sharepoinTony

@info – The practical side of SharePoint

Posts Tagged ‘Install and Configure’

SSO Tips

Posted by sharepoinTony on August 24, 2010

There are lots of blogs out there talking about the problems people have setting up SSO (Single Sign On) in SharePoint 2007 implementations.  There are also quite a few that run down the steps to do it and state that it is easy.  What is the disconnect between these two “camps” talking about SSO setup?

Well, one thing (IMHO) is that the ease of the process depends on YOUR environment and YOUR knowledge of what SSO is, how it works, and what you plan to do with it.  So my first (and most important) tip is take the time to learn about SSO and what you want to accomplish by using it before you attempt to configure it.

My other tips are:

Enterprise Application Definitions –

  • If you are planning to use Groups, create an Enterprise Application Definition for each group
  • Configuration steps often talk about creating a group for SSO Administrators and SSO Managers, these groups are NOT the groups you want to use here
  • The Account Type selection of Group is used when you want to connect to the data source using the same account for all users in the designated AD group.
    • For example, if you are going against an HR database and you have an AD group for HR managers who are allowed to see data from that source – SSO Enterprise Application Definitions let you map the group to an account with permissions to access that data, and that account will be used for everyone in the HR AD group
  • Things you cannot change it for the Enterprise Application Definition after initial definition:
    • Account Type
    • Authentication
  • Authentication is not clearly described in many places, here are the basics:
    • Select the Windows authentication check box if your clients use Windows authentication when connecting to the external data source (if it is required)
    • Leave the Windows authentication check box unchecked if your data source allows mixed authentication, such as SQL Server does by allowing either SQL or Windows authentication
  • Make sure you login to Central Admin with the “Enterprise Application Definition  Administrator” account when you create your definitions, otherwise you will have problems
  • After you create a definition using the Account Type of Group, don’t forget to update the ‘account information for enterprise application definitions’ – this is where you enter the AD group that you want to map to a specific account for accessing the data source

Configuration –

  • Make your life easier and just create an SSO Administrator account, don’t try to use an existing account.  It can be done, but it also can get confusing
  • If you are in a small environment you should still create the SSO Administrators and Managers AD groups as suggested by Robert Bogue (http://thorprojects.com/blog/archive/2008/08/02/moss-single-sign-on-setup-step-by-step.aspx) – It allows flexibility for you in the future without reconfiguring SSO
  • Follow Roberts steps (link above) for the basic setup
  • Reference links:

http://blogs.msdn.com/b/sharepointdesigner/arcve/2007/08/27/an-introduction-to-single-sign-on-sso-with-data-views.aspx

http://technet.microsoft.com/en-us/library/cc262932(office.12).aspx

Posted in Administration, Install and Configure, SSO, Tips and Tricks | Tagged: , , | 2 Comments »

Installing MOSS

Posted by sharepoinTony on September 25, 2009

I read Paul Swider’s blog post “Best Practice for User Accounts When Installing MOSS” today.  He is right on target, “there should be no surprises on install day”.  It is ironic that I read this blog today because I created a similar table to the one he has in his blog post earlier this week, to prepare for my SharePoint install this morning  (I installed MOSS, did basic configuration setting up a couple of web applications and SSP’s easily well before lunch).  Paul’s table was nicer, and I like his idea of phases which I thought of  in a similar way but couldn’t vocalize it as nicely as he did.

The point of this post is that he made me think a bit more about best practices, especially when installing MOSS.  Here are some off-the-cuff random thoughts I had on that topic:

  • Did you download any service packs or patches that you might need installed PRIOR to your SharePoint install?
  • If so, are they all in one easy to find folder, ready to go?
  • Where are your CD’s/DVD’s – do you need them?
  • Are you documenting your install in any way?  How?  Where?
  • Do you have a scheme for naming your web applications, ssp’s, content db’s?
  • What services are you going to configure?
  • What is your indicator that you have successfully installed MOSS?  When do you stop this task, and move on to the next?

I like to have these things mapped out, in my mind and documented.  The process of install and initial configure should be straight forward and easy.  Just make your own check-list, include the critical details, and follow the steps.  Write down what you do as you do it and you won’t have to hunt for a port number or database later.  Being a bit anal pays off sometimes…my install day today was kind of relaxing.  By the way, I had Thai for lunch.

Posted in Best Practice, Commentary, Install and Configure | Tagged: , | Comments Off on Installing MOSS