Configuring & Securing SP Services & Service Applications

A. Administering Sharepoint Services
A. 1. Create a document in a document library
  1. Log on to SP2010 WFE1 as CONTOSO\SP_Admin  with the password
  2. Open Windows Internet Explorer
  3. In the address bar, type http://intranet.contoso.com, and then press ENTER.
    After a few moments, the Contoso intranet Web appears.
  4. Click Site Actions, and then click View All Site Content.
  5. Click Documents.
  6. On the ribbon, click Documents
  7. Click New Document. The Open Document dialog appears.
  8. Click OK. After a few moments, the new document opens in Microsoft Office Word. If prompted for a user name, click OK. If the Windows Security dialog appears, perform the following steps:
    • In the User name box, type CONTOSO\SP_Admin
    • In the Password box, type its password, then click OK.
  9. In the document, type Sharepoint IT Policies and Procedures. 
  10. On the ribbon, click File, and click Save. After a few moments, the Save As dialog displays the Documents library.
  11. Click Save.
  12. Observe the status bar at the bottom of the Word window. Wait until Word has finished saving the document.
  13. Close Word and click Yes and OK to check in the document.
  14. Switch to Internet Explorer.
  15. To confirm that the document was saved in the document library, press F5 to refresh the page, and then click Retry.
A. 2. Attempt to convert a document

  1. Point at the row containing the new document Sharepoint IT Policies and Procedures, and then click the drop-down arrow that appears next to the file name.
  2. Observer that there are no options to convert the document. You must enable document conversion for each web application and it requires several services to be running.
  3. Minimize, but do not close Internet Explorer.
A. 3. Attempt to enable document conversion

  1. Open Sharepoint 2010 Central Administration. The User Account Control dialog appears.
  2. Click Yes.
  3. In the Quick Launch, click General Application Settings.
  4. In the External Service Connections section, click Configure document conversions. The Configure Document Conversions page appears.
  5. Click the Web Application list, and then click Change Web Application. The Select Web Application dialog appears.
  6. Click Sharepoint - intranet.contoso.com80
  7. In the Enable DocumentConversions section, click Yes, then OK. At the top of the page, a message appears that indicates you must choose a document conversion server.
  8. Click the Load Balancer server drop-down arrow.
  9. Observe that you have no options. You must enable the Sharepoint service on front-end Web servers before you can enable document conversions.
  10. Click Cancel.
A. 4. Configure and start document conversion services
  1. In the Quick Launch, click System Settings.
  2. In the Servers section, click Manage services on server. The Services on Server page opens. A list of all registered Sharepoint Services is displayed.
  3. In the Document Conversions Load Balancer Service row, click Start. The service starts.
  4. In the Document Conversions Launcher Service row, click Start. The Launcher Service Settings page opens.
  5. On the Launcher Service Settings page, in the Select Server section, verify that SP2010-WFE1 is selected.
  6. In the Load Balancer list, select SP2010-WFE1 and then click OK. The Service starts.
A. 5. Enable document conversion
  1. In the Quick Launch,  click General Application Settings
  2. In the External Service  Connections section, click Configure document conversions.
  3. Confirm that the selected Web application in the  Web Application list is http://intranet.contoso.com
  4. In the Enable Document Conversions  section, click OK
  5. In the Load Balancer Server list, select SP2010-WFE1, and then click OK.
A. 6. Test document conversion
  1. Switch to the instance of Windows Internet Explorer that displays the document library.
  2. To refresh the page, press F5, and then click Retry.
  3. Point at the row containing the new document Sharepoint IT Policies and Procedures, and then click the drop-down arrow that appears next to the file name.
  4. Observe the new menu item, Convert Document.
  5. Click Convert Document, and then click From Word Document to Web Page. The Create Page from document page opens.
  6. In the Title box, type Sharepoint Policies and Procedures.
  7. In the URL Name box, type SharepointPoliciesAndProcedures.
  8. Click Create, if the AutoComplete dialog opens, click No. The Sharepoint Policies and Procedures page opens.
A. 7. Configure and start Sharepoint Services
  1. Switch to Sharepoint 2010 Central Administration
  2. In the Quick Launch, click System Settings
  3. In the Servers section, click Manage services on server. The Services On Server page opens. A list of all registered Sharepoint Services is displayed.
  4. In the Claims to Windows Token Service row, click Start. The service starts.
  5. In the Microsoft Sharepoint Foundation Subscription Settings Service row, click Start. The service starts.
  6. In the Sharepoint Foundation Search row, click Start. The configuration page opens.
  7. In the Service Account list, select CONTOSO\SP_ServiceApps
  8. In the Content Access Account section, in the User name box, type CONTOSO\SP_ServiceApps
  9. In the Password box, type its password
  10. Cick Start
  11. Close all windows
B. Administering Sharepoint Windows Services
B. 1. Stop the Timer service
  1. Click Start, right-click Command Prompt, and then click Run as administrator. The User Account Control dialog appears.
  2. Click Yes.
  3. Type the following command, and then press ENTER:
    Net stop sptimerv4
    This will stop the Sharepoint 2010 Timer Service. When this Window Service has stopped. your Sharepoint Farm loses much of its functionality
  4. Close
B. 2. Attempt to create a service application
  1. Open Sharepoint 2010 Central Administration, and then in the Quick Launch, click Application Management.
  2. In the Service Applications section, click Manage Service Applications. The Manage Service Application page opens.
  3. On the ribbon, click New, and then click Managed Metadata Service. The Create New Managed Metadata Service dialog appears.
  4. In the Name box, type Managed Metadata Human Resources.
  5. In the Database Name box, type HRMetadata.
  6. In the Application Pool section, in the Application pool name box, type HRMetadataPool.
  7. In the Configurable list, select CONTOSO\SP_ServiceApps, and click OK. The page will pause indefinitely.
  8. Wait two minutes, click Cancel
  9. Press F5 to refresh the page.
  10. Observe that the Managed Metadata Human Resources service application is listed as Stopped, and that there is no Managed Metadata Service connection created for the service application. The Timer service must be running to process the jobs related to the creation of a service application.
C. Configuring Application Security
C. 1. Configuring Web Application and Application Pool Security
C.1.1 Review farm account settings
  1. Click Start, click Administrative Tools, and then click Services. The Services console opens
  2. Right-click Sharepoint 2010 Timer, and then click Properties.
  3. Click the Log On tab.
  4. Observe the account that is assigned to the Sharepoint 2010 Timer service.
  5. Click Cancel
  6. Click Start, click Administrative Tools, then click Internet Information Services (IIS) Manager
  7. Expand SP2010-WFE1
  8. Click Application Pools
  9. Right-click Sharepoint Central Administration V4, and click Advanced Settings
  10. In the Process Model section, observe the Identity property of the application pool
  11. Click Cancel.
C.1.2. Add a managed account
  1. Switch to Sharepoint 2010 Central Administration
  2. In the Quick Launch, click Security
  3. In the General Security section, click Configure managed accounts. The Managed Accounts page appears.
  4. Click Register Managed Account.
  5. In the User name box, type CONTOSO\SP_Admin
  6. In the Password box, type Password, and then click OK.
C.1.3. Change the Sharepoint Farm Account
  1. Switch to Sharepoint 2010 Central Administration.
  2. In the Quick Launch, click Security.
  3. In the General Security section, click Configure Service Accounts. The Service Accounts page appears.
  4. In the drop-down list, select Farm Account.
  5. In the Select an account for this component list, select CONTOSO\SP_Admin, and then click OK. Sharepoint will reconfigure services that use the farm account to now use the SP_Admin account.
  6. Wait for the Security page to appear.
  7. Open the Services console.
  8. Right-click Sharepoint 2010 Timer, and then click Properties.
  9. Click the Log on tab.
  10. Confirm that the account assigned to the Sharepoint 2010 Timer Service is SP_Admin.
  11. Click Cancel.
  12. Switch to Internet Information Services (IIS) Manager.
  13. Right-click Sharepoint Central Administration v4, and then click Advanced Settings.
  14. In the Process Model section, confirm that the Identity property of the application pool is SP_Admin.
  15. Click Cancel
  16. Repeat steps 1-6 to reset the farm account to SP_Farm.
C.1.4. Configure password change settings
  1. Switch to Sharepoint 2010 Central Administration.
  2. In the Quick Launch, click Security.
  3. In the General Security section, click Configure password change settings. The Password Management Settings page appears.
  4. In the Notification Email Address box, type sharepoint@contoso.com, and then click OK
C.1.5. Change a managed account password
  1. In Sharepoint 2010 Central Administration Quick Launch, click Security
  2. In the General Security section, click Configure managed accounts. The Managed Accounts page opens.
  3. In the CONTOSO\SP_Farm row, click the Edit icon.
  4. Select the Change password now option.
  5. In the Set account password to new value and Confirm password boxes, type [new password], and then click OK.
  6. Wait for the Security page to opens
  7. Confirm that the Last password change column of the CONTOSO\SP_Farm row indicates that the password was changed.
C. 2. Configuring Secure Sockets Layer Security
C. 2. 1. Review the encryption of Central Administration
  1. In the Quick Launch, click Security.
  2. In the General Security section, click Configure managed accounts. The Managed Accounts page opens.
  3. In the CONTOSO\SP_Farm row, click the Edit icon.
  4. Observe the warning that appears at the top of the page that reminds you that Central Administration is not using encryption.
C. 2. 2. Install Active Directory Certificate Services
  1. Hold down the SHIFT key and right-click Server Manager, and then click Run as different user. The Windows Security dialog appears.
  2. Enter the user name CONTOSO\Administrator and the password.
  3. In the console tree, click Roles.
  4. In the Roles Summary section, click Add Roles. The Add Roles Wizard appears.
  5. On the Before You begin page, click Next
  6. On the Select Server Roles page, select the Active Directory Certificate Services option. 
  7. Click Next
  8. On the Introduction to Active Directory Certificate Services page, click Next.
  9. On the Select Role Services page, ensure that Certification Authority is selected.
  10. Select the Certification Authority Web Enrollment option.
  11. Click Next
  12. On the Specify Setup Type page, ensure that Enterprise is selected, and then click Next.
  13. On the Specify CA Type page, ensure that Root CA is selected, and then click Next.
  14. On the Set Up private Key page, click Next.
  15. On the Configure Cryptography for CA page, click Next.
  16. On the Configure CA Name page, click Next
  17. On the Set Validity Period page, click Next.
  18. On the Configure Certificate Database page, click Next
  19. On the Confirm Installation Selections page, click Install
  20. On the Installation Results page, click Close.
C. 2. 3. Create and Install an SSL Certificate
  1. In the console tree, expand Roles, expand Web Server (IIS), and click Internet Information Services (IIS) Manager.
  2. In the Connections panel, expand SP2010-WFE1, and click SP2010-WFE1
  3. In the IIS section of the SP2010-WFE1 Home pane, double-click Server Certificates.
  4. In the Actions panel, click the Create Domain Certificate.
  5. In the Common name box, type Contoso.
  6. In the Organization box, type Contoso.
  7. In the Organizational unit box, type Sharepoint.
  8. In the City/locality box, type AURORA.
  9. In the State/province box, type IL.
  10. In the Country/region list, select US.
  11. Click Next.
  12. Click Select
  13. Click contoso-SP2010-WFE1-CA, and then click OK
  14. In the Friendly name box, type CONTOSO
  15. Click Finish.
C. 2. 4. Configure SSL for Central Administration

  1. In the Connections panel, expand Sites, and click Sites
  2. Right-click Sharepoint Central Administration v4, and click Bindings.
  3. Click Add.
  4. In the Type list, select https
  5. In the Port list, type 10000
  6. In the SSL Certificate list, select Contoso, and click OK.
  7. Click Close
  8. Close Server Manager.
C. 2. 5. Test SSL for Central Administration

  1. Open Internet Explorer.
  2. In the address bar, type http://sp2010-wfe1:10000. Press ENTER. A message indicates the following: There is a problem with this website's security certificate. This message appears because the certificate is issued by the server itself, not a trusted certificate authority. In a production environment in which you had established your certificate authority  using a certificate from a trusted certificate root, this message would not appear.
  3. Click Continue to this website (not recommended). The Central Administration site opens in secure mode.
  4. In the Quick Launch, click Security.
  5. In the General Security section, click Configure managed accounts. The Managed Accounts page opens.
  6. In the CONTOSO\SP_farm row, click the Edit icon.
  7. Observe that the warning message you observed in Task C.2.1 no longer appears.
  8. Close all windows.




Subscribe to: Posts (Atom)