Monday, September 09, 2019

Removing the Intranet-related Share and Follow UI Elements from Extranet Sites



SharePoint is a platform that has been enhanced over the years to support a broad range of use cases. Organizations can use SharePoint to build Intranet type web applications, Public-facing WWW sites, Extranet type web applications, Business Intelligence solutions, and more.

Not all of the out-of-the-box features of SharePoint are intended to be used in every use case. For Extranet use cases, there are several user interface (UI) elements and features that are primarily intended for Intranet use cases and therefore we recommend removing them from your Extranet web applications.

The Intranet-intended features that we recommend that you remove from your extranet web applications are:

·        Links to Newsfeed, OneDrive, and Sites
·        User Profile Service
·        Link for Sharing and Following

























Below are instructions for removing the Share and Follow UI elements from your extranet sites. 


In an extranet scenario, external users are typically "invited" to join a site using ExCM's "Invite Users" feature, rather than using SharePoint's "Share" feature:


The ExCM Invite Users feature is much more robust than SharePoint's Share feature in that it sends out an invitation to an external user that invites them to register for the extranet site using your company's pre-designed registration form.  Also, the invitation is recorded in a SharePoint List in the site as well as the registration, once they register.

So, to keep end users from becoming confused, it is recommended to follow these steps to remove the Share icon from your extranet sites:

Important Note:  The following procedure needs to be done at the site-level.  SharePoint does not provide a way via the GUI to make this change at the Site Collection or Web Application level.

Navigate to Site Settings > Site permissions:























In the Permissions tab click on Access Request Settings:



















Uncheck the box next to "Allow access requests" and then click OK:











Now, log in to the site as a non-owner, and you should see that the Share icon has disappeared:



















Important Note:  Any user that is in the SharePoint Owner's group for the site will still see the Share icon.  It will only disappear for non-owners, such as your external users.

Important Note:  The following procedure needs to be done at the site-level.  SharePoint does not provide a way via the GUI to make this change at the Site Collection or Web Application level.

To remove the Follow Icon:

Navigate to Site Settings > Manage Site Features:



















Find the "Following Content" feature and deactivate it:





You will get a warning about deactivating the feature.  Go ahead and click Deactivate this feature:











You should now see that the Follow icon has disappeared from the page:






©2019 PremierPoint Solutions. All Rights Reserved. 

Friday, August 30, 2019

Changing the Forgot Password Option from a Question and Answer to an Email Option




We often hear about high-level security breaches where hundreds of thousands of user and company information has been hacked and stolen. Most of the time, this only leads to finger-pointing and more paperwork than anyone has the time to chase down. We know that Extranet Collaboration Manager (ExCM) is just one part of your companies’ best practices for securing your external collaboration and maintaining a secure company and employee environment. We also know that sometimes the small things a company does can make the biggest difference when it comes to security and manpower.
Case in point, many businesses utilize the well-known question and answer method when a user forgets their password. We have all seen and used this method. The normal scenario is where you have set up two to three security questions when you sign up for your account, and in the event that you forget your password, you have to answer one of these questions to proceed with the password change or the account recovery process.
But how secure are the questions and answers? How easy is it for someone to use the internet and social media to hunt down the answers to any one of the questions? Think about it: would it be that hard to find out your mom’s maiden name, your high school mascot or what city you were born in? While it is true that the questions that are being asked could be much more difficult, remember these businesses are dealing with users who on average have over 100 passwords when you add all their work, financial and personal accounts together. The average company does not have the resources to help customers who have forgotten their passwords much less the security question answers that were initially set up to be easy.
*More information on password and security statistics can be found here.

So, where does this leave the businesses of today? What other alternatives or tools do they have at their disposal to maintain security and make the retrieval of passwords or the resetting of passwords seamless and still self-service?
What if, instead of the question and answer retrieval process, your company utilized something simpler that most of your customers already use, like their email address? How could this make things easier for the user and your company? We know that most people have at least one email account that is unique. We know that, in most cases, he or she is the only user of that unique email address. Then it would make sense that if we sent the user a link to their email address with options for changing or recovering their password, it should help in that they would not have to remember the questions and answers and the business would not have to store and maintain this information. The user’s security and self-service rest in their ability to remember their email information.
So, your next question might be: “How do I make the password email recovery option possible in ExCM?”




When using ExCM you can disable the extranet user password question and turn on the email option by making the changes below to the web app web.config file:

1.   In the <membership /> section of the web.congif file, the <add /> tag must have the requriesQuestionAndAnswer attribute set from ‘True’ to 'False'.




2.   In the <extranet /> section of the web.config file, the <membershipSettings /> tag must have the passwordResetTemplate attribute set from “SetNewPassword” to "EmailGeneratedPassword".



After making these changes to the web.config file, this should remove the password security question from the registration and add extranet users’ pages. This only needs to be applied to the web.cofig file of your content site.
Below you will find the expected changes that users will experience, once the password reset has been changed from the question and answer to the email setting.


After the user clicks the “Forgot your password?” link the “Reset My Password” page will ask for the user’s email address, then they will need to click Next.



Once the system has confirmed the user’s “Username” they will click Finish.



The next screen will confirm that the “Password Changed Successfully”.




Next, the user will receive an automated email with a temporary password.


Next, the user can return to the “Password Changed Successfully” page and then click “Continue to login”.





At the Sign In page the user will need to use the new temporary password from your email and click Sign In.



NOTE: The temporary password is case and character sensitive and can be copied and pasted.


Once the user is signed in, they will need to select the drop-down button next to the username, and then select “Change My Password”.



Within the “Change My Password” page the user will need to use the temporary password, then create a new password using the green strength bar as a gauge for a secure password. Next, the user will need to confirm the new password, and then click Finish. At this point the user will stay logged in and will use the newly created password the next time they log in.



©2019 PremierPoint Solutions. All Rights Reserved. 

Thursday, August 15, 2019

Example Powershell to Automatically Update SharePoint Managed Navigation in Team Sites “associated” to a central Publishing Site


This set of Powershell commands goes along with a demonstration I do at various SharePoint conferences during my presentation titled “Making the Most of SharePoint Managed Metadata”.
In the demo, I show how you can achieve something similar to the global navigation experience that SharePoint Online now offers using Hub sites and associated Team Sites (see this blog post for what that is all about), but by using the traditional SharePoint Publishing Site template along with traditional Team Site templates.  This can be done in SharePoint Server 2010, 2013, 2016, 2019 and SharePoint Online.

In my demo, I show how to create a new Team Site and then “associate” it with the main Publishing site by inheriting (actually, the official terminology is “Pin Term with Children”) its Managed Metadata-based Global Navigation.

The only catch with this is that after the new Team Site is created and its Global Navigation “associated” with the central Publishing site, the Global Navigation in any existing Team Sites does not get automatically updated.  So, in my demo I run some SharePoint Powershell as the last step that will loop through all of the “associated” Team Sites and update their Managed Navigation settings to include the new Team Site.

This Powershell is very specific to my demonstration and only provided here as a resource for someone wanting to do something similar.  To use it, you would need to read through it and make an effort to think about what it is doing.  Then, you would need to figure out how you could adapt it to work in your specific scenario and\or environment.

Also, this Powershell will only work with on-premises SharePoint Server.  If you need for it to work with SharePoint Online, you would have to take the concepts and come up with your own SharePoint Online version.

Example from my “Making the Most of SharePoint Managed Metadata” demo:

       

Add-PSSnapin "Microsoft.SharePoint.PowerShell" –ErrorAction SilentlyContinue

#Set variables

#The name of the Term Store in the local SharePoint Farm
$termStoreName = "Managed Metadata Service"

#The name of the Global Term Group that is used in the central Publishing Site
$globalTermGroupName = "Navigation"
#The name of the Global Term Set that is used in the Global Term Group
$globalTermSetName = "Intranet Global Navigation"

#Get the list of site collections that are attached to the central Publishing site collection
#In this demo, I have a list named "IntranetAttachedSites" that has an item for each Team site collection that is to be "associated"
$requestPortalWeb = Get-SPWeb http://intranet/sites/requests
$list = $requestPortalWeb.Lists["IntranetAttachedSites"]
$listItems = $list.GetItems()


#Update the navigation for each attached site collection
foreach ($listItem in $listItems) 
{
    $localTermGroupName = $listItem["Term Group Name"]
    $localTermSetName = $listItem["Term Set Name"]

    $web= Get-SPWeb $listItem["Title"]
    $site = $web.Site
    $navSettings = New-Object Microsoft.SharePoint.Publishing.Navigation.WebNavigationSettings($web)
    $taxSession = Get-SPTaxonomySession -Site $site
    $termStore = $taxSession.TermStores[$termStoreName]

    $globalTermGroup = $termStore.Groups[$globalTermGroupName]
    $globalTermSet = $globalTermGroup.TermSets[$globalTermSetName]

    $localTermGroup = $termStore.Groups[$localTermGroupName]
    $localTermSet = $localTermGroup.TermSets[$localTermSetName]

    # remove all the existing terms from the local Term Set
    $localTermSet.Terms|ForEach-Object{$_.delete()}
    $termStore.CommitAll()

    # pin the terms to the local term set from the master term set
    $globalTermSet.Terms|ForEach-Object{
       $t = $localTermSet.ReuseTermWithPinning($_)
    }

    # copy the sort order from the master term set
    $localTermSet.CustomSortOrder = $globalTermSet.CustomSortOrder 
    $termStore.CommitAll()
}

       
 

Making the Most of SharePoint Managed Metadata – Managed Navigation Demo


Over the past couple of years (2018 and 2019), I have been making a presentation at several SharePoint conferences titled “Making the Most of SharePoint Managed Metadata”.  In the presentation, I do several demonstrations that show how to use some of the advanced features of the Managed Metadata Term Store to help your business users get more value.  In this blog post, I am providing the “backup” slides I have on hand for one of the demos in case something goes wrong with the live demo – such as loss of Internet connectivity!

Anyway, here are my “backup” slides for my Managed Navigation demo that essentially document what I show the crowd in the live demo. 

In this demo, I show how you can achieve something similar to the global navigation experience that SharePoint Online now offers using Hub sites and associated Team Sites (see this blog post for what that is all about), but by using the traditional SharePoint Publishing Site template along with traditional Team Site templates.  This can be done in SharePoint Server 2010, 2013, 2016, 2019 and SharePoint Online.

In my demo, I show how to create a new Team Site and then “associate” it (actually, the official terminology is “Pin Term with Children”) with the main Publishing site by inheriting its Managed Metadata-based Global Navigation.


Wednesday, May 08, 2019

How To Answer The Five W's When Using ExCM's Auditing Tools



If you are a SharePoint Administrator managing your internal and external users you are probably asked one, or more of the Five W’s on a regular basis.


Who invited Who?

What security group was the new user added to?

When was the last time the user logged in?

Where in the country is the new user located?

Why is the new user not approved for access?



All of our example questions can be answered if you have the right auditing capabilities in place to access the information.

ExCM provides your company with the necessary auditing tools so that you can keep track of extranet users, extranet roles, invitations, registrations, and Site Sponsors activities. Below you will find a quick guide to help you manage this information using ExCM.


These features can be accessed by selecting the Settings icon, then select Site Settings.


























Under Extranet Management, you have several auditing options: Extranet Users, Extranet Roles, Invitations, Registrations and Site Sponsors.



























Extranet Users

When selecting Extranet Users, you can view information about the user's e-mail address, the date the user was created, last login date, activity date for that user, date the user was locked, date the user changed their password, and if the user has been approved or unlocked by the green or red indicator.















Extranet Roles


To view the users within a Role, first select Extranet Roles, then select the Role you would like information about. Select the Roles tab in the top ribbon then select View Users in Role.























You can view information about, the user's e-mail address, the date the user was created, last login date, activity date for that user, date the user was last locked, date the user changed their password, and if the user has been approved or unlocked by the green or red indicator.












Invitations

When selecting Invitations, you can view the invitee’s email, the user that sent the invitation, the sent date, the expiration date, and the security definitions selected for the invited user.


To view more information on an invitation select an invite, select the Invitations tab from the top ribbon, then select View Invitation.
















This view gives you a detailed view of the user invitation:





























Registrations 

When selecting Registrations you can view the register’s login name, email address, registration status, registration date, the registered user’s security definitions, and the approval status.


For more registration information, select the user then the Registrations tab from the top ribbon, and View Registration.













This gives you a detailed view of the user registration:


























Site Sponsors


When selecting Site Sponsor, you can view the Site Sponsors, any expiration dates for a Site Sponsor, the Associative Security Definitions, and the Administrative Security Definitions that each Site Sponsor has been granted.












ExCM’s auditing capabilities give an Administrator a wide range of tools so that they can adequately maintain real-time information on users and keep access records up to date for an ever-changing workplace and extranet environment. 

©2019 PremierPoint Solutions. All Rights Reserved.