sharepoinTony

@info – The practical side of SharePoint

Archive for the ‘Tips and Tricks’ Category

Restricting Site Templates

Posted by sharepoinTony on September 3, 2010

I had a group come to me recently that wanted to set up a subsite to their site and allow a group of users create sites under that subsite.  Standard issue for SharePoint.  In this case they wanted those sites to all start out the same.  They had specific things such as two document libraries and a few other specific lists as the default when those sites get created.   Also standard issue for SharePoint…by simply creating a site template the users to select they would get what they wanted.

This request didn’t specifically ask for the restriction of site templates, however since we have had numerous other similar requests we now have a lot of site templates available.  So…

To make everyone’s life a little easier I decided to restrict the subsites so the users could only use the template created for them.  The group manager was very happy-this made it very simple for them to find and thus the creation of their sites was a snap.

The trick to it all is getting to the Page Layout and Site Template Settings page.  This isn’t available to you at the Site level, it is only on the Site Settings menu at the Site Collection level (top-level site).  That doesn’t mean you can’t use it to accomplish this task.

After creating the desired site template, go to the site above (parent to) the site where you want the users restricted to specific templates.  Replace the aspx page portion of the url with

_layouts/areatemplatesettings.aspx

Make your adjustments to the site templates available to subsites in the Page Layout and Site Template Settings screen, then click OK.

Posted in Administration, SharePoint 2007, Tips and Tricks | Tagged: , , | Leave a Comment »

SSO Tips

Posted by sharepoinTony on August 24, 2010

There are lots of blogs out there talking about the problems people have setting up SSO (Single Sign On) in SharePoint 2007 implementations.  There are also quite a few that run down the steps to do it and state that it is easy.  What is the disconnect between these two “camps” talking about SSO setup?

Well, one thing (IMHO) is that the ease of the process depends on YOUR environment and YOUR knowledge of what SSO is, how it works, and what you plan to do with it.  So my first (and most important) tip is take the time to learn about SSO and what you want to accomplish by using it before you attempt to configure it.

My other tips are:

Enterprise Application Definitions –

  • If you are planning to use Groups, create an Enterprise Application Definition for each group
  • Configuration steps often talk about creating a group for SSO Administrators and SSO Managers, these groups are NOT the groups you want to use here
  • The Account Type selection of Group is used when you want to connect to the data source using the same account for all users in the designated AD group.
    • For example, if you are going against an HR database and you have an AD group for HR managers who are allowed to see data from that source – SSO Enterprise Application Definitions let you map the group to an account with permissions to access that data, and that account will be used for everyone in the HR AD group
  • Things you cannot change it for the Enterprise Application Definition after initial definition:
    • Account Type
    • Authentication
  • Authentication is not clearly described in many places, here are the basics:
    • Select the Windows authentication check box if your clients use Windows authentication when connecting to the external data source (if it is required)
    • Leave the Windows authentication check box unchecked if your data source allows mixed authentication, such as SQL Server does by allowing either SQL or Windows authentication
  • Make sure you login to Central Admin with the “Enterprise Application Definition  Administrator” account when you create your definitions, otherwise you will have problems
  • After you create a definition using the Account Type of Group, don’t forget to update the ‘account information for enterprise application definitions’ – this is where you enter the AD group that you want to map to a specific account for accessing the data source

Configuration –

  • Make your life easier and just create an SSO Administrator account, don’t try to use an existing account.  It can be done, but it also can get confusing
  • If you are in a small environment you should still create the SSO Administrators and Managers AD groups as suggested by Robert Bogue (http://thorprojects.com/blog/archive/2008/08/02/moss-single-sign-on-setup-step-by-step.aspx) – It allows flexibility for you in the future without reconfiguring SSO
  • Follow Roberts steps (link above) for the basic setup
  • Reference links:

http://blogs.msdn.com/b/sharepointdesigner/arcve/2007/08/27/an-introduction-to-single-sign-on-sso-with-data-views.aspx

http://technet.microsoft.com/en-us/library/cc262932(office.12).aspx

Posted in Administration, Install and Configure, SSO, Tips and Tricks | Tagged: , , | 2 Comments »