Why Least Privilege 1
An Ounce of Prevention Is Worth a Pound of Cure 1
Local Group Membership 5
Ask the Domain Controllers 6
Database Permissions for Farm Account Vs Install Account 7
File System Permissions for Members of the WSS_Admin_WPG Local Group 7
Logging File Paths 12
Registry Permissions 14
Application Pool Accounts 15
WSS_WPG Registry Access 16
Application Pool Accounts in IIS 16
PowerShell to Reset Local Permissions and Files 18
Inspecting for Least Privilege 18
Next Steps 37
PowerShell Aliases 40
Verb-Noun 40
All PowerShell cmdlets Are Objects 40
Running Administratively and the SharePoint Management Console 41
Variable Instantiation 42
Objects as a Form of Troubleshooting 45
Avoiding Scrolling Truncation 51
Enumerating Sites 53
Step 1 55
Step 2 55
PowerShell Script to Create Central Administration 57
PowerShell Script to Create Service Applications 61
Building a Farm with AutoSPInstaller 72
MSDTC and DCOM Settings 75
Network Service Permissions 82
Local Security for the Farm Account 82
Next Steps 92
COM+ Security for User Profile Sync 93
App Fabric and Distributed Cache 94
User Profile Synchronization 105
Patching 110
Publishing Infrastructure vs Minimal Download Strategy 112
Account Management 113
Logging Locations and Levels 114
Path-based vs Host-named Site collections 116
HNSC or HHSC 123
Next Steps 130
Got Weird Stuff? 134
SharePoint IIS Site Directories 138
Virtually Mapped Folders 140
SharePoint Web Services 143
What About Registry? 165
Chapter 5: SQL 177
PowerShell 211
Configuring SharePoint-Integrated Reporting with SQL Server 2012/2014 215
Scenario 1 216
Scenario 2 217
Event ID 5586 255
Wireshark 401
Fiddler 407
NetMon and Message Analyzer 411
Developer Dashboard 414
Webalizer 418
Indihiang 423
SPS Farm Report utility 425
Process Monitor (ProcMon) 428
SharePoint Health Analyzer Tool 439
Performance Analysis of Logs (PAL) Tool for SharePoint 442
SharePoint Feature Administration and Cleanup Tool 463
The SharePoint Manager Tool 468
Wrap Up 471
Index 473
Introduction
This introduction covers, at a high level, the topics that this book discusses. The book assumes that you already have a development SharePoint environment that you can use to perform the exercises. If you don’t have a development farm and are not sure about the steps needed to create one, you should get a copy of my book Building a SharePoint 2016 Home Lab: A How-To Reference on Simulating a Realistic SharePoint Testing Environment (Apress, 2016). Although it is possible to read each chapter independently, there are parts of chapters that build off previous chapters and/or assume some requisite SharePoint knowledge. The following is the 40,000-foot view.
Chapter 1. Least-Privileged SharePoint Builds.This chapter thoroughly discusses building a SharePoint farm using least privileging. It starts to peel away the troubleshooting onion, layer by layer, and explains why a least-privileged build is important for troubleshooting.
Chapter 2. Key Settings of a Good Build. This chapter is the first of two parts that cover the key settings of a good build. You’ll learn about SQL aliases, MSDTC, to IIS WAMREG and DCOM, Network Service, and the local security needs of a farm account.
Chapter 3. More Key Settings of a Good Build This chapter finishes the discussion on key settings in the file system as they relate to App Fabric and Distributed Cache, User Profile Synchronization, publishing infrastructure, account management, logging locations and levels, and path-based vs. host headers, also known as host named site collections.
Chapter 4. Files, Virtual Mappings, and IIS Settings This chapter explores the changes that SharePoint makes to a Windows server file system and discusses how this relates to IIS. It looks at IIS logging and opens the discussion that surrounds the connection between IIS logs, SharePoint logs, and Windows logs.
Chapter 5. Database and Security Operations.This chapter opens SQL Server Management Studio and looks at the SQL Server settings, database settings, server roles, database mappings, SQL logging, and various PowerShell and/or command-line operations as they relate to SharePoint database security operations from within SSMS and/or SQL Server configuration.
Chapter 6. SQL Backup and Restore, and Useful CLI. This chapter covers a few more SQL-related topics, such SQL database backup and restore options, unattached restores, SQL file restores, and PowerShell site collection backup and restore. We look at some Windows OS commands that yield helpful troubleshooting information, including systeminfo, ncpa.cpl, msinfo32, SC, and others as I talk about finding answers to troubleshooting questions.
Chapter 7. Search Configuration and Troubleshooting. This chapter peels back a deeper layer of the troubleshooting onion as it relates to issues with search, search configuration with PowerShell, and the search service application. We look at some cool scripts and take a fairly good dive into search.
Chapter 8. Troubleshooting Services. This chapter looks at troubleshooting User Profile Synchronization Connections, Excel Services, Office Web app connections, and patching Office Web apps. We look at managed metadata term stores and discuss the connection to the User Profile Service. I’ll discuss web.config modifications and using PowerShell to determine if the web.config is modified. Along with looking at web.config, PowerShell interrogates timer jobs, log levels, and databases. Finally, PowerShell is used to unprovision and provision services.
Chapter 9. Tools: ULS, merge-splogfile, and Other. PowerShell cmdlets. This chapter’s primary focus centers on ULS logs, ULS viewer, merge-splogfile, and other PowerShell cmdlets that pertain to Windows logs. It discusses the numerous settings of ULS viewer and some various scenarios and methods. The chapter explains the connection between SharePoint and Windows event logs and helps the reader understand how to decipher what the logs are saying and how to use the logging system and configure it.
Chapter 10. Tools: Network Packet Tools and Page. Performance. This chapter discusses the use of ProcMon, WireShark, Fiddler, NetMon, developer dashboard, and more! It also covers a few more tools used to look at network packets, IIS logs, and page load performance.
Chapter 11. Tools: SharePoint Health Analyzer Demystified. This chapter discusses the SharePoint Health Analyzer report, the Performance Analysis of Logs (PAL) tool for SharePoint, the SharePoint Manager tool, the SharePoint feature admin tool, and finally, a summation of the three chapters on troubleshooting tools.