Have you ever wondered how to install SharePoint 2010 properly using PowerShell so as to avoid those random numbers that show up in your service application databases that end up showing up when you use the Configuration Wizard? Would you prefer to not just be a Principal Button Clicker that clicks “Next, Next, Next, Next, Next” to install SharePoint? Do you want to learn how to do things “the right way?” Attend this half-day workshop and we’ll walk through step by step setting up SharePoint 2010 using PowerShell in a multi-server farm environment. This session will include: • Installing SharePoint Prerequisites using a configuration file and pre-downloaded components • Configuring the SharePoint platform using PowerShell • Creating and Configuring Service Applications with wholly named databases • Configuring Integrated Windows Authentication using Kerberos • Provision and Configure the User Profile Service After this session, you’ll have a solid foundational knowledge of how to properly configure SharePoint in an Integrated Windows Authentication Windows Networking Environment that is both repeatable and takes into consideration caveats that most “auto installer” scripts cannot account for.

1. Scott Hoag
Dan Usher
#SPSVB #Po$h

2. who am I?
#SPSVB #Po$h

3. who’s that other guy?
Dan
Usher
usher
#SPSVB #Po$h

4. about you
#SPSVB #Po$h

5. rules of the road
#SPSVB #Po$h

6. agenda
#SPSVB #Po$h

7. installation types
#SPSVB #Po$h

8. #SPSVB
a conversation
Facebook Quote
#Po$h
Andrew Connelll: Why I don’t do SharePoint 2010 development on

9. primary service accounts
Account Purpose Requirements
SQL Server Runs SQL Server • Domain user account
• No rights in SharePoint
Setup Account Installs the bits and performs initial • Domain user account
configuration • Member of Local Admins on each server
in the farm
• securityadmin and dbcreator on SQL
instance
Farm Account Used for configuring and managing • Domain account
the farm and runs primary services • Additional rights are automatically
(e.g. SPTimerV4) granted as part of installation (both
server and SQL)
#SPSVB #Po$h

10. other service accounts
Account Purpose Requirements
MySites Application Worker process identity for MySites • Domain user account
Pool • Managed account
Content Application Worker process identity for Content • Domain user account
Pool web applications • Managed account
Services Worker process identity for Service • Domain account
Application Pool Application Pools • Managed account
Search Service Process identity for SharePoint • Domain account
Process Foundation (Help) search service • Managed account
and SharePoint Search service
Search Service Used to crawl content specified in • Domain account
Default Content content sources
Access
User Profile Import Account used to import (and • Domain account
Account optionally export) user data from an • Replicate Directory Changes in AD
identity store
#SPSVB #Po$h

11. still more service accounts
Account Purpose Requirements
Object Cache Processes items in the object cache • Domain user account
Super User of a web application • Managed account
• Full Control User Policy on target web
application(s)
Object Cache Processes items in the object cache • Domain user account
Super Reader of a web application • Managed account
• Full Read User Policy on target web
application(s)
#SPSVB #Po$h

12. service applications
Service Application Foundatio Standar Enterpris Cross-
n d e farm
Access Services ✔
Business Data Connectivity Services ✔ ✔ ✔ ✔
Excel Services Application ✔
Managed Metadata Service ✔ ✔
Performance Point Service Application ✔ ✔
Search Service ✔ ✔ ✔
Secure Store Service ✔ ✔ ✔
State Service ✔ ✔
Usage and Health Data Collection Service ✔ ✔ ✔
User Profile Service ✔ ✔ ✔
Visio Graphics Service ✔
Web Analytics Service ✔ ✔ ✔
Word Automation Services ✔ ✔
Microsoft SharePoint Foundation Subscription Settings ✔ ✔ ✔
#SPSVB Service #Po$h

13. installation concepts
#SPSVB #Po$h
Wikipedia: Slipstream (computing)

14. SharePoint Infrastructure Prep
Component Minimum Requirement
Processor 64-bit, 4 cores
RAM • 4 GB for Development of Eval
• 8 GB for Production in a Single Server
Environment
Hard Disk 80 GB for system drive, additional space based on
logging requirements
#SPSVB #Po$h

15. SharePoint server preparation
#SPSVB #Po$h

16. other server preparation
#SPSVB #Po$h

17. running the farm configuration wizard
#SPSVB #Po$h

18. demo…
#SPSVB #Po$h

19. #SPSVB #Po$h

20. mmm. cake.
#SPSVB #Po$h

21. Scott Hoag
Dan Usher
#SPSVB #Po$h

22. who am I?
#SPSVB #Po$h

23. who’s that other guy?
Dan
Usher
usher
#SPSVB #Po$h

24. about you
#SPSVB #Po$h

25. rules of the road
#SPSVB #Po$h

26. A note on AutoSPInstaller/SPModule
#SPSVB SPModule #Po$h
AutoSPInstaller

27. demo…
#SPSVB #Po$h

28. post configuration
#SPSVB #Po$h

29. common errors
#SPSVB #Po$h

30. filtering accounts in UPS
#SPSVB #Po$h

31. bit on equals
Property Flag Description Bit On Equals
SCRIPT The logon script will be run 1
ACCOUNTDISABLE The user account is disabled 2
HOMEDIR_REQUIRED The home folder is required 4
LOCKOUT The account is currently locked out 5
PASSWD_NOTREQD No password is required 6
PASSWD_CANT_CHANGE The user cannot change the password 7
ENCRYPTED_TEXT_PWD_ALLOWED The user can send an encrypted password 8
TEMP_DUPLICATE_ACCOUNT This is an account for users whose primary 9
account is in another domain
NORMAL_ACCOUNT This is a default account type that represents a 10
typical user
INTERDOMAIN_TRUST_ACCOUNT This is a permit to trust an account for a system 12
domain that trusts other domains
#SPSVB #Po$h
Creating User Profile Synchronization Exclusion Filters using the userAccountControl attrib

32. more bit on equals
Property Flag Description Bit On Equals
WORKSTATION_TRUST_ACCOUNT This is a computer account for a computer that is 13
running Windows NT 4.0, or Windows 2000 and is a
member of this domain
SERVER_TRUST_ACCOUNT This is a computer account for a domain controller that 14
is a member of this domain
DON’T_EXPIRE_PASSWORD Represents the password, which should never expire on 17
this account
MNS_LOGON_ACCOUNT This is an MNS logon account 18
SMARTCARD_REQUIRED Forces the user to log on by using a smart card 19
TRUSTED_FOR_DELEGATION The service account is trusted for Kerberos delegation 20
NOT_DELEGATED The security context of the user is not delegated to a 21
service even if the service account is set as trusted for
Kerberos delegation
#SPSVB #Po$h

33. still more bit on equals
Property Flag Description Bit On Equals
USE_DES_KEY_ONLY Restricts the principal to use only Data Encryption 22
Standard (DES) encryption types for keys
DONT_REQ_PREAUTH This account does not require Kerberos pre- 23
authentication for logging on
PASSWORD_EXPIRED The user’s password has expired 24
TRUSTED_FOR_AUTH_FOR_DELEG The account is enabled for delegation 25
ATION
#SPSVB #Po$h

34. the recycle bin
#SPSVB Manage the Recycle Bin of #Po$h
a site

35. tune your analytics
Dataset Characteristics Value
SharePoint components 30k
Unique users 117k
Unique queries 68k
Unique assets 500k
Reporting DB data size? 511TB per years
73TB per 7day
200GB for year
#SPSVB #Po$h
Capacity requirements for the Web Analytics Shared Service in SharePoint Server

36. permissive file handling
> $webApp = Get-SPWebApplication("http://intranet.contoso.com")
> $webApp.AllowedInlineDownloadMimeTypes.Add("application/pdf")
> $webApp.Update()
#SPSVB #Po$h

37. lost passphrases
> $passphrase = ConvertTo-SecureString -asPlainText -Force
> Set-SPPassPhrase -PassPhrase $passphrase -Confirm
TechNet
CodePlex
#SPSVB #Po$h

38. questions
#SPSVB #Po$h

39. contact
scott.hoag@appliedis.com
@ciphertxt
Usher_Daniel@bah.com
@usher
#SPSVB #Po$h

40. #SPSVB #Po$h