet?