Man, I’m really starting to hate SharePoint.

It’s cool and all… in a Marquis de Sade sort of way.  But, it can really make you pull your hair out.

Let me just say this:  If you ever want to move a SharePoint installation from an old, slow server to a newer, faster server - you better make sure that the new server is setup exactly the way the old server was.

I didn’t originally set up our first SharePoint server.  I just built the site.  The person who did set it up created the Shared Service Provider in the same web application where the main site itself resided.  This works, of course, but it isn’t really the ideal way to do it.  It is better if the SSP is setup in it’s own application.  But, if you’re going to move an environment already set up that way - you have to set up the new environment exactly the same way.  Otherwise, you’ll be spinning your wheels when you try to move the site.

To move it, you can use the stsadm.exe command:

stsadm.exe -o backup -url http://server_name/ -filename c:\backups\backup.dat

To backup the old server.  Then copy the backup.dat file to the new server and run the restore command with the overwrite option:

stsadm.exe -o restore -url http://new_server_name/ -filename c:\backups\backup.dat -overwrite

That works well enough… but, if you really want to do it right - restore EVERYTHING - you need a 3rd-party tool.  If you don’t know what I mean by EVERYTHING, then don’t sweat it… you’re probably still scratching your head about the word “SharePoint.”  I used DocAve by AvePoint software.  It’s pricey… but, well worth the green.  It’ll do things that you can’t even think about doing with stsadm.

     Setting up anonymous access in SharePoint 2007 is a tedious process at best.  You have to first configure the Internet Information Server (IIS) to allow anonymous access on the base web server.  Then you have to configure SharePoint for anonymous access.  MOSS 2007 has fine-grained permissions for everything from pages to list and document libraries… in theory.  Problem is, it doesn’t really work.  Let’s say you have a typical installation and it is set up for anonymous access.  You create a Photo Gallery library and add some photos.  You then create a page and the ”This Week in Pictures” web part so you can display a link to the photo gallery that allows people to view a slideshow.  You go into the gallery’s permissions and set the anonymous access permissions to “view”.  Done!

     Not.

     If you log out and try to view the slideshow anonymously, you will be asked to authenticate.  Now, this completely doesn’t make sense.  You go back and double and triple check your permissions.  It all seems correct.  What gives?

     What gives is Microsoft doesn’t think you really want the list to be anonymously accessible… they think you only want items in the list to be anonymously accessible.  Confused?  I was.  See, if you log in and navigate directly to a list item… copy the URL… log out… then try to view the item in the list… you can.  No problem.  But, if you try to view the list itself - forget about it.  Authenticate or perish.

     You CAN fix it… well, fixing it implies a bug, but it is a FEATURE, right?  (Warning, the following requires access the SharePoint server and a command prompt.)

     See, there is this “feature” called “ViewFormPagesLockDown” that cripples anonymous access in SharePoint.  If you want anonymous users to be able to access list items as well as the whole list, you have to deactivate the feature via the command prompt on the server.  That’s not really the difficult part.  And, here is the link that gives better instructions that I’m willing to spend the time to try and re-write here.  If you are familiar with the command prompt, you can turn this “feature” off in less than 5 minutes.

     Easy-peasy… uh, not so fast.  The rub (there’s always a rub) is that you now have to go into your site and turn off - and then back on again - anonymous access for every site in your collection.  From the top down.  Unless all of your subsites are inheriting permissions from the parent.  Some of mine were, but that didn’t seem to do the trick all the way down the hierarchy… so, I did unique permissions for each subsite just to be sure.  Hours it took me.  Hours.

     Hours that I could’ve spent doing something else.  Anything.

     So, that’s it, right?  Well… no.  Let’s say you want to be able to give anonymous users the ability to post data to a InfoPath form library?  You navigate to the permissions for the library, select the settings for anonymous access and - POOF! - everything other than “view” is ghosted out.  Again, you go back and double and triple check all your anonymous settings again, then lean back and start scratching your head.

     Didn’t we just fix that?  Microsoft strikes again with their second-guessing your ability to decide for yourself what you want anonymous users to access.  If you look at the URL of anonymous access permissions for the list, you’ll see something like this:

http://yoursite.com/_layouts/setanon.aspx?obj=%7BCADC86EA%2DA800%2D49D9%2DB4FC%2DDEEC93679CEB%7D%2CDOCLIB

     If you change the last little part of that URL to “LIST” instead of “DOCLIB”, you’ll magically be able to access those ghosted permission levels.  Why did Microsoft block access to those permission levels in such an obscure way?  I haven’t the faintest idea.

     Now, my last issue is that I want to be able to allow the People Search function in SharePoint to be available to anonymous users.  That opens up lots of possibilites… like dynamic staff directories so parents (this is a school district) can easily access the contact information of all the teachers and administrators.  Can it be done?  From what I’ve read so far, no.  But, with this system’s labyrinth of configuration menus, and weird command-line hacks to do things that it should do out of the box, I can’t definitively say it won’t work right now. Anonymous access in SharePoint 2007 is not intuitive at all.

     I’ll let you know when I know - or you can follow along.  Until then, you will be assimilated.

     I’ve been really neglecting my web site of late.  For the last few months things have been a whirlwind… but, in a good way.  Now I’m working on making a public web site using SharePoint 2007 - otherwise known as MOSS 2007 - for a local city school district on the Mississippi Gulf Coast.  What is SharePoint, you may ask?  (As I was asking last July.)

     SharePoint is a Content Management System (CMS) on the Windows platform.  It uses something called Windows SharePoint Services 3.0 (WSS 3.0) to provide back-end services to applications in the Office Suite (Word, InfoPath, Excel, Access, Outlook) so you can publish content to your web site directly from those applications… if everything is set up correctly.  I’ve used a number of CMS programs on the PHP side of the equation; Mambo, Jamroom, WordPress… they are all powerful in their own right.  But, SharePoint brings some serious power to the table.  It is primarily designed to be a team/colloboration platform with Workflows and document libraries with versioning.  It has fine-grained permissions, blogs, wikis, personal sites, the list goes on and on.

     The problem is that it is a beast.  The out-of-the-box version doesn’t present anything that would be acceptable as a public internet site.  And, don’t expect the MSDN SharePoint forum to be of much help.  It’s useful, yes, but not a lot of hot action going on there.  However, once you get your head around the virtualized directory structure, you can pretty much skin it with whatever you please.    There are also about 40 free web applications templates that you can plug in to really get more bang for your buck:  Human Resources, Sports, Publishing, Asset Tracking… all of it very customizable.  Just be ready for some command line action.

     A great place for some excellent video training is the MSDN Screencast site.  There is some great stuff there for beginner to hard-core coder.  For the beginning, check out the SharePoint Designer Primer vid.  And, get a taste of Custom Workflows while you’re there.

     Though the site I’m working on isn’t quite finished yet, the deadline is near.  I’ve been living, eating, breathing and sleeping (!) with SharePoint for about 2 months now.  I’m by no means an expert (yet), but I’ve had my trial by fire and have learned so ever-so-crucial things you need to know if you’re going to set one of these systems up for use as a public site with anonymous access.  Main thing you have to keep in mind is that SharePoint wasn’t really built with anonymous access as it’s priority… it’s meant to be used as an intranet site… a collaboration site.  And, anonymous access in SharePoint isn’t “truly” anonymous access to whatever you tell it.

     For a while there, I was pulling my hair out, until… but, wait.  That’s the next blog post.