Jared Matfess's Blog

Having fun with SharePoint, Office 365, and Microsoft Azure

SharePoint Saturday Rhode Island Wrap-up — November 10, 2013

SharePoint Saturday Rhode Island Wrap-up

This weekend was Rhode Island’s first ever SharePoint Saturday and I had the great pleasure to present for the first time. I want to give a sincere thanks to this weekend’s organizers Jason Himmelstein, Chris McNulty, Joshua Cliff, and Chris Pereira. Also to New Horizons who provided the venue, along with my fellow presenters and all the sponsors and attendees who made this event a rousing success. Although I did not have the standing room crowd in my session that I’d been hoping for, I was very thankful to the engaged attendees with their thoughtful questions and for staying 15 minutes afterwards to share their own stories.

In my opinion, SharePoint Saturday showcases the true awesomeness of the SharePoint community. Nowhere else will you find industry leading speakers donating the weekends to help further the careers of hundreds of attendees. These speakers oftentimes give the same talks that they would at industry conferences, but at no cost to the attendees. As both a presenter and attendee this weekend I just wanted to once again thank all those that made it such a success.

Presenting at #SPSRI

A New Microsoft Fanboy has been born — October 23, 2013

A New Microsoft Fanboy has been born

I should probably start this off with I’ve been an Apple Fan boy since the day my grandfather got me a Mac SE for my birthday. From there I can recall a number of “cool moments” in my life where a Mac helped shape a creative outlet. When I was in my senior year of high school and the class video got corrupted due to Windows 95 being a less than stable operating system, I remember picking up an iMac DV and a Sony Camcorder using my CompUSA credit card and spending the next 5 months shooting and editing our senior class video. My first website was developed using a PowerMac G4 titanium that I used to carry around in a slick gun metal briefcase. When I went off to college I got an iMac Flat screen for the dorm, and my wife’s first laptop was a slick MacBook Pro. There were a few other Macs in-between with one of the Mirror Door G4’s, a black G3 Powerbook, one G4 Tower. As with all Apple Fanboys I waited in line for the first, second, and third iPhones and for awhile carried an iPhone 4. My truly favorite Apple moment was when I was able to buy the first iPod a day earlier because the cashier on duty at CompUSA (where I worked at the time) didn’t know that it wasn’t due out to the following day.

However, over the past few years my love for Apple has slowly faded. Perhaps it has come with the passing of Steve Jobs who truly in my eyes (along with many others) was a true rock star. He had his misses along the way but overall you could count on an exciting product announcement once or twice a year along with perhaps some of the best showmanship that my generation has ever seen. Jobs was the snake oil salesman of the 20th century and I wanted whatever he was selling.

However, as I alluded to my lust for all that is Apple had begun fading and you could tell just with my recent set of toys that my household was no longer exclusively an Apple one. My iPhone soon traded in for a work issued Windows Phone and then tonight after another lackluster Tim Cook presentation, I ended up getting a new Surface Pro 2.

My initial feedback is great. This device is pretty slick, responsive, and the screen is just beautiful. I opted for the 128 GB figuring that I could expand with a 64GB Microsdxc card and probably handle everything I need. Besides the installation of Office there are no other major applications that would require more. And from a RAM perspective, I haven’t noticed any slowdown issues with the 4GB of RAM. Of course you always wish for more RAM. 🙂 The swiping between and to close apps it quick and fun, in some ways a bit more intuitive than on the iPad.

I went with the Type Keyboard over the Touch given both the reviews along with a friend’s strong recommendation. In addition, I decided to push the limits of my Best Buy no interest financing to round out my purchase with both the VGA adapter and the Microsoft Arc Mouse. (which is awesome btw)

Some really cool first moments with the Surface were it finding both my Roku and my HP Printer over Bluetooth. Along with installing a few new apps from the Windows Store. I’ve primarily used it as a laptop (both stationary on the kitchen table) along with on my lap watching some television. I plan on presenting off of this for our first Connecticut SharePoint Users Group meeting, and I’m curious if any of my fellow nerds will notice or comment? 🙂

So in other words, this Surface Pro is right up my alley and I’m really happy with the purchase. I am sure there will be future posts of frustration and “how do I’s” but for now I’m having my fun.

SharePoint Quick Tip – Inline List Editing — September 5, 2013

SharePoint Quick Tip – Inline List Editing

As an Admin I do not spend a lot of time in the bits and bytes of actually “using” SharePoint, I tend to have my head buried into keeping the wheels on the bus.

However, today one of my co-workers brought a pretty cool little gem which I figured I’d blog so maybe I’ll remember it again.

If you go to your List settings and then cruise down to your view, toward the button there’s an option called “Inline Editing”:


In case you’ve never been curious, it does exactly what it says it does.. It allows you to make quick “inline” edits of items in your list.


It’s good if you’re treating your list like a spreadsheet.. So ya.. Small post..

Hands on with AvePoint Policy Enforcer — September 4, 2013

Hands on with AvePoint Policy Enforcer

I should preface this review with the statement that I do not work for AvePoint, nor am I being compensated in any way for this article. I like to state that since some of the reviews that I have read by other SharePoint experts are actually paid reviews which to be honest sometime cause me to question the truthfulness.

As a SharePoint Administrator for a Fortune 50 company I am constantly faced with trying to retrofit our hundreds of site collections with the most current set of security rules and governance policies. Up until this point I had spent quite a few hours writing ad-hoc scripts to tweak changes here and there, but as the number of site collections have grown, so have my concerns for making a mistake and causing harm to our production sites.

As part of their SP3 for the DocAve 6 platform, AvePoint introduced their new Policy Enforcer engine. I think a really easy way to explain the power of this new functionality is to walk you through a busines case.


Many large enterprises scale out their implementation into farms based on the role in which they will serve – for example you could have a Project Farm and then an Intranet Website farm. Each farm has its own unique sets of Governance policies based upon the content that is being hosted. To be more clear, the Portal Farm is likely established to host published content – such as the user homepage and departmental sites. The rules behind sites going into that farm is that content approval must be enabled on all lists & libraries.

Now, take that one particular Governance ruling.. All lists & libraries must have content approval enabled. As a Farm Administrator with 1,000 site collections – how exactly do you intend on enforcing that particular policy? I’m sure the Developers reading this article will probably begin whiteboarding a timer job that will iterate through the web application site collections, read the lists, and iterate through. The IT Pro’s reading the article are probably thinking about a powershell script, likely doing the same thing, set to run via a scheduled task. Both are correct in their thinking – surely you can accomplish the task either way, but it becomes fun when it comes time to support/make changes to that code. For us as a large enterprise, code deployments can only happen during certain maintenance windows. And in regards to the PowerShell script, absolutely this is less intrusive, however that means you as the ITPro are now responsible for maintaining and running that particular script. And oh, by the way, now your manager wants reporting to find out which sites are out of compliance.

The first step to accomplishing this with Policy Enforcer would be to create a new profile at the defined scope.. For this example I’m blanking it out on the left hand side but I’m going to set this policy at the Web Application level. You could also drill down and scope it at the site collection, site, or even down to the list & library level.


As part of that profile, you will want to setup a new data collection job which will go out and look at the scope specified. For this example, I’ll give the name “Content Approval”. For the same of brevity I’ll leave all the Auditor Mode & Scan Mode options enabled and not monkey with the default scan of every 30 minutes. Basically, the purposes of those at a high level are to narrow down the scope of what you’re scanning for. Example: if you just want to different rules for different farms at different levels, you could specify different data collection jobs.. Since it is also all based on the SharePoint object model so basically you can do ANYTHING and EVERYTHING. 🙂


Once you click save you will arrive back at the Profile, I’m going to create a new rule to make sure Content Approval is turned on. So I’ll click the Create Rule, and select the List Versioning Settings.


The rule will get added to the profile – and then I’ll configure it by clicking the Configure Rule button in the middle of the profile manager window. I’ll then check off Content Approval.


If you scroll down to the bottom of the configuration screen you’ll see that there’s a check box that says “Automatically revert to the settings above.” You also have the option of sending a notification to someone that the action is being taken.


Click the save button and you’re done. Now, the next time your scan policy (mine was called Content Approval) kicks off – it will go ahead and touch all lists & libraries and enable content approval!

The first time you run through this it might seem like a few steps, but to be honest after you setup all of your data collection jobs it is really simple to blast through a couple of different policies. You can setup this same type of policy for all sorts of things such as features. More information about what you can target is below.

I’m probably going to put out a few more posts on some of the cool things I come up with but for now but I think the above example shows just how easy it is to quickly propagate a simple change to hundreds or thousands of site within your environment.

More information can be found on AvePoint’s site along with this Feature Spotlight:

Governance is more than just a 10 letter word — September 1, 2013

Governance is more than just a 10 letter word

As Microsoft continues to expand the capability of SharePoint so does the complexity for the architecture and integration of the system for enterprises of all scale. What I have noticed from my attendance at various SharePoint conferences both paid as well as the Saturday events, the level of expertise for the “SharePoint Guy/Gal” lags far behind what is needed for a successful implementation. I am not in any way knocking the person but rather the fact that on the curve of learning to mastering, it appears that many people are being thrust into the implementation before they have  accumulated the knowledge necessary to not only overcome technical obstacles for getting the software bits installed and running, but also the ability to draft/publish/communicate the do’s and don’ts for the businesses fancy new IT system.

Fortunate for all, there’s a vast ecosystems of “experts” readily available to help you through all aspects of your SharePoint engagement including the draft and publication of your organization’s Governance plan. When I speak about Governance, I want to specifically throw out any discussion about the operational aspects of managing the environment. I am not saying that developing your backup strategy and service level agreements are not important – which they really are not.. Your customers want the system available 24×7 and they want you to be able to restore to the point before they had a problem. But really you have a few three really important decisions to make about your environment:

1. What level of access will you be giving to users?

By far, this is perhaps the most important decision that you and your team will ever have to make. First off, if you start out giving users “full control” and then water it down to something else you are going to be fighting a Braveheart style battle. My recommendation for getting started with SharePoint would be to create the following groups/roles:

a. Business Power user – I would take full control and strip out create subsites, create groups, manage permissions, etc.
b. Contributor (without delete) – same role as contributor but take away the ability to delete
c. Read-only/Visitor – out of the box
d. IT Support – somewhere in-between the Business Power user and Site Collection Admin/Full Control

The trick for the business power user would be to make that group the owner for the Contributor & Visitor groups to that the business can manage the membership for those groups.

2. Will you establish quotas or let SharePoint become a dumping ground?

Some may feel this falls under the “operations” category of their Governance plan, what you really need to figure out is how rapidly do you think your users are going to fill SharePoint up with content? Then even more importantly, do you want any sort of “governator” in place that helps stop a site collection from growing to the Microsoft supported 100 GB limit which generally is a real pain in the ass to support in case you ever have to backup/restore it. I personally strongly recommend quotas for the simple reason that they are conversation starters. When you put a limit on how big a site collection can grow, you will force a conversation when a user hits that limit. By having that conversation you can better understand how the business is leveraging the platform and consider any improvements to either your service or their processes.

Another important “quota” to consider is what is the maximum file size that you will allow to be uploaded into SharePoint. Keep in mind this is another one of those gems that Microsoft publishes the maximum is 2GB but in all practicality, the limit I would recommend would be no greater than 250 MB. Typically from what I’ve seen any file that is over 100 MB is typically not meant for collaborating on. It is usually a PowerPoint Deck with high resolution images where the original creator is not aware of compression technologies.

3. What type of Development/Customizations/3rd Party Tools will you support?

Perhaps one of the most comical parts of deploying SharePoint is that moment where you realize that you will often requires 2-3 ISV’s to help fill the gaps and make it usable in your enterprise. It is typically a few months after the finance folks finish patting themselves on the back after battling with Microsoft Licensing to get all the terms & conditions of your Enterprise Agreement all wrapped up. In addition to the ISV’s you are going to find yourself in a situation where pockets of users will want to customize SharePoint. At first it is a logo here or some fonts there, but eventually a user is going to have a “requirement” that SharePoint “does this”. That will be the moment when you get introduced to even more SharePoint “Experts”, your neighborhood friendly SharePoint Developers. If your environment is 2010 then you’ll need to guide them towards either Farm (GAC) or Sandbox solutions – or if in 2013 you’ll likely want to explore the new App model.

The number one piece of advice that I can give you is to try and establish your Development standards as a “use out of the box first” and visual studio developed solutions second, especially as you continue to grow your knowledge as to what SharePoint does provide as part of your multi-million dollar EA agreement. The one caveat that I want to say is throwing a bunch of javascript into a content editor webpart is not really leveraging out of the box. 🙂

The number two piece of advice I can give you is to do a snapshot of performance before/after you receive custom code from your development teams. I cannot count the number of times where I have received code from offshore that caused response time to double or triple.

I am sure there are people that can point out other “important” topics, but from my experience those are the top 3 that should be addressed early on in your governance discussions.

Anonymous Access is broken on SharePoint Subsites — May 12, 2013

Anonymous Access is broken on SharePoint Subsites

I ran into an interesting problem the other day and figured I’d share it with the Internet. One of our customers had a site collection setup for anonymous access and had noted that one of their sub sites was not respecting the anonymous setting. Basically you click on the sub site and it would then authenticate you. Permissions were being inherited from the root site collection so in theory the sub site should also be setup for anonymous. After some digging around I noticed the site collection admin had made changes to the master page on the sub site and did not publish it. Therefore the v4.master was set in a Draft state and SharePoint tried to authenticate the user since the anonymous user did not have access to the v4.master.

So long story short, if you ever run into a problem on a sub site where you can’t figure out why anonymous is broken – check out the master page to see if it is checked in or not.

SharePoint February 2013 CU (+COD) breaks the RSS Viewer Webpart — April 23, 2013

SharePoint February 2013 CU (+COD) breaks the RSS Viewer Webpart

So I ran into a fun little problem a few days after patching our environment with the February 2013 CU + Critical “On-Demand” Update. Much like Microsoft we rushed to get the COD installed in our environment right away because we had a few highly visible sites experiencing the navigation node issue introduced back with the August 2012 CU. In true Microsoft fashion, I ran into a nugget where the latest patch broke some legacy functionality.

This time around the poor RSS Viewer Webpart died a strange an horrible death for non-anonymous sites. Just so we’re all playing with the same equipment.. We’re running Claims, Kerberos, and good ol’ fashioned 2010 Enterprise bits. When I say it breaks for non-anonymous sites, I really mean that when the webpart is on a page that is not set for anonymous it will not render the RSS feed. I’m not saying that it breaks for authenticated RSS feeds as inaccurately described during the Todd Klindt netcast, but rather when it’s placed on a non-anonymous site/site collection.

Luckily my man Srinivas from the Microsoft Product Team was very aware of this latest bug. He was able to provide us with a fix which I’d like to share with you the Internet..

Add this goodness to a CEWP on your page.. (Hide the titlebar unless you set it to Todd Klindt rocks)

function CustomUpdateFormDigest()
if(window._spPageContextInfo != null)
var $v_2 = window._spPageContextInfo;
var $v_3 = $v_2.webServerRelativeUrl;
var $v_4 = window._spFormDigestRefreshInterval;
UpdateFormDigest($v_3, $v_4);

As Todd Klindt always says.. Only patch if you absolutely need to and only hit up Production after some pretty rigorous testing..

Help! Our SharePoint Expert killed the Master Page (and not in a good way) — March 20, 2013

Help! Our SharePoint Expert killed the Master Page (and not in a good way)

One of the common problems that I see with “SharePoint Experts” is when they decide to start monkeying with master pages, they usually blow things up. We had an instance where one of our “SharePoint Experts” decided to blow away a master page which resulted in the fun correlation error page. There are a few good ways to restore order to your world.

1. You take away their access to the site. 🙂 (kidding)

2. You can try to go in through SharePoint Designer to set it to a working master.

3. You can reset the master page with some P-Shell (kudos to Todd Klindt): http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=226

4. You can go directly to the change master page screen http://contoso.com/sites/_Layouts/ChangeSiteMasterPage.aspx

Yup.. Master Pages are fun.

Watching Todd Klindt’s Netcast on your Roku — March 12, 2013

Watching Todd Klindt’s Netcast on your Roku

toddLike dozens of other SharePointers around the world, I find myself locked into Todd Klindt’s Netcast. Now you might ask yourself, what could be more fun than hanging out in the chat and watching Todd fumble with webcams & microphones? Watching Todd Klindt on your 50″ plasma!

If you’ve got a Roku you can add the hidden UStream channel by following these 4 simple steps:

  1. Goto roku.com
  2. Login with your account credentials
  3. Scroll down to “Manage Account”, click “Add a Private Channel”
  4. The channel code for UStream is IN4DN.

Once you’ve got it added, bring it up and do a Search for “Todd Klindt”. The only gotcha is you won’t return any results until after the netcast has started.

SharePoint 2010 People Picker is having a hard time finding people! — February 26, 2013

SharePoint 2010 People Picker is having a hard time finding people!

Working with Premier Support today (on a seemingly unrelated issue) I stumbled upon some very interesting functionality which seems to have alleviated some pretty serious SharePoint People Picker problems. Imagine yourself in a scenario with a lot of user domains and WINS not working 100% like it should. When WINS fails, SharePoint tries to do a NetBios broadcast which doesn’t make it outside the subnet. So what you’ll find is SharePoint’s People Picker craps out, and not in a good way.

For awhile there we tried the searchadforests command which in a lot of ways didn’t make sense because we already had 2-way trusts with all the domains we were trying to communicate with. We limped along with people picker taking 60-90 seconds to resolve users. It was faster at resolving Domain\User therefore that was the guidance we provided to most site collection admins.

Previous attempts at gaining help from Microsoft resulted in a recommendation to perform domain consolidation, which in a large organization isn’t helpful.

Ironically enough, the SharePoint August 2012 CU includes some new functionality outlined below. As  a point of reference, our people picker is now humming between 5-15 seconds. I really wish I knew about this fix back in October when we rolled the August 2012 CU out to our environment.

======== Outline of issue documented in August 2012 CU ==========

The issue is caused when you click ok, People Picker makes a NetBIOS call to try to resolve the domain name.  Since the customer does not have WINS set up, a NetBIOS broadcast is done.  This fails to find the trusted domains because broadcasts are not allowed outside of the subnet.

This issue has been resolved and is included in any Cumulative Update after the August 2012 CU


After you install the CU, you must run some PowerShell to enable the fix:

In order to use people picker without NETBIOS or WINS enabled you have to specify the domains you want to resolve users from using PowerShell explicitly on every web application.

After you installed the hotfix there is a new property which contains the NetBIOS name of a domain which you need to specify for the people picker settings for each web application.

This means that you have to list each of your trusted domains in the people picker settings, you cannot just specify a forest and have SharePoint resolve all domains from it.

Using PowerShell you can set the domain properties based on this sample.  The places where you need to enter your own values are in bold.

Add-PSSnapin Microsoft.SharePoint.PowerShell

# enable the global setting in the farm.  You only need to do this part once.
$farm = get-spfarm
$farm.Properties[“disable-netbios-dc-resolve”] = $true
# Handle one webapplication
$wa = Get-SPWebApplication http://yourwebapplicationurl
# Display current settings
# Save current settings to text file
$wa.PeoplePickerSettings.SearchActiveDirectoryDomains | out-file pp_settings_before.txt
# Clear the list

# You need to repeat the following block for all the domains you want People Picker to work for on this particular web app
# ——————————————————————————————————————————
$newdomain = new-object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
$newdomain.DomainName =‘oneDomain.corp.contoso.com’;  # specify the fqdn
$newdomain.ShortDomainName =’oneDomain‘; # specify the netbios name

# =====================================
# This section is only required if there is a one-way trust to the domain and the application pool account does not have access

# First you have to run setapppassword on every server in the farm.
# This sets the encryption key used with the password you enter for the account you specify for $newdomain.loginname
stsadm -o setapppassword -password <password>
# Where <password> is any string you want to use as an encryption key.
# This needs to be run on every server using the same value for <password>

$newdomain.loginname = ‘oneDomain\userName’ # Specify an account that has access to the remote domain
# Do not change anything in the next two lines, it will prompt you to enter the password.
[System.Security.SecureString]$secureStringValue = Read-Host “Enter the account password: ” -AsSecureString
# =====================================

# Repeat end
# ——————————————————————————————————————————-

# Finally save settings for the web app

You have to do this for each web application individually to enable the fix.



If you can’t install the August 2012 CU right away, this workaround can be applied.  It essentially caches domain resolution info for the NetBIOS domain name in the Netlogon service and makes Nltest /dsgetdc:<DomainShortName> work.  If you get that to work, People Picker should also work.

1.  Create a batch file that contains the following commands for each external domain:
Nltest /dsgetdc:ExternalDomainName.FQDN
Nltest /dsgetdc:ExternalDomainName

Nltest /dsgetdc:Global
Nltest /dsgetdc:Global.Contoso.com
…and so on for each domain…

2. Run this batch file as a scheduled task every 15 minutes on each WFE.  This should keep the Netlogon cache populated, and should prevent the error from occurring.