Archive for January, 2013

Last month I did a post that interested most of the SharePoint Developers out there about the SharePoint 2013 MCSD Developer Certification Path!  That post contained 3/4 of the exams required for someone who doesn’t have the MCPD SharePoint 2010 Certification.

At the time of the post, the only information available on the Upgrade was the following:

Q.I have an MCPD on Visual Studio 2010. How can I upgrade to an MCSD certification?

A.If you have achieved an MCPD: Windows Developer 4 certification, MCPD: Web Developer 4 certification, or MCPD: SharePoint Developer 2010 certification, you will be able to earn an MCSD certification on the corresponding solution by passing two exams.

However, the full (unofficial  but very likely ) upgrade path has been leaked in the Certification Planner from Microsoft (Many Thanks to Mahmoud Hamed)
The two exams are 
1. 70-480 (PS: You can take this exam for free at the moment. more info HERE)
2. 70-493 Upgrade your MCPD: SharePoint Developer 2010 to MCSD: SharePoint Apps

Screenshot:

EDIT:  All the Details about full path to  MCSD SharePoint are here: Three New Facts on the SharePoint 2013 MCSD Certification! – A Name, Exam Numbers and a Date!

Other New Information

We can also see in the picture (Thanks Bjoern) that now we got names for the 70-489 and 70-488 Exam.

Exam 70-488 SharePoint REST will probably be about the SharePoint 2013 REST Service
Info:
 http://msdn.microsoft.com/en-us/library/fp142380.aspx
http://msdn.microsoft.com/en-us/library/fp142385.aspx

Exam 70-489 SharePoint Collaboration ( In the screenshot it’s spelled “Colloboration”. )

The name is too vague for any information, however if I find anything I will update the post!

This is great news for SharePoint Developers because they will only need two exams to get the new certification!

If you are an IT Pro, you can find more info about the MCSE SharePoint Certification here:  http://www.absolute-sharepoint.com/2012/10/mcse-sharepoint-2013-requires-mcsa.html 

Leave  a comment and don’t forget to like us on Facebook here and to follow me on Google+ here and on Twitter here  for the latest news and technical articles on SharePoint.  Also, don’t forget to check the SharePoint Community Partners list for other great SharePoint Sites, and vote for my blog if you like my content!

No ratings yet.

Please rate this

Every month I do an article about all the resources I found online about Windows Server 2012. These free Resources come from Microsoft directly or from other partners but unfortunately not a lot of people check regularly and sometimes they are well hidden.

Also, don’t forget that the MCSA Windows Server 2012 is required for the MCSE SharePoint Certification

I am happy to present you Part 3 of the “Free Windows Server 2012 Learning Material & Resources,” series that gives you all the resources for the month of December.

Downloads

Download: Moving Applications to the Cloud, 3rd Edition – Book Download

Download: Core Network Companion Guide: Group Policy Deployment

Download: Moving Applications to the Cloud, 3rd Edition – Hands on Labs

Download: Core Network Companion Guide: Deploying BranchCache Hosted Cache Mode

Windows Server 2012 | Technical Documentation, Download, Install, Deploy | TechNet

TechEd NA 2012 & Microsoft Virtual Academy Videos

Windows Server 2012 Jump Start: Preparing for the Datacenter Evolution – Microsoft Virtual Academy

Licensing Windows Server 2012 – Microsoft Virtual Academy

Licensing the Private Cloud – Microsoft Virtual Academy

Windows Server 2012 DirectAccess: How to Quickly and Easily Deploy Your Next Generation Remote Access Experience

Continuously Available File Server: Under the Hood

Windows Server 2012 NIC Teaming and Multichannel Solutions

Windows Server 2012 High-Performance, Highly-Available Storage Using SMB

Building a Highly Available Failover Cluster Solution with Windows Server 2012 from the Ground UP

Windows Server 2012: Cluster-in-a-Box, RDMA, and More

Deploying Windows Server 2012: From Bare Metal, Server Core, Minimal Server Interface, and More

Best Practices for Designing and Consolidating Group Policy for Performance and Security

Group Policy Reporting and Analysis with Windows PowerShell

Guest Clustering and VM Monitoring in Windows Server 2012

Windows Server 2012 IP Address Management

New Virtual Labs and Lab Guides

Windows Server 2012 Virtual Labs

Windows Server 2012 IT Camp – Lab #3 – Thin vs. Fixed provisioning…That is the storage management question

Also, don’t forget to check Part 1 & 2 :

Free Free Windows Server 2012 Learning Material & Resources Part 1

Free Free Windows Server 2012 Learning Material & Resources Part 2

That is it for the month of December 2012, I hoped you liked it and I am sure with all the resources I showed here, you got enough reading and labs for the whole month

 Leave  a comment and don’t forget to like us on Facebook here and to follow me on Google+ here and on Twitter here  for the latest news and technical articles on SharePoint.

Tweet

Give Me +K on Klout

No ratings yet.

Please rate this

Today I wanted to install a SharePoint 2013 Virtual Machine to try developing some stuff with Visual Studio 2012. Since I didn’t want to develop directly on my big farm, I decided to make a new Virtual Machine with SQL 2012 + SharePoint Server 2013 RTM.

Easy task right? New Virtual Machine, 7GB of Ram, Install Server 2012, Install SQL 2012 + SP1, Install SharePoint prerequisites than start the Server installation.  Five minutes later, I get this error that gave me a lot of information on what’s wrong  (sarcastic). A classic for SharePoint.

Error Message: Microsoft SharePoint Server 2013 encountered an error during setup

I forgot to take a Screenshot when the error Happened, so I took one from the internet. Even if in the Screenshot it says “Preview” , I had the problem with the RTM version!

The following pop-up also appears:

Did a quick look up on Google, but the only people who had the problem were with SharePoint 2013 Preview, and most of them said the .iso was corrupted. However, I knew my iso was fine, since I installed 4 times already with the same iso.  I re-checked the prerequisites, I restarted the server and nothing.

After a few Google searches I found the answer on something that wasn’t SharePoint related, but I decided to give it a try.

When I created my virtual machine, I left only 1 Virtual processor by default.  I gave the Virtual Machine two Virtual processors, and then it worked like a charm.

Since I didn’t have this problem with my other Servers, I guess this only happens in Stand Alone mode, or when you have a full SQL installed on the same Server.

Even if, the minimum requirements for SharePoint Server 2013 are a 4-core server and its understandable that it might fail , I still think Microsoft Should make the error messages with a lot more details!

 Leave  a comment and don’t forget to like us on Facebook here and to follow me on Google+ here and on Twitter here  for the latest news and technical articles on SharePoint.
Give Me +K on Klout
No ratings yet.

Please rate this

After the successful  free HTML5 & Javascript (exam 70-480) promotion codes Microsoft just announced another free exam, the 74-243.

Here is the announcement:

Here is a very exciting offer for partners everywhere (not just the U.S.). Right now, the first 2,000 partners who take “Exam 74-324: Administering Office 365 for Small Businesses” will be able to take it for free at an Authorized Prometric Testing Center! Once you take and pass the 74-324 Exam, you will meet one of the key requirements for the Small Business competency in the Microsoft Partner Network.

The Promo code is  MPNO365 and works as of 18 January 2013.

Also please note, that even if it’s described as a voucher, you must enter it as a “Promo Code” in Prometric, if no you will get the following message.

Terms & Conditions

  • Promo code is MPNO365 (note: code includes an upper-case “O” and not a zero)
  • Promo code can be applied for exam 74-324 only
  • Promo code is available until the maximum cap is reached or the expiration date of the code (6/30/13), whichever comes first
  • Promo code may be applied towards one exam, delivered at an Authorized Prometric Testing Center (APTC)
  • Candidates must register for and take their examination prior to the expiration date of the promo code
  • Promo codes cannot be extended under any circumstances
  • Promo codes are not transferable between programs
  • Promo codes are program specific and in some cases, exam specific.  Please ensure you redeem the promo code for the correct exam
  • Promo codes may not be redeemed for cash or credit, or refunded
  • Promo codes may not be applied to exams that have already been taken
  • Promo codes are intended to be used by individuals who work for partner organizations registered in the Microsoft Partner Network
If you want to take it, sign up fast because once the 2000 cap is reached, this offer will be dead.

Edit: Seems the offer is dead and people are getting this message:

The maximum count for the promotion has been exceeded. 

If I get a new code, I will update the post.  Don’t forget to follow me on twitter or other social media with the links below, so next time there is a promotion, you will be in the first ones to know!


Leave  a comment and don’t forget to like us on Facebook here and to follow me on Google+ here and on Twitter here  for the latest news and technical articles on SharePoint.  Also, don’t forget to check the SharePoint Community Partners list for other great SharePoint Sites, and vote for my blog if you like my content!

No ratings yet.

Please rate this

Every month I do an article about all the resources I found online about SharePoint 2013. These free Resources come from Microsoft directly  or from other partners but unfortunately not a lot of people check regularly and sometimes they are well hidden.

I am happy to present you Part 3 of the “Free SharePoint Server 2013 Resources” series  that gives you all the resources for the month of December.

Downloads

Download: SharePoint Composite Handbook 

Download: Navigation term set planning worksheet

Technical diagrams for SharePoint 2013

Download New Office Visio Stencil 

The Essential Guide to Preparing for a Migration to Microsoft SharePoint 2013

The Essential Guide to Migrating SharePoint Content to the Cloud

Business Inteligence

VIDEO: Configure AdventureWorks for Business Intelligence solutions
Viewing reports and dashboards on mobile devices
What’s New (Reporting Services)

Lab Guides

Test Lab Guides for Business Intelligence

Excel

Test Lab Guide: Configure Excel Services
Test Lab Guide: Configure the Excel Services unattended service account
Test Lab Guide: Configure Excel Services data refresh by using an embedded connection
Test Lab Guide: Configure Excel Services data refresh by using an external connection

Visio

Test Lab Guide: Configure Visio Services
Test Lab Guide: Configure the Visio Services unattended service account
Test Lab Guide: Configure Visio Services data refresh using an external connection

Performance Point

Test Lab Guide: Configure PerformancePoint Services
Test Lab Guide: Configure data access for PerformancePoint Services

Secure Store

Test Lab Guide: Configure Secure Store

Other

MCSE: SharePoint Certification 
SharePoint 2013 Client Object Model and REST Slides from NY SharePoint Developers User Group
SharePoint 2013 Shredded Storage and The End of the World
Index of new Windows PowerShell cmdlets for SharePoint 2013

Also, don’t forget to check Part 1 & 2 :

Free SharePoint Server 2013 E-books,Models, Planning Worksheets, Design Samples and more Part 1

Free SharePoint Server 2013 E-books,Models, Planning Worksheets, Design Samples and more Part 2


Leave  a comment and don’t forget to like us on Facebook here and to follow me on Google+ here and on Twitter here  for the latest news and technical articles on SharePoint.  Also, don’t forget to check the SharePoint Community Partners list for other great SharePoint Sites, and vote for my blog if you like my content!

No ratings yet.

Please rate this

Several weeks ago I did a post about SharePoint 2013 Service accounts Best practices titled : SharePoint 2013 Service Accounts Best Practices! Is there a golden solution for all farms?.  The post talked about how important Service Accounts were in the installation of SharePoint 2013 because if they are not set up correctly  they can open big security holes in your organization or give you problems down the road.

The article also suggested that you cannot have only one set of Service accounts for every scenario, since not all  scenarios require the same security (ex: a development  environment does not require same security as the production one). So, I suggested three sets of service accounts for different deployment scenarios of SharePoint 2013, however I got some feedback that my choices and the accounts weren’t explained in detail.

This post will go over all the three sets of service accounts, explaining the difference between the sets and also what every account does!

NOTE: This sets only cover the basic installation and configuration of SharePoint 2013 and SQL.  Other Service accounts will be needed for some Service Applications (Ex: Excel, Visio, Performance Point, etc)

NOTE: For SharePoint 2016, check out this blog post: https://absolute-sharepoint.com/2017/03/sharepoint-2016-service-accounts-recommendations.html 

SharePoint 2013 Service Accounts – Low Security Option

Summary

The Low security option is of course the one with the least accounts possible to install SharePoint in a proper manner. It uses only 1 SQL account that will be the SQL administrator and also run the services, and 5 SharePoint accounts: The Farm Administrator, the Web Application pool account, the SharePoint Service Application Pool account  the Crawl account and the User Profile Synchronization account. More details under each section

For the SQL Server

Name Description Local Rights Domain Rights
SQL_Admin The SQL Server service account is used to run SQL Server. It is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT. SQL Admin on the SQL Server Local Administrator on the SQL Server Domain User

Explanation

As Stated previously, in the Low Security Option, we only use one Service Account for our SQL Server.  This account needs to be a Local Administrator on the SQL server in order to be able to install SQL. We will also run the SQL AGENT and the Database Engine services with this account.  This the account that will have the full power on your SQL server and you will use it to grant rights to your SP_Farm(more details to follow)

For the SharePoint Server

Name Description Local Rights Domain Rights
SP_Farm The server farm account is used to perform the following tasks:

-Setup
-SharePoint Products Configuration Wizard
-Configure and manage the server farm.
-Act as the application pool identity for the SharePoint Central Administration Web site.
-Run the Microsoft SharePoint Foundation Workflow Timer Service.
Local Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL Instance Domain User
SP_Pool The Pool account is used to run the Web Application Pools None Domain User
SP_Services The Services Account is used to run the Service Application Pool None Domain User
SP_Crawl The Default Content Access Account for the Search Service Application None Domain User
SP_UserProfiles The User Profile Synchronization Account None Replicate Directory Changes permission on the domain. Guide: http://bit.ly/TSE7xs

Explanation

The Low Security Option uses the minimum amount of accounts while also keeping a level of security.  Here is the account breakdown:
SP_Farm is your main SharePoint account in this configuration. It needs to have Local Administrator rights to be able to install SharePoint Server and also the Securityadmin and DBcreator roles on the SQL Server to create the configuration and other databases.  This account will be your main Farm Administrator and also run the Timer Service and the web application for Central Administration use to access the SharePoint content database
SP_Pool  is a domain account used for application pool identity.. ex: When you create a Web Application, and you create a pool for it, you select this account!

SP_Services is a domain account used for the Service Applications Pools.  ex: When you create a Managed Metadata Service application and create a pool for it, you select this account!

SP_Crawl is used within the Search Service Application  to crawl content. The Search Service Application will automatically grant this account read access on all Web Applications. It will also run the SharePoint Windows Search Service.

SP_UserProfiles is the account used for the User Profile Synchronization between your Service Application and your Active Directory. This account does not need any local rights, however you need to give it Replicate Directory Changes rights on the Active Directory in order to allow the synchronization

SharePoint 2013 Service Accounts – Medium Security Option (Sweet Spot)

Summary

The Medium Security option is the Sweet Spot of a SharePoint installation. It uses slightly more accounts than the Low Security Option however it provides a huge security improvement. By giving less rights to each account you limit the possible damage in case an account gets hacked  and also follow Microsoft’s recommendation of installing SharePoint 2013 with  least-privilege administration. More details on the changes under every section!

For the SQL Server

Name Description Local Rights Domain Rights
SQL_Admin SQL Admin on the SQL Server. Used to Install the SQL Server. Local Administrator on the SQL Server Domain User
SQL_Services It is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT. None Domain User

Explanation

The difference between the Low Security and the Medium Security option for the SQL is that we now use two different accounts :The SQL_Admin and the SQL_Services. The big security improvement is that the account running the Agent and Database Engine services is not a local administrator anymore. Here is the account breakdown:
SQL_Admin: This will be your main SQL Administrator!. It needs Local Administrator rights in order to install the SQL server.
SQL_Services: This account does not have any local rights, it is only used to run the SQL Agent and Database Engine windows services.

For the SharePoint Server

Name Description Local Rights Domain Rights
SP_Farm The server farm account is used to perform the following tasks:

-Configure and manage the server farm.
-Act as the application pool identity for the SharePoint Central Administration Web site.
-Run the Microsoft SharePoint Foundation Workflow Timer Service.
SecurityAdmin and DB_Creator rights on the SQL Instance Domain User
SP_Admin The server farm account is used to perform the following tasks:

-Setup
-SharePoint Products Configuration Wizard
Local Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL Instance Domain User
SP_Pool The Pool account is used to run the Web Application Pools None Domain User
SP_Services The Services Account is used to run the Service Application Pool None Domain User
SP_Crawl The Default Content Access Account for the Search Service Application None Domain User
SP_Search Service Account to run the SharePoint Search “Windows Service” None Domain User
SP_UserProfiles The User Profile Synchronization Account None Replicate Directory Changes permission on the domain. Guide: http://bit.ly/TSE7xs

Explanation

In the Medium Security option we increase the security by adding two new accounts: The SP_Admin and the SP_Search. Instead of giving all the Farm Administration power to the SP_Farm account, the SP_Admin will be the one that installs and configures SharePoint 2013 and have the local administrator rights, while the SP_Farm will only run the services and connect to the database. Furthermore, instead of letting the SP_Crawl account run both the Windows Service and have FULL-READ rights on all the web applications, the SP_Search will now run the Windows Service. Here is the breakdown of the accounts:

SP_Farm is a domain account that the SharePoint Timer service and the web application for Central Administration use to access the SharePoint content database. This account does not need to be a local administrator. The SharePoint configuration wizard grants the proper minimal privilege in the back-end SQL Server database.The minimum SQL Server privilege configuration is membership in the roles securityadmin and dbcreator.

SP_admin is a domain account you use to install and configure the farm. It is the account used to run the SharePoint Configuration Wizard  for SharePoint 2013.The SPAdmin account is the only account that requires local Administrator rights. To configure the SPAdmin account in a minimum privilege scenario, it should be a member of the roles securityadmin and dbcreator on the SQL server.

SP_Pool  is a domain account used for application pool identity.. ex: When you create a Web Application, and you create a pool for it, you select this account!

SP_Services is a domain account used for the Service Applications Pools.  ex: When you create a Managed Metadata Service application and create a pool for it, you select this account!

SP_Crawl is used within the Search Service Application  to crawl content. The Search Service Application will automatically grant this account read access on all Web Applications.

SP_Search Is used to run the SharePoint Windows Search Service.

SP_UserProfiles is the account used for the User Profile Synchronization between your Service Application and your Active Directory. This account does not need any local rights, however you need to give it Replicate Directory Changes rights on the Active Directory in order to allow the synchronization.

SharePoint 2013 Service Accounts – High Security Option

Summary

The High Security Option is the ones that provides the best security and of course the most Service Accounts. This only ads a small amount of extra security to the farm, however that extra security might be needed in some scenarios

For the SQL Server

Name Description Local Rights Domain Rights
SQL_Admin SQL Admin on the SQL Server. Used to Install the SQL Server. Local Administrator on the SQL Server Domain User
SQL_AGENT It is the service account for the following SQL Server services: SQL SERVER AGENT. None Domain User
SQL_ENGINE It is the service account for the following SQL Server services: Database Engine. None Domain User

Explanation

The difference between the Medium Security and High Security Option is that we now have a separate account for each of the two base services: SQL_Agent and Database Engine.  Nothing changes for the SQL_Admin

SQL_Admin: This will be your main SQL Administrator!. It needs Local Administrator rights in order to install the SQL server.
SQL_Agent: This account does not have any local rights, it is only used to run the SQL Agent Windows Service

SQL_Engine: This account does not have any local rights, it is only used to run the Database Engine windows service.

For the SharePoint Server

Name Description Local Rights Domain Rights
SP_Farm The server farm account is used to perform the following tasks:

-Configure and manage the server farm.
-Act as the application pool identity for the SharePoint Central Administration Web site.
-Run the Microsoft SharePoint Foundation Workflow Timer Service.
SecurityAdmin and DB_Creator rights on the SQL Instance Domain User
SP_Admin The server farm account is used to perform the following tasks:

-Setup
-SharePoint Products Configuration Wizard
Local Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL Instance Domain User
SP_Pool The Pool account is used to run the Web Application Pools None Domain User
SP_Services The Services Account is used to run the Service Application Pool None Domain User
SP_Crawl The Default Content Access Account for the Search Service Application None Domain User
SP_Search Service Account to run the SharePoint Search “Windows Service” None Domain User
Sp_MySitePool Used for the My Sites Web Application None Domain User
SP_UserProfiles The User Profile Synchronization Account None Replicate Directory Changes permission on the domain. Guide: http://bit.ly/TSE7xs

Explanation

The only difference between the Medium security and the High Security option is that we now have a separate account for the Web Application Pool hosting the ‘My Sites’  since it has a different security policy than the other Web Applications .  I will only give the details for the new account in the breakdown:

SP_MySitePool  is a domain account used for the My Sites Web Application Pool Identity. It’s very similar to the SP_Pool, however it is only used for the My Sites Web Application.

Sources

http://technet.microsoft.com/en-us/library/cc678863.aspx

Edit (19/08/2013):

The SP_Farm account needs to be in the Local Administrators during, and only during the User Profile Provisioning!

Also, you can create those Service Accounts automatically with PowerShell using the SharePoint 2013 Service Account Creator project on CodePlex: https://sp2013serviceaccount.codeplex.com/

Download

You can download all the information here in PDF format on my SkyDrive here: http://1drv.ms/1p6tLcv 

I think that this post gives all the information necessary for SharePoint 2013 Service Accounts for the years to come, and don’t forget that this post only covers the basic Service Accounts needed for SharePoint 2013 and that other Service Accounts will be needed for some Service Application (ex: Excel Unattended Service, Visio, etc )

If you have any questions or comments please do not hesitate to post a comment, because your opinions will only make this post better!

Leave a comment and don’t forget to like the Absolute SharePoint Blog Page   on Facebook and to follow me on Twitter here  for the latest news and technical articles on SharePoint.  I am also a Pluralsight author, and you can view all the courses I created on my author page.
4.94/5 (33)

Please rate this