What version of Telerik Components are deployed by Bamboo Products?

The Q1 (2017) Cumulative Update for Bamboo products, released in April 2017, updates the Telerik version used in all Bamboo component products that use Telerik:

Telerik Library

Version deployed for SP2013/SP2016

Version deployed for SP2010

Telerik.Web.UI

2016.3.1027.45

(previously, version 2012.3.1016.35 was deployed)

2016.3.1027.35

(previously, version 2011.2.915.35 was deployed)

Telerik.Web.UI.Skins

2016.3.1027.45

(previously, version 2012.3.1016.35 was deployed)

2016.3.1027.35

(previously, version 2011.2.915.35 was deployed)

IMPORTANT: The new Telerik assemblies are deployed from Bamboo.Framework.wsp. Some Bamboo component products may error if there are older and/or newer versions of Telerik assemblies in the SharePoint environment.

To fix errors caused by multiple Telerik versions deployed on your SharePoint farm, add an assembly redirect in your web.config file for each web application. See an example below and refer to How to Add a web.config Modification Using PowerShell for details.

<configuration>
...  
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">   
...
<dependentAssembly>
<assemblyIdentity name="Telerik.Web.UI" publicKeyToken="121fae78165ba3d4" culture="neutral" /> 
<bindingRedirect oldVersion="2012.3.1016.35" newVersion="2016.3.1027.45" /> 
</dependentAssembly>   
</assemblyBinding>     
</runtime>
...
</configuration>

What is left behind after uninstalling?

After uninstalling a Bamboo product, you may see one or more of the following solutions remain on your farm…

	SharePoint 2007	SharePoint 2010	SharePoint 2013
What’s left	Bamboo.AJAXExtensions.wsp Bamboo.core.wsp	Bamboo.core Bamboo.core.v1.wsp	Bamboo.core.v2.wsp
Why?	Bamboo.core.wsp is left behind because it put specific versions of the Telerik.web.ui and Telerik.web.ui.Skins assemblies into the GAC. You may have other Bamboo products remaining on your farm that use these Telerik assemblies. If this solution is removed, those other products would cease to work properly	See the note under SharePoint 2007	See the note under SharePoint 2007
How to get rid of it	Please contact Bamboo Support should you wish to perform an AJAX uninstall.	See How to uninstall Bamboo.core.v1.wsp from your SharePoint farm	From SharePoint Central Administration, from the Manage Farm Solutions page, Retract the solution and then Remove it. No additional steps are required.

SharePoint 2007

SharePoint 2010

SharePoint 2013

What’s left

Bamboo.AJAXExtensions.wsp
Bamboo.core.wsp

Bamboo.core
Bamboo.core.v1.wsp

Bamboo.core.v2.wsp

Why?

Bamboo.core.wsp is left behind because it put specific versions of the Telerik.web.ui and Telerik.web.ui.Skins assemblies into the GAC. You may have other Bamboo products remaining on your farm that use these Telerik assemblies. If this solution is removed, those other products would cease to work properly

See the note under SharePoint 2007

How to get rid of it

Please contact Bamboo Support should you wish to perform an AJAX uninstall.

See How to uninstall Bamboo.core.v1.wsp from your SharePoint farm

From SharePoint Central Administration, from the Manage Farm Solutions page, Retract the solution and then Remove it.

No additional steps are required.

Example of What Happens When User Redirect is On a Page

When a user attempts to access the page where User Redirect has been added, he/she will be allowed to see the page or the browser will redirect to a different page, according to the configuration settings of the Web Part on the page.

Example:

In this example, we want to set up a central support SharePoint site allowing our clients to access and create support requests. All clients will access the central support site with the same URL (i.e., support.myCompany.com), but each client will have their own username and password.

For our example, we have two very large clients that have special needs and we want to setup different sites to provide direct support to them. However, we want these two clients to use the same URL as the others. With User Redirect on the main support site, we will redirect these two clients to their sites when they log in.

The following steps describe how User Redirect helps to achieve the desired results.

Step	Action	Result
1.	Create the central support site
2.	Create two specific sub sites for each large client; client1.aspx and client2.aspx in this example.	\|
3.	Install User Redirect in the central support site as described in the Installation section of this document.
4.	Drag and drop User Redirect to the support.mycompany.com/default.aspx page
5.	Modify the web part settings to redirect the specific client login accounts to the appropriate site. In the Bamboo Properties section, update the following properties (Figure 5): Select Restrict and Redirect. Choose a name in the User Name list. Enter the Redirect Page for this user (i.e., client2.aspx). This URL can be specified with a full path or using a relative path format. Remember to always use the relative path if your user accesses the portal site via an external URL address. Click Apply. Repeat the above steps for the next user.
6.	Once you press Apply, the web part will display the user name along with the redirected page. When needed, you can delete a user/redirect page entry.
7.	Login to the portal as a user who will be redirected. Instead of the Home page, you will land on the client2.aspx page.

How to Work With the User Account Setup Web Part

User Account Setup is typically added to a blank Web Part page. When a user who is a Site Collection Administrator visits the page, s/he is presented with an interface to which new users can be added to both SharePoint and Active Directory or local NT, depending on how User Account Setup was configured.

Step	Action	Result
1.	The Site Collection Administrator can click the Clear button to clear text in all the fields on the Web Part and enter the contents into each column.	Columns marked with a red asterisk are required fields meaning they require content in them.

See Configuration topics for further details.

Using the Setup program to Uninstall

IMPORTANT: As of April 2017, Bamboo no longer includes Setup progra, in product download packages. An updated uninstall script is included instead. Please seeOverview of the Updated Installation Process for Bamboo components and Uninstalling using the updated process for details.

Before uninstalling a Bamboo web part product, be sure to delete the web part from all pages where it was used. If you forget to do this, your users will see errors on those pages after you uninstall.

Step	Action
1.	Stop the World Wide Web Publishing Service (W3SVC) of you are not using Claims Based Authentication (CBA) or SP2013. This will ensure that files that need to be removed during the install are not locked. From the Start menu on the SharePoint server desktop, click Administrative Tools > Services. Scroll down and right-click on World Wide Web Publishing Service and select Stop. If you are using CBA or SP2013, stop the App Pool(s) to ensure that files are not locked.
2.	Locate the installation files used to install the product. Double-click the Setup.bat program included in the main folder. Select the product in the Components section in the Setup program. Verify the installation location and required permissions and then click Install.
3.	Click Next to begin the uninstall. Verify that the system checks pass successfully and click Next.
4.	In the Repair, Remove or Install screen, select the Remove All option and click Next. Wait while the components are uninstalled.
5.	When uninstallation is complete, click Next to review the summary screen and confirm that the product removal was successful. Click Close.
6.	If there are additional components in the Components list in the Setup program, follow steps 2-5 above for each component.
7.	If you stopped the World Wide Web Publishing Service, restart it. From the Start menu on the SharePoint server desktop, click Administrative Tools > Services. Scroll down and right-click on World Wide Web Publishing Service and select Start.

Use the provided .lic file to extend your product’s trial period

Your Bamboo Account Manager may send you a *.lic file to use to extend your Bamboo product trial. The *.lic file needs to be placed in the folder on each WFE server where the product activation DLL resides. For SharePoint 2010 or SharePoint 2013, this is typically the Global Assembly Cache (GAC).

If you receive one, follow these instructions to install it.

Step	Action
1.	It is not possible to copy the .lic file directly to the GAC. Instead, you will copy it to the gac_msil* folder. On the SharePoint WFE server, from the Run command, enter `%systemroot%assemblygac_msil` Verify that you see the activation DLL for your Bamboo product listed. See Listing of Bamboo Solutions Web Parts and their associated Activation DLLs for details.
2.	Copy and paste or drag and drop the .lic file into the gac_msil folder.
3.	Repeat steps 1-2 for each WFE server in the farm.
4.	If a trial expired error was surfacing, browse to the site and refresh the page. The error should disappear once the .lic file is copied successfully to each WFE server. If you weren’t getting a trial expired error, you can verify the license was successfully extended by checking the status of your trial. See How to check the status of your trial license for more information. IMPORTANT: When you license this product after purchase, you will need to remove the *.lic file used to extend the trial as it may impact the license activation process.
5.	If the expired license message doesn’t go away, it could mean that the assembly file for the product you are trialing is in the Global Assembly Cache (GAC) rather than the /bin. This more typical for SP2010/2013 than for SP2007. In this case, the *.lic file needs to be added to the GAC.

Upgrading your Bamboo Web Part

Migrating in this documentation refers to moving from one version of SharePoint to another. Upgrading, on the other hand, refers to updating your Bamboo product to a newer release.

IMPORTANT: If you are migrating from one version of SharePoint to another version (i.e., SharePoint 2007 to SharePoint 2010), please see the topics under Migrating to a new SharePoint version…. You may need to upgrade the Bamboo products on your SharePoint farm before migrating.

To upgrade from a previous release of this product, perform the following upgrade procedure:

Step	Action
1.	Review Best practices for a successful install to learn which servers to install on and what services to stop or restart. These steps apply if you are upgrading or installing for the first time.
2.	Locate the product installation files. If you are upgrading, you may have downloaded a new version from the My Bamboo area of the Bamboo Solutions web site. If you just unpacked a new version, the Setup.bat will run automatically. Otherwise, double-click the Setup.bat program included in the root directory of the Installation Files. See About the Installation Files.
3.	Select the first product component in the Components section in the Setup program. When a component is selected, information specific to it is displayed on the right side of the interface. Verify the Location of Install Files and Required Installation Permissions. When ready, click Install. The installation program starts. It is a step-by-step wizard. The example screen shot shown is for the Tree View Web Part, but most Bamboo product installs look similar.
4.	Click Next to begin the upgrade. Verify that the system checks pass successfully and click Next. If the system checks do not pass, you will not be able to proceed. Notice in the screen shot above that it will be possible to proceed if the World Wide Publishing Service is started, although a yellow warning icon is displayed. If you are running with Claims Based Authentication (CBA) or if you are installing on SharePoint 2013, you need to keep this service on in order to automatically activate features during the install. Other than these scenarios, we strongly recommend that you stop this service before installing or upgrading. See Recommendations for a successful intstall for more information.
5.	In the Repair, Remove or Install screen, select the Upgrade/Repair Existing and Install New option and click Next. Wait while the components are upgraded. You will see progress displayed on the screen.
6.	When the upgrade is complete, click Next to review the Summary screen and confirm that the product upgrade was successful. You may need to scroll up to review the entire summary. When satisfied, click Close.
7.	If there are additional components listed in the Setup program, repeat steps 3-6 for each.
8.	When all the component upgrades have been completed successfully, be sure to restart the World Wide Web Publishing Service if it was stopped.

Upgrading using the updated process

Overview of the Updated Installation Process

In April 2017, with the Q1 Cumulative Update (CU) Bamboo introduced updated install/uninstall processes for component products (web parts). For more information about why this was introduced, please see Overview of the Updated Installation Process for Bamboo components

To upgrade a Bamboo product using the updated install process, please follow these steps (Warning.. Upgrades should be performed in Non-Peak hours as your farm will temporarily go offline)::

No.	Function
1.	Download the install package from downloaded from My Bamboo.
2.	Extract the contents of the package.
3.	Run the Install.ps1 from a WFE server in PowerShell as an admin. The install.ps1 script is used to install a new product or uppgrade an existing product.
4.	The script will look for WSPs in the install folder and list those found. Next, it will check to see if those solutions are already installed on the farm. If so, the installed solutions will be saved to a backup folder before proceeding. The folder will be named *bak_2017033015340* where the number represents the datetime the backup was created. This will provide the capability to rollback if the upgrade doesn’t conclude as expected. Rather than deploying the solution immediately, the script schedules deployment time for 1 minute in the future so multiple upgrades won’t collide. If a solution was previously deployed, the script uses Update-SPSolution to update it since that cmdlet is fast and reliable.
5.	When the deployment completes, deployment status information will be displayed for each solution. Check Central Administration to confirm deployment completion.
6.	If the upgrade doesn’t conclude as expected, you can easily rollback the install by simply copying the install.ps1 file to the *bak* folder created during the upgrade and running it from there as an Administrator.

Uninstalling using the updated process

Overview of the Updated Installation Process

To uninstall using the updated process, please follow these steps:

No.	Function
1.	Download the install package from My Bamboo.
2.	Extract the contents of the package.
3.	Run the Uninstall.ps1 from a WFE server in PowerShell as an admin.
4.	The script will look for WSPs in the install folder and list those found. It will uninstall them in alpha order. Rather than removing the solution immediately after its retracted, the script schedules deployment time for 1 minute in the future so multiple installs won’t collide. IMPORTANT: The script does not uninstall Bamboo.framework.wsp because it is a shared component and needed by other Bamboo components that are still installed. If you do not have other Bamboo products insalled on the farm, you can comment out the part of the script that skips the Bamboo.Framework.wsp.
5.	When the retraction completes, check Central Administration to confirm retraction completion.

Uninstalling from SharePoint Central Administration

NOTE: You need to be a machine administrator in order to Retract and remove a solution via Central Administration.

Step	Action
1.	In SharePoint Central Administration, go to the Manage Farm Solutions page (its called Solution Management in SharePoint 2007). In SP2010, click System Settings > Manage Farm Solutions. In SP2007, click Operations > Solution Management.
2.	Solutions are listed alphabetically. Find the solution you need to uninstall and click its Name. The solution status will be displayed. NOTE: The image below is from SharePoint 2010, but solution status from SP2007 and SP2013 look very similar. If the solution is deployed, you will see a Retract Solution link at the top of the page. If the solution is not deployed, you will see a Remove Solution link.
3.	Retract the solution from all web applications. Choose to retract now, or schedule it to occur at a particular time. Choose to retract from All content Web applications. Click OK when ready. NOTE: IF you are not a machine administrator, you may see an Access denied error. Make sure you have the appropriate permission level before attempting to retract a solution.
4.	Remove the solution. Once a solution has been retracted, the Remove Solution link is shown. Click Remove Solution to remove the solution.

Troubleshoot Problems with Deploying Farm Solutions

Troubleshoot Problems with Deploying Farm SolutionsTop

This topic applies to:

WSS 3.0 and MOSS 2007
SharePoint Foundation 2010/2013 and SharePoint Server 2010/2013/2016

Several issues and their corresponding solutions are described below. Click the link to jump to the appropriate issue.

Issue 1: Copying or Removing Assemblies
Issue 2: Deployment Fails or Times Out
Issue 3: Copying a File Failed
Issue 4: Resources Scoped for one Web App must be deployed to more Web Apps
Issue 5: Cannot Find a Certain File

Issue 1: Copying or Removing Assemblies

With SharePoint 2010 and 2013, we sometimes see failures when trying to copy assemblies to the Global Assembly Cache (GAC) or remove assemblies or other files from the bin or 14 or 15 hive during solution retraction and/or deployment.

Resolution:

Restart the SharePoint 2010/2013 Administration service on all of the Web Front End servers (all servers on the farm where the Foundation Web Application service is running).
Restart the SharePoint 2010/2013/2016 Timer service as well.

NOTE: The SharePoint Administration service carries out the actual removing and adding of files during deployment. Restarting the service works most of the time because the service should release the handle on a file. However, if the Administration service does not release the handle on the file, then deployment can fail. Restarting the timer service on SharePoint 2010/2013 will restart all SharePoint 2010/2013 timer jobs and you will need to delay installation for a while, until all of those jobs have had a chance to complete.

Remove the solution.
Reinstall the solution.

For more information, see:
http://msdn.microsoft.com/en-us/library/aa544500.aspx
Top

Issue 2: Deployment Fails or Times Out

Deployment fails, and the reason is not clear from the error shown in installation feedback (or just shows time out errors), or the Bamboo GUI installer appears to stop in the middle of the deployment, and eventually times out.

The Timer Job Definitions in Central Administration may show one or more persistent “one time” timer jobs listed.

Manual installations using stsadm also fails to complete the installation.

Resolution:

Delete the one-time timer jobs listed in the timer job definition list. Restart the SharePoint 2010/2013 Timer service on each server in the farm running the Foundation Web Application service.
Try the installation again.
Any solutions that show up in on the Solution Management page in Central Administration with a status of “undeployed” or “error” need to be either deployed manually in Solution Management, or removed, if you are going to run the Bamboo GUI installer. For more information, see Installation stops at the Repair Remove or Install screen
Run the stsadm installation using the -local rather than the -immediate parameter for stsadm -deploysolution. This will not invoke the timer service. As stated in this Technet article:

-local “Deploys the solution synchronously on the local computer only. The timer service is not used.”

You will have to run the deploysolution with the -local parameter on each server running the Windows SharePoint Services Web Application service or Foundation Web Application service.
For more information about deploysolution, see:
Deploysolution: Stsadm operation (Office SharePoint Server)

For more information about which server is running the Windows SharePoint Services Web Application Service, look in Central Administration:
– on SP 2007 in Operations > Servers in Farm
– on SP 2010 in System Settings > Manage Servers in this Farm

Clear the SharePoint Configuration cache. The Web Front End servers may be out of sync. For more information and instructions see Clear the SharePoint Configuration Cache for Timer Jobs.

If you experience issues with WSS and MOSS timer jobs failing to complete are receiving errors trying to run psconfig, clearing the configuration cache on the farm is a possible method for resolving the issue. The config cache is where we cache configuration information (stored in the config database) on each server in the farm. Caching the data on each server prevents us from having to make SQL calls to pull this information from the configuration database. Sometimes this data can become corrupted and needs to be cleared out and rebuilt. If you only see a single server having issues, only clear the config cache on that server, you do not need to clear the cache on the entire farm.

To clear the cache a single server, follow the steps below on just the problem server.

Stop the OWSTIMER service on ALL of the MOSS servers in the farm.
On the Index server, navigate to:

Server 2003 location: Drive:Documents and SettingsAll UsersApplication DataMicrosoftSharePointConfigGUID and delete all the XML files from the directory.
Server 2008 location: Drive:ProgramDataMicrosoftSharePointConfigGUID and delete all the XML files from the directory.
Delete all the XML file in the directory.

NOTE: ONLY THE XML FILES, NOT THE .INI FILE.

Open the cache.ini with Notepad and reset the number to 1. Save and close the file.
Start the OWSTIMER service on the Index server and wait for XML files to begin to reappear in the directory.
After you see XML files appearing on the Index server, repeat steps 2, 3 & 4 on each query server, waiting for XML files to appear before moving to subsequent servers.
After all of the query servers have all been cleared and new .xml files have been generated, proceed to the WFE and Application servers in the farm, following steps 2, 3, 4 and 5 for each remaining server.
Top

Issue 3: Copying a File Failed

This is the error message that you get: “Copying of this file failed. This operation uses the SharePoint Administration service (spadmin), which could not be contacted. If the service is stopped or disabled, start it and try the operation again.”

Resolution:

For instructions and more information, see this MSDN article.
Top

Issue 4: Resources Scoped for one Web App must be deployed to more Web Apps

This is the error message that you see: “This solution contains resources scoped for a Web application and must be deployed to one or more Web applications.”

Resolution:

Usually this can be resolved by running the Bamboo GUI installer, removing the product, and then reinstalling it.

We have also found that if the solution is showing up in the Solution Management page as installed but not deployed, you can try to run a manual deployment using stsadm.

See Best Practices for Installing Bamboo Products

Also see MSDN Issues Deploying SharePoint Solution Packages
Top

Issue 5: Cannot Find a Certain File

After an apparently successful deployment, you see errors about not being able to find file(s) when attempting to view products on a page.

Resolution:

Be sure to exclude directories such as %systemroot%Program FilesCommon FilesMicrosoft SharedWeb Server Extensions from file level antivirus scanning, or you may find that files that were deployed in that directory will be removed when the antivirus scan runs.

For more information, see this TechNet article.
Top

The Bamboo Web License Manager does not show up in Central Administration. How do I fix that?

The Manage My License Keys link is only displayed in SharePoint Central Administration if the Bamboo Web License Manager Web application feature has been installed and activated.

During the installation of the Bamboo Web License Manager, on the Deployment Targets step, the option to automatically activate features is enabled by default. If this checkbox was deselected, the Bamboo Web License Manager feature will not be activated automatically after it is installed and you will need to activate it manually by following the steps below.

Step	Action
1.	Access SharePoint Central Administration as a member of the SharePoint Farm Administrators group.
2.	On the Central Administration home page, select Manage web applications in the Application Management section.
3.	In the Web Applications Management page, click the SharePoint Central Administration v4 web application.
4.	Notice that the Web Applications ribbon appears. Click the option Manage Features in the ribbon. The available features are listed.
5.	Locate Bamboo Web License Manager feature and click Activate.

System Requirements

	SharePoint 2010	SharePoint 2013	SharePoint 2016
Operating System	Microsoft Windows Server 2008	64-bit edition of Windows Server 2008 R2 Server Pack 1 OR 64-bit edition of Windows Server 2012 Standard or Datacenter	64-bit edition of Windows Server 2012 R2 Standard or Datacenter For database server: 64-bit edition of Microsoft SQL Server 2014 Service Pack 1 (SP1)
SharePoint Version	Microsoft Windows SharePoint Foundation 2010 OR Microsoft Office SharePoint Server 2010	Microsoft SharePoint Foundation 2013 OR Microsoft SharePoint Server 2013	Microsoft SharePoint Server 2016
Browser	Microsoft Internet Explorer 8 or higher	Microsoft Internet Explorer 8 or higher	Microsoft IE 10 or higher

SharePoint 2010

SharePoint 2013

SharePoint 2016

Operating System

Microsoft Windows Server 2008

64-bit edition of Windows Server 2008 R2 Server Pack 1

64-bit edition of Windows Server 2012 Standard or Datacenter

64-bit edition of Windows Server 2012 R2 Standard or Datacenter

For database server: 64-bit edition of Microsoft SQL Server 2014 Service Pack 1 (SP1)

SharePoint Version

Microsoft Windows SharePoint Foundation 2010

Microsoft Office SharePoint Server 2010

Microsoft SharePoint Foundation 2013

Microsoft SharePoint Server 2013

Microsoft SharePoint Server 2016

Browser

Microsoft Internet Explorer 8 or higher

Microsoft IE 10 or higher

Cross Browser Support:

All products are tested to work with IE 8 and higher.

Not all Bamboo products support all browsers that SharePoint 2016 supports. The products listed below offer cross-browser support for the following: Microsoft Edge, latest version of Google Chrome, latest and immediate previous release of Mozilla Firefox, and latest release of Apple Safari.

Note: Bamboo products are not supported in an IIS Web garden configuration.

Some of our products which are not Web Parts are installed on an individual’s desktop or laptop. Examples are List Bulk Import and User Profile Sync. The requirements for these products are dependent on the operating system on which they are used.

Operating System

Windows Vista (32-bit or 64-bit)
Windows 7 (32-bit or 64-bit)
Windows 8 (32-bit or 64-bit)
– Windows Identity Foundation 3.5
Windows Server 2003 or 2008 (32-bit or 64-bit)
Windows Server 2012 (64-bit)
– Microsoft .NET Framework 3.5
Windows 10 (32-bit or 64-bit)
– Windows Identity Foundation 3.5

Server

SharePoint 2013:

SharePoint Foundation 2013 or SharePoint 2013

SharePoint 2010:

SharePoint Foundation 2010 or SharePoint 2010

SharePoint Release 3:

Microsoft Windows SharePoint Services v3 or Microsoft Office SharePoint Server 2007

SharePoint Online

Microsoft 365, Multi-Tenant Hosting and Built-in Authentication

What Site Collection Features are associated with my Bamboo product?

For information about how to activate a SharePoint Site Collection Feature, see Activating a Bamboo Site Collection Feature. If you know how to activate, but just aren’t sure which site collection feature goes with which product, see the table below.

If you are wondering about Site Features, rather than Site Collection Features, see How to activate a Bamboo site feature.

Product	Site Collection Feature Name	Mandatory?
Alert Plus	Bamboo Alert Plus Web Part	Yes
Calendar Plus	Bamboo Calendar Plus Web Part	Yes
Chart Plus	Bamboo Chart Plus Web Part	Yes
Column Level Security	Bamboo Column Level Security Column	No
Community Central	Bamboo Community Central Add Blog Comment Web Part Bamboo Community Central Content Types Bamboo Community Central Reporting Web Parts Bamboo Community Central Search Result Bamboo Community Central Supporting Web Parts	Yes
Cross List	Bamboo Cross List Web Part	Yes
Cross Site Display	Bamboo Cross-Site Display Web Part	Yes
Custom Identifier Column	Bamboo Custom Identifier Column	No
Data-Viewer	Bamboo Data-Viewer Web Part	Yes
File Share Library	Bamboo File Share Library	Yes
Filters Collection	Bamboo SharePoint Filters	Yes
Grants Management	Bamboo Grant Master Site Template Bamboo Grant Project Site Template	Yes
Group Email	Bamboo Group Email Web Part	Yes
Group Redirect	Bamboo Group Redirect	Yes
Hello	Bamboo Hello Web Part	Yes
In/Out Schedule Board	Bamboo In and Out Schedule Board Bamboo Solutions – SharePoint In/Out Schedule (is this old?)	Yes
Knowledge Base	Bamboo KB Accelerator Reporting WebPart Bamboo KB Admin Site Template Bamboo KB Admin Site Template R2 Bamboo KB Client Site Template – Meeting Workspace Bamboo KB Client Site Template – Team Site Bamboo KB Client Site Template R2 Bamboo Knowledge Base Accelerator Bamboo SharePoint Secure Trim Web Part	see bolded
KPI Column	Bamboo KPI Column Bamboo KPI Column Display WebPart	see bolded
List Consolidator	Bamboo List Consolidator Web Part	Yes
List Print	Bamboo List Print	Yes
List Rollup	Bamboo List Rollup Web Parts Bamboo List Rollup XSLT Data View NOTE: In releases prior to R7.x, the farm solutions listed below were included in the List Rollup: Bamboo List Rollup Classic Edition Bamboo List Rollup Grid View Bamboo List Rollup Schema Designer The individual web parts are still available in R7.x, just now bundled into the single site collection feature called Bamboo List Rollup Web Parts	see bolded
List Rotator	Bamboo List Rotator Web Part	Yes
List Search	Bamboo List Search Advanced Web Part Bamboo List Search Simple Web Part	Yes
Lookup Selector Column	Bamboo Lookup Selector	No
Mini-Calendar	Bamboo Mini-Calendar Web Part	Yes
My Alerts Organizer	Bamboo My Alerts Organizer	Yes
Navigators	Bamboo Navigator Site Action Menu Bamboo Navigator Web Parts	Yes
Project Management Central	Bamboo Gantt Chart Web Part Bamboo PM Central Department Level Site – Lite Bamboo PM Central Projects Site Creation Area Bamboo PM Central Top Level Site – Lite Template Bamboo PM Project Site – Lite Template Bamboo PM Project Site – Stand-alone template Bamboo Project Central Content Types Bamboo Project Central Supporting Web Parts PM Central installation files include a utility (called the Bamboo Feature Activation Tool) that will automate the activation of Site Collection features needed for PM Central. Using this utility will be MUCH easier than activating everything manually.	see bolded
Poll	Bamboo Poll Admin Web Part Bamboo Poll Voting Web Part	Yes
Project Portfolio Dashboard	Bamboo Project Dashboard Data Mapping Bamboo Project Portfolio Dashboard	see bolded
Rating Column	Bamboo Rating Web Part	Yes
Rich Text Column	Bamboo Rich Text	No
Site Creation Plus	Bamboo Site Creation Plus	Yes
Task Master	Bamboo Task Master	Yes
Team Calendar	Bamboo Team Calendar	Yes
Time Tracking and Management	Bamboo Time Tracking and Management Reporting Web Part Bamboo Time Tracking and Management Site Template Bamboo Time Tracking and Management Web Parts	Yes
Tree View	Bamboo Tree View Web Part	Yes
User Account Setup	Bamboo User Account Setup Web Part	Yes
User Directory	Bamboo User Directory Web Part	Yes
User Profile Plus	Bamboo User Profile Plus	yes
User Redirect	Bamboo User Redirect	Yes
Validator Column	Bamboo Validator Column	Yes
Virtual Map View	Bamboo Virtual Map View Web Part	Yes
Visual Indicator Column	Bamboo Visual Indicator	Yes
Wiki Publisher	Bamboo SharePoint Wiki Publisher	Yes
Workflow Conductor	Bamboo Workflow Conductor Feature Manager Bamboo Workflow Conductor Studio Bamboo Workflow Conductor Web Parts Bamboo Workflow Conductor Widgets Bamboo.StartWorkFlow.wsp	see bolded
World Clock and Weather	Bamboo World Clock And Weather Web Part	Yes

SharePoint 2010 User Management

Top

Introduction
SharePoint Architecture
SharePoint User Authentication
SharePoint User Management
User Profile Management
SharePoint Authorization
SharePoint Users and Groups
SharePoint Audience
SharePoint Server 2010 Secure Store Services
Summary
References

Introduction

Microsoft SharePoint is a platform for building and deploying collaborative solutions. It is a centralized Web portal that tracks content and documents as well as users, audiences, and teams. One of the major challenges for the SharePoint IT administrator is to understand and effectively manage SharePoint user access along with the multiple directory services that coexist within the corporate network, including numerous Web applications, sites, and multiple authentication servers. Since an increasing number of companies are deploying SharePoint on a global enterprise network, connecting a large number of users and, in the process, creating a structure of corporate hierarchy-based users as well as a formidable social network, user access must be regulated and managed effectively.

This article provides a detailed look at how users and security are managed and configured within SharePoint. It will give you a systematic overview of SharePoint architecture, user authentication configurations, and user security groups and permissions, and explain the differences between Microsoft SharePoint Server 2010 and Microsoft SharePoint Foundation 2010.

NOTE: You can also download this white paper for SharePoint 2010 User Management as a PDF.

Top

SharePoint Architecture

Given its architecture and the different options available, User Management in SharePoint is a very complex subject, and thus it will be worthwhile for us to discuss and understand the out-of-the-box SharePoint user management, security, and architecture. This diagram represents the logical SharePoint technologies architecture. SharePoint is now in its fourth major release and comprises the SharePoint Foundation 2010 (formerly Windows SharePoint Services version 3.0) and SharePoint Server 2010 (formerly Microsoft Office SharePoint Server 2007). SharePoint Foundation 2010 is a free add-on to the Windows 2008 server, running on top of SQL Server, Windows 2008 Server, and ASP.NET 3.x. SharePoint Server 2010 is a product that comes with different editions (Standard vs. Enterprise) and options (Excel Services, Content Management, etc.), and runs on top of SharePoint Foundation 2010.

Since SharePoint Server 2010 is built on Windows SharePoint Foundation 2010, they both share a lot of similarity in architecture and foundation. SharePoint Server 2010 provides more application-level features and services. It also has different and more extensive User Profile management features than SharePoint Foundation 2010. The important point about this architecture is that SharePoint relies on many user management and security principles from the Windows Network Operating system, IIS, and ASP.Net foundation. In the rest of this section we will take a look at:

SharePoint Foundation 2010 and SharePoint Server 2010 architecture
SharePoint Security (Authentication and Authorization)
SharePoint User Profiles in SharePoint Server 2010 and SharePoint Foundation 2010

Top

SharePoint Foundation 2010 Architecture

SharePoint Foundation 2010 contains the core platform services for SharePoint. SharePoint Foundation 2010 is a logical three-tiered architecture that contains a Front-end Web Server, the Search and Index server, and the Database Server.

SharePoint Foundation 2010 is basically a Web-based ASP.NET application that extends an IIS website that process HTML requests through a set of ASP.NET (.aspx) pages, .Net application programming interfaces (APIs), and XML Web services. It processes and executes the business logic using a combination of .NET and SharePoint object assemblies. The data is stored in the back-end SQL database. SharePoint then presents the information to the user in the standard HTML format compatible with most Web browsers. An IIS website that has been extended with SharePoint Foundation 2010 is called a Web Application (and was called a virtual server in SharePoint 2003), which uses an HttpModule and an HttpHandler to re-route incoming traffic to the SharePoint business logic, thus enabling the SharePoint Web Applications to coexist with other IIS Web applications.

NOTE: This architecture allows SharePoint and other Web applications to share the same user security infrastructures, mainly Windows Server and ASP.NET.

The Search and Index server is an executable (MsSearch.exe) that is installed as Web services in Windows Server. Its primary job is to index the content of the database to help with search operation on lists, documents, and files.

NOTE: SharePoint Server 2010 uses entirely different search architecture than that of SharePoint Foundation 2010.

SharePoint Foundation 2010 uses Microsoft SQL Server to store both the configuration as well as the content in the databases. When SharePoint Foundation 2010 is installed, it creates a configuration database that stores the metadata, physical configurations, and information about every Web application that has been extended, as well as all the servers and their roles in the farm. SharePoint Foundation 2010 also creates an Admin database that stores the content of the Central Administrator toll. And for every extended virtual server, SharePoint Foundation 2010 creates a Content Database that stores the actual content of the sites.

NOTE: SharePoint Foundation 2010 stores the user information in its content database.

SharePoint Foundation 2010 is also designed to be scalable. In a large or medium farm provision, you can assign multiple cluster databases on the back-end and install a load balancing architecture for the front-end Web server as shown above.

NOTE: There is only one Configuration database for the entirety of the SharePoint servers in the farm.

Top

SharePoint Server 2010 Architecture

SharePoint Server 2010 runs on top of the SharePoint Foundation 2010 platform, so it shares a similar architecture. SharePoint Server 2010 provides a number of extended applications and feature sets, such as: advanced content management and publishing sites, the ability to search content in external databases, social networking, and more site templates and workspaces. SharePoint Server 2010 itself also provides two different levels: Standard vs. Enterprise options, where additional features, such as business data Web Parts and Microsoft Office Data services are available only at the Enterprise level.

Instead of running Search and Index on the same box as SharePoint Foundation 2010, SharePoint Server 2010 uses another application server called SharePoint Service Applications (this is a new architecture similar to the Shared Service Provider in SharePoint 2007). This is a collection of application services that can be configured on one or more servers and shared across many different SharePoint Server 2010 and SharePoint Foundation 2010 sites. The services on these servers include enterprise level applications such as Search, Index, User Profile, My Sites, Business Connectivity Services, Form Services, Excel Services, Job Scheduling, and Usage Reporting.

The new and true application layer architecture of Service Applications provides scalability such that you can load-balance the servers where the applications are hosted. It also provides granularity where each Web application or farm can consume distinct services.

From the user management perspective, SharePoint Server 2010 also has several additional services that differentiate it from SharePoint Foundation 2010: User Profile Services (includes Audience), and Secure Store Services (Single-Sign-On, or SSO). Unlike SharePoint 2007, these services now manage information using their own databases which can be scaled independently.

Top

SharePoint Hierarchy

Another important topic that you need to understand in relation to SharePoint user management is the hierarchy, or scope, of the SharePoint architecture. The security and user permissions are applied based on the scope. SharePoint uses the following hierarchy:

Farm: This is the highest scope level, and refers to all SharePoint installations within a server farm. It can contain multiple servers, but each farm has a single configuration database.
Web Application: A Web application is the container for all sites on a particular server, on a specified IP address and port. Web applications map to one IIS website, which can consume multiple SharePoint Service Applications. This is what was called Virtual Server in SP 2003. As we said before, this is an IIS site that is extended to work with SharePoint.
Site Collection: A site collection is a top level site encompassing all of the sites within a particular Web application. Each site collection has its own content database.
Web: Refers to an individual site within a site collection. This the lowest scope level.

Top

SharePoint User Authentication

SharePoint security consists of two main parts: Authentication and Authorization. This section will focus on the Authentication process, which determines how a user’s identity is verified before allowing access to SharePoint sites.

SharePoint itself does NOT handle user authentication, but relies on Windows, ASP.NET, and IIS to perform that function. Authentication in SharePoint Foundation 2010 has been redesigned on top of the new authentication provider infrastructure introduced with ASP.NET 2.0. SharePoint is shipped out of the box to work with Windows Authentication, but also allows users the capability to work with forms authentication based on SQL Server. The following identity management systems are supported:

Windows: All Microsoft Internet Information Services (IIS) and Windows authentication integration options, including Basic, Digest, Certificates, Windows NT LAN Manager (NTLM), and Kerberos. Windows authentication allows IIS to perform the authentication for Windows SharePoint Foundation.
ASP.NET Forms: A non-Windows identity management system that uses the pluggable Microsoft ASP.NET forms-based authentication system. This mode allows SharePoint to work with a variety of identity management systems, including externally defined groups or roles such as Lightweight Directory Access Protocol (LDAP) and lightweight database (SQL) identity management systems. Forms authentication allows ASP.NET to perform the authentication for SharePoint Foundation, often involving a redirect to a log-on page.
SAML Token-Based: This is a new token-based authentication method introduced with SharePoint 2010 based on Security Assertion Markup Language (SAML).

Top

Claims-based Authentication

When you create a new Web application in SharePoint 2010, you can select either a “classic-mode” authentication, or a “claims-based” authentication method. Classic mode authentication only supports the Windows authentication, in which all user accounts are treated as Active Directory accounts.

If you select Claims-based authentication, SharePoint will convert all user accounts into claim token identities. Claims are more than just user security information. User accounts can be augmented with additional tokens (via the administration interface or programmatically) with claims such as Age, Sex, and Birth Date.

The following table summarizes the authentication types for each mode:

Authentication Type	Classic-mode authentication	Claims-based authentication
Windows	Yes	Yes
Forms-based	No	Yes
SAML token-based	No	Yes

Claims-based identity management is a big and complex topic. It is a feature, based on Windows Identify Foundation, that establishes the authentication foundation which allows SharePoint to move into cloud platforms such as Azure. As you can see from the table above, there is no practical reason to use classic mode authentication in SharePoint 2010, unless you are migrating from SharePoint 2007 and need some backward compatibility. When using claims-based authentication in SharePoint, you should be aware of the following considerations:

You can convert a Web application that uses classic-mode into claims-based authentication mode using PowerShell, but you cannot convert it back the other way.
Beware of third party software and your own custom code that uses Windows identities. Most likely, you will have to update the code to work with a claims-based system.
Search alerts are currently not supported with claims-based authentication.

NOTE: In this article we use the terms Authentication Provider or Service (frequently used with Active Directory), User Identity Management (frequently used with a custom system), User Authentication System, and User Membership Provider (which frequently refer to the LDAP provider) to mean the same system depending on the context of the topic. It is the system that keeps the user information and also provides access permission to a SharePoint site.

Top

Multiple authentication methods to access a SharePoint Web Application

You can configure SharePoint Web Applications to be accessed by up to five different authentication methods, thus allowing content from the same websites to be accessed and authenticated by different target users. For example, employees can be authenticated using one of the standard Windows authentication methods, which can be Windows integrated login (NTLM) behind the firewall, and SSL outside of the firewall. Partners or customers can be authenticated against a simple Form Authentication against a SQL database or even their own identity management system.

To configure a SharePoint Web Application to be accessed by two or more different authentication systems, you configure additional zones by extending the Web Application in Central Administration. SharePoint Zones represent different logical paths to gaining access to the same physical application. After extending the Web application, you can configure a separate authentication method for the new zone. The available zones are: Default zone, Intranet zone, Internet zone, Custom zone, and Extranet zone.

The major change in SharePoint 2010 is that you are allowed to use different authentication methods in a single zone if you are using claims-based authentication in that Web application. When you use multiple authentication modes in a zone, keep in mind the following considerations:

You can only implement one instance of form-based authentication in a zone.
Multiple claims-based authentication providers can be implemented in a zone.
You cannot implement more than one type of Windows authentication in a zone.
If you are using classic-mode authentication on a Web app, you are limited to only Windows authentications (including SSL as an option).

Top

SharePoint User Management

Since SharePoint uses an external user identity provider, its user operation is very simple. The fact that SharePoint can be provisioned in many different ways, and the overlap between SharePoint Foundation 2010 and SharePoint Server 2010, tends to confuse most users as to how it actually works. Here are some of the important points to remember:

Create Users: You do NOT create a user in SharePoint. Users are created in a user directory provider. You can then add or invite a new user to SharePoint.
Adding new users: You can add or invite a new user from any zone, and all authentication methods that are configured, if the membership provider and role manager are registered in the current web.config file. When you add a new user, SharePoint Foundation resolves the user name against the following sources in the following order:
- The UserInfoList table stored by SharePoint Foundation. User information will be in this list if users have already been added to another site.
- The authentication provider that is configured for the current zone. For example, if a user is a member of the authentication provider that is configured for the default zone, SharePoint Foundation first checks the associated membership provider.
- All other authentication providers.
Deleting users: User accounts are marked as deleted in the SharePoint Foundation 2010 database. However, the user record is not removed.
Generally, users who are members of an authentication provider in one zone can manage accounts across all zones as long as they are granted permissions.
Some user authentication systems behave differently within SharePoint Foundation 2010, depending on the authentication provider. The following table highlights several common user account tasks that differ depending on the authentication method that is implemented:

NOTE: SharePoint Server 2010 does NOT provide any user management functionality. SharePoint Server 2010 uses SharePoint Foundation 2010 to handle user management. SharePoint Server 2010 provides a User Profile database and has many people confused between User Management vs. User Profile Management, which we will review in next section.

Top

User Profile Management

When you are using just SharePoint Foundation 2010, the user management situation is pretty simple as shown in figure 7 below. SharePoint Foundation 2010 has a People and Groups feature that keeps track of user information. The user information is managed by:

When you add a user to SharePoint Foundation 2010, the system adds a limited number of properties from the user authentication provider, such as Active Directory, to the SharePoint Foundation 2010 Content database’s User Info table. This is a one-time sync between the User Directory Provide to the SharePoint Foundation 2010 database. SharePoint Foundation 2010 will try to map as much information as is in the UserInfo table from the User Directory Services when this happens.
You can add extra columns to the user info list, but they must be updated manually and will not be synced with the User Directory services.
This user info is stored per-site (remember, this is not per SharePoint Web; it is the top site collection). Clicking on the “My Settings” link takes you to a page where this information can be maintained.

SharePoint Server 2010, on the other hand, is a little confusing. SharePoint Server 2010 has a Profile Database that is stored in the User Profile Service Application database. It provides a much more extensive User Profile feature that allows for scheduled synchronization from one or more User Directory Services, which could be AD/LDAP/BCS/Custom, at regular intervals. You can define properties and set various policies on how data are imported from various user directory services.

As you can see in this image, there are more complex conditions in SharePoint Server 2010 when dealing with user management. The user information is propagating between various databases as follows:

Since SharePoint Server 2010 is based on SharePoint Foundation 2010, it also lets SharePoint Foundation 2010 manage its own user information. Meaning that when you add a user to a SharePoint Server 2010 site, such as a Team Site, SharePoint Foundation 2010 still copies a subset of the user information from the User Directory Services (A/D) to the UserInfo table in the content database, as shown in path 1 above.
At the same time, when you add a user to SharePoint Server 2010, it also checks to see if that user already has a record in its User Profile database. If a record does not exist, it creates a record in its User Profile table.
The User Profile table is stored in the User Profile Services Application database. Remember that this service application is independent of any front-end Web App, thus it can manage the users within a farm that has multiple Web Applications.
The User Profile Services Application database is kept up to date with the profile information in the User Directory services via an incremental profile timer import job. This is done in the Central Admin site of the SharePoint Farm. You can specify when the import runs, and what properties can be imported. This is shown in path 2 above.
A SharePoint Server 2010 timer job replicates the profile information in the User Profile Services Application database in the individual content database’s UserInfo table. This timer runs every hour and copies properties, such as picture and department.

NOTE: Only the profile properties that are marked with the option “replicable” can be replicated. This is shown as path 3 above.

With a SharePoint Server 2010 installation, you also need to be aware of several differences from a SharePoint Foundation 2010-only installation:

The most confusing factor for some people is how SharePoint Server 2010 displays user information. When you view an item’s CreatedBy and ModifiedBy fields, they come from the UserInfo table in the content database. But when you view information in a My Site, that information comes directly from the User Profile Services Application database. If you update a user profile in SharePoint Server 2010, there might be some delay in propagating this information from the User Profile database into the UserInfor table (sometimes the timer job also stops working altogether) and thus creates lots of confusion.
Since there is a Services Application, user profile information exists there. If you edit MySettings at a SharePoint site collection, it will actually edit the user profile information in the User Profile Services Application database. This is different from a normal SharePoint Foundation 2010 mode where MySettings would update the information in the UserInfo table.
Individual users can manage their information in the UserInfo table via the MySettings link, which is userdisp.aspx?ID={userid}, or useredit.aspx?ID={userid}.

NOTE: This info will get overridden every hour by what sits in the User Profile Services Application. There are ways to prevent this overriding.

To make it more confusing, if your SharePoint installation has enabled My Sites, things are more interesting. In SharePoint Server 2010, My Sites are special SharePoint site collections that surface the user profile information and are personalized for each user. My Sites are installed by default, but are not enabled. You will need to set up a My Site site collection under the User Profile Service Application in order to configure its various options. The reason that site personalization is stored in the service application is so that larger organizations that have multiple Web Applications and Portal sites can reference ONE personalization site.

As soon as the My Site feature is activated, any user profiles from an existing installation of SharePoint Foundation 2010 are replaced by the public profiles that are part of My Site. A My Site link is added to the top menu bar for all sites in the site collection, along with the My Links menu. In other words:

If My Sites exist, the user has to manage their profile information via their My Sites link. The link at My Settings in this configuration is read-only.
If My Sites exist, then administrators can and should manage profile information via the SSP profile DB, or My Settings for the user being edited.

Lastly, deleting a user profile also has several implications in SharePoint Server 2010. When you delete a User Profile in SharePoint Server 2010, the profile record is moved from the UserProfile table in SSP to the DeleteUsers table, and the deleted user’s My Site will become inaccessible. This way, if the user is re-imported back in at a later date, some information, such as Document Libraries and the new My Site can be reinstated.

Top

User Profile Information from BCS

Business Connectivity Service is a feature in SharePoint Server 2010 (formerly called BDC in SharePoint 2007) that allows users to create an interface to external information systems (databases) without writing any code. You can also import external user profile information from a BCS interface into the SharePoint Server 2010 user profile database. A real-world example is to set up a BCS interface to your company payroll or financial system to import employee Social Security Numbers into their user profile in SharePoint Server 2010. This capability also provides some misconceptions as to how BCS plays into the overall SharePoint user management capabilities:

Although you can import user information from a BCS interface into a SharePoint Server 2010 user profile, similar to how you import data from Active Directory, BCS cannot act as an authentication provider.
Even though you can import data from a BCS catalog, this can only act as a supplemental import. Meaning that another primary user authentication provider such as Active Directory or LDAP has to be setup as the primary source before you can use BCS. This has implications in cases such as when you use a SQL Form as your primary authentication provider, in which case you will not be able to set up the automatic import from that source. Thus, you will also not be able to import supplemental data from a BCS catalog.
Even though BSC provides read and write capabilities, user data from BCS can only be scoped to read into SharePoint, and you cannot update user profile data from SharePoint back into the BCS database.

Top

SharePoint Authorization

Once a user has been authenticated to be able to access a SharePoint site, the SharePoint authorization process determines which objects in the system a user can access and perform actions on. With the latest release of SharePoint Server 2010, permissions are handled strictly at the SharePoint Foundation 2010 platform level.

In this section, we will describe several important concepts that make up the authorization process in SharePoint:

Permissions
Permission Levels
Securable Objects
SharePoint Groups

Permissions

Permissions (which were called Rights in SharePoint Foundation 2010 v2) are the rights for a user to perform specific actions such as viewing pages, editing items, and creating sub-sites. SharePoint Foundation 2010 provides 33 pre-defined permissions that you can use to allow users to perform specific actions that are grouped into 3 main categories: List, Site, or Personal. SharePoint permissions are not assigned directly to users or SharePoint groups, but are assigned to one or more permission levels, which are in turn assigned to users and SharePoint groups.

Permission levels

SharePoint Permission Level (which was called site groups in previous version) is a group of permissions that can be granted to users or SharePoint groups so that they can perform specific actions on securable objects such as a site, library, list, folder, item, or document on your site. Permission levels allow you to group permissions and apply them to users and SharePoint groups on the various sites in your SharePoint installation.

When you create a new SharePoint site, there are 5 permission levels which are provided by default:

Full Control: The least restrictive permission level; allows full control over a site. You cannot modify or remove this permission level.
Design: Can view, add, update, delete, approve, and customize lists, libraries, and pages on your site, including themes and style sheets.
Contribute: Can view, add, update, and delete previously created list items and document libraries.
Read: The most restrictive permission level; allows users or groups to read pages on the site including the resource libraries.
Limited Access: A permission level that is automatically assigned to a user or group and therefore cannot be directly assigned by the administrator. It is used when you assign the users or groups to a child object without having access to the parent object. You cannot modify or remove this permission level.

Top

Securable Objects Permission

SharePoint provides the ability to manage item level permissions on individual objects (such as lists and libraries) even down to the individual folders, documents, and list items within those lists and libraries. These items, which you can apply permissions to, are called Securable Objects. Each site contains additional securable objects which have a particular position in the site hierarchy, as shown in the following figure.

Hierarchy and Inheritance

In SharePoint, permissions on any securable objects, such as Web, lists, libraries, folders, and documents, are inherited from their parent object. However, you can break this inheritance for any securable object at a lower level in the hierarchy by creating a unique permission on that securable object.

For example, you can create a sub-site (Web) and break the permission inheritance from the parent if you want to limit (or expand) the group of users who can have access permission to the site for security reasons. When you break the inheritance from the parent, the securable object from which you broke the inheritance receives a copy of the parent’s permissions. You can then edit those permissions to be unique — meaning that any changes you make to the permissions on that securable object do not affect the parent. In our example, sub-site A/B/C inherits permissions from the top-level Web site. This means that changes made to SharePoint groups and permission levels on the top-level site also affect all of those sub-sites.

When you make any change in sub-sites A, B or C, you are actually making changes at the parent site, since SharePoint does not allow you to manage permissions on a sub-site that is inheriting permissions from its parent site. Sub-site D has unique permissions, which are not inherited from its parent site. Therefore, any changes made to the permission levels and SharePoint groups on Sub-site D do not affect its parent site.

Top

SharePoint Users and Groups

You can add any user to SharePoint who has a valid account that has been authenticated as mentioned in the previous section. When a user is added to the system, you can assign direction permissions to a securable object (Web, list or library, etc.) or indirectly through a SharePoint group. Use a SharePoint Group, which is the recommended practice when managing security since it’s easier to manage changes, and apply the same group to different objects across your sites.

A SharePoint Group (which was cross-site group in the previous version) is a logical grouping of users that you can create to manage permissions to the site and to provide an e-mail distribution list for site members. All SharePoint groups are created at the site collection level and are available to all sub-sites in the site collection. You can also create groups that only have permissions on a particular sub-site.

SharePoint groups can contain Windows (Active Directory) security groups, ASP.NET Forms authentication groups (using the roles within the role membership provider), and individual users with a user account on the local server or a Windows domain.

SharePoint provides three default SharePoint groups with default permissions on the top-level site, each with a Site name prefix:

Site Owners: have Full Control permissions in the site.
Site Members: have Contribute permissions.
Site Readers: have Read permissions

Each of these SharePoint groups is associated with a default permission level, but you can change the permission level for any SharePoint group as needed.

Top

SharePoint Audience

A useful way to use user profiles out of the box is for audience targeting. Audience targeting refers to the ability to create an audience based on a specific set of rules and then target content to that specific audience. You can target specific contents such as a SharePoint list, library items, navigation links, and Web Parts to a specific group of people.

You can create an Audience in SharePoint Server 2010 using its Central Administration tool. Audiences are created based on a set of rules. The example below shows how a Sport Fan audience is created by looking for the world “NFL” in the About Me field in their user profile.

Once the Audiences rules have been created, you can then target different items by enabling the targeting, and then specifying who can be exposed to the content.

Top

SharePoint Server 2010 Secure Store Services

SharePoint Server 2010 provides another capability to help with user security management which is called Secure Store Service and is used to provide Single-Sign-On capability. This is a feature that does not affect the internal operation of SharePoint Server 2010, and is disabled by the default installation program. SSS is a database created in SharePoint Server 2010 to keep and manage a set of user names and passwords that can be used to access specific external systems that require access authentication.

An example is if you have a need to crawl and index a back-end office system, such as SAP or Oracle, to retrieve information that is then made available to the SharePoint enterprise search. These systems might need access to log in, and these accounts access information which can be retrieved for those purposes. There are several benefits to using SSS, such as the access information is encrypted and is more secure, and that the account information can be managed by an IT administrator while the Web Parts or code that uses the account does not to know the account, but just how to use it.

Top

Summary

Hopefully, this article gave you a good basic understanding of how SharePoint 2010 manages its users. Additional information can be found in various books and online articles, some of which are listed in the reference section below. Given the complexity of managing users in SharePoint, Bamboo Solutions has provided several Web Parts that are very useful in helping you keep the situation under control and create a happy and productive work force. Check out these products on Bamboo Solutions’ website, each of which is available for a 30-day free trial:

User Account Setup. Quickly and easily create new users in both Active Directory (or NT) and SharePoint from one location, saving IT Administrators time and effort.
Password_Reset. Allow SharePoint users to reset their Active Directory or NT password without administrator intervention.
Password_Change. Alleviate the workload of SharePoint Administrators by allowing users to change their own passwords while automatically adhering to your security policy.
Password_Expiration. Send your SharePoint users e-mail notifications before their password expires.
User Profile Sync. Synchronize user profile information between your SharePoint Directory and Active Directory databases.

References

TechNet Article: Plan authentication methods (SharePoint Server 2010)
Claims-based Identity for Windows: An Introduction to Active Directory Federation Services 2.0, Windows CardSpace 2.0, and Windows Identity Foundation
Windows Identity Foundation home page
TechNet’s articles on Migrate from classic-mode to claims-based authentication
Search Technologies for SharePoint 2010 Products
Compare SharePoint Editions
MSDN article on Microsoft Windows SharePoint Authorization and Authentication
MSDN article on User Profiles and Audience Targeting Overview

This article was originally written for SharePoint 2007 which can be found here.

SharePoint 2007 User Management

Top

Introduction
SharePoint Architecture
SharePoint User Authentication
SharePoint User Management
User Profile Management
SharePoint Authorization
SharePoint Users and Groups
SharePoint Audience
Summary

Introduction

Microsoft SharePoint is a platform for building and deploying collaborative solutions. It is a centralized web portal that tracks content and documents as well as users, audiences and teams. One of the major challenges for the SharePoint IT administrator is to understand and effectively manage SharePoint user access along with the multiple directory services that co-exist within the corporate network, including numerous web applications, sites, and multiple authentication servers. Since an increasing number of companies are deploying SharePoint on a global enterprise network, connecting a large number of users and in the process creating a structure of corporate hierarchy-based users as well as a formidable social network, user access must be regulated and managed effectively.

This article provides a detailed look at how users and security are managed and configured within SharePoint. It will give you a systematic overview of SharePoint architecture, user authentication configurations, and user security groups and permissions, and explain the differences between Microsoft Office SharePoint Server (MOSS) and Windows SharePoint Services (WSS). This article is written for the latest SharePoint version 3 release.

NOTE: You can also download this white paper for SharePoint 2007 User Management as a PDF.

Top

SharePoint Architecture

User Management in SharePoint with different options and architecture is a very complex subject, and thus it will be worthwhile for us to discuss and understand the out-of-the-box SharePoint user management, security and architecture. The chart in Figure 1 represents the logical SharePoint technology architecture. SharePoint is in its third major release and is comprised of Windows SharePoint Services (WSS) version 3.0 and Microsoft Office SharePoint Server (MOSS) 2007. WSS v3 is a free add-on to the Windows 2003 Server, running on top of SQL Server, Windows 2003 Server and ASP.NET 2.0. MOSS is available in various editions (Standard vs. Enterprise) and options (Excel Services, Content Management, etc.), and runs on top of WSS.

Since MOSS is built on Windows SharePoint Services (WSS), they share similar architecture and foundations. MOSS provides more application level features and services. It also has different and more extensive User Profile management than WSS. The important point about this architecture is that SharePoint relies on many user management and security principles from the Network Operating system, Microsoft Internet Information Services (IIS) and ASP.Net foundation. In the rest of this section we will take a look at:

WSS and MOSS architecture
SharePoint Security (Authentication and Authorization)
SharePoint User Profiles in MOSS and WSS

Top

Windows SharePoint Services Architecture

WSS is the core platform for SharePoint services. WSS is a logical three-tier that contains a Front End Web Server, a Search and Index server and a Database Server.

WSS is essentially a web-based ASP.NET application that extends an IIS web site processing HTML requests through a set of ASP.NET (.aspx) pages, .Net application programming interface (API), and XML web services. It processes and executes the business logic using a combination of .Net and SharePoint objects assemblies. The data is stored in the backend SQL database. SharePoint presents the information to end users in the standard HTML format compatible with most web browsers. An IIS web site that has been extended with WSS is called a Web Application (virtual server in previous WSS versions). SharePoint Web Applications use an HttpModule and an HttpHandler to re-route incoming traffic to the SharePoint business logic, thus enabling the SharePoint Web Application to coexist with other IIS web applications. Note that this architecture also allows SharePoint and other web applications to share the same user security infrastructure, mainly Windows Server and ASP.NET.

The Search and Index server is an executable (MSSearch.exe) that is installed as web services in Windows Server. Its primary job is to index the content of the database to enable searching on SharePoint lists, documents, and files. Note that MOSS uses entirely different search architecture than WSS.

WSS uses Microsoft SQL Server to store both the configuration and the content in the databases. When WSS is installed it creates a configuration database that stores the metadata, physical configuration and information about every web application that has been extended, as well as all the servers and their roles in the farm. WSS also creates an Admin database that stores the content of the Central Administrator tool. In addition, for every extended virtual server, WSS creates a Content Database that stores the actual site content.

NOTE: WSS stores the user information in its content database.

WSS is also designed to be scalable. In a large or medium server farm, you can assign a multiple cluster database backend and install load balanced architecture for the front end web server as shown above.

NOTE: There is only a single Configuration database for all SharePoint servers in the farm.

Top

MOSS Architecture

Although MOSS runs on top of the WSS platform, MOSS provides a number of extended applications and features, such as: Advanced content management and publishing sites, the ability to search the contents of external databases, and more site templates and workspaces.

Instead of running the Search and Index on the same box as WSS, MOSS uses another application server called Shared Services. This is a collection of application servers (a set of services) that can be configured on one server and shared across many different MOSS portal sites and WSS sites. The services on these servers include enterprise level applications such as Search, Index, User Profile, Content Management, My Sites, Business Data Catalogue, Form Services, Excel Services, Job Scheduling and Usage Reporting.

Another important architectural difference from WSS is the Search database is created for each Shared Services Provider (SSP) database in the farm. The SSP Search database contains search related information such as crawl properties, document properties and propagation properties.

From the user management perspective, MOSS also has several additional services that differentiate it from WSS: Audience, User Profiles database, and Single-Sign-On (SSO). The SSP database contains important data such as the Business Data Catalogue, Site Usage data, BI information and several tables for user management:

•User Profile information that is imported from a directory service such as Active Directory.
•Audiences and organizational hierarchies.
•Security information.

Top

SharePoint Hierarchy

Another important topic that you need to understand related to SharePoint user management is the hierarchy, or scope of the SharePoint architecture. The security and user permissions are applied based on the scope. SharePoint uses the following hierarchy:

Farm: This is the highest available level, and refers to all SharePoint installations within a server farm. It can contain multiple servers, but each farm has a single configuration database.
Web Application: A Web Application is the container for all sites on a particular server, on a specified IP address and port. Web applications map to one IIS web site, which also map to exactly one SSP. This is what was called Virtual Server in SPv2. As previously mentioned, this is an IIS site that is extended to work with SharePoint.
Site Collection: A site collection is a top level site where all sites within a particular web application are grouped. Each site collection can share the same content database, or have its own content database (see the link in the reference external link at the end of this article).
Web: Refers to an individual site within a site collection. This is the lowest available level.

Top

SharePoint User Authentication

SharePoint security consists of two main parts: Authentication and Authorization. This section will focus on the Authentication process, which determines how user identity is verified before allowing access to SharePoint sites.

SharePoint itself does NOT handle user authentication, but relies on Windows, ASP.NET and IIS to perform that function. Authentication in WSS v3 has been redesigned on top of the new authentication provider infrastructure introduced with ASP.NET 2.0. SharePoint is shipped out of the box to work with Windows Authentication, but also allows users the capability to work with SQL Server based form authentication. The following identity management systems are supported:

Windows: All Microsoft Internet Information Services (IIS) and Windows authentication integration options, including Basic, Digest, Certificates, Windows NT LAN Manager (NTLM), and Kerberos. Windows authentication allows IIS to perform the authentication for Windows SharePoint Services.
ASP.NET Forms: A non-Windows identity management system that uses the pluggable Microsoft ASP.NET form-based authentication system. This mode allows Windows SharePoint Services to work with a variety of identity management systems, including externally defined groups or roles such as Lightweight Directory Access Protocol (LDAP) and light-weight database identity management systems. Forms authentication allows ASP.NET to perform the authentication for Windows SharePoint Services, often involving redirect to a log-on page.
Delegated: A system for delegating end-user credentials from a trusted system to Windows SharePoint Services. This allows trusted services to pass user identities to Windows SharePoint Services for authorization, conveying who the current user is without requiring that Windows SharePoint Services have that user’s credentials.

NOTE: In this article we use the terms Authentication Provider or Service (frequently used with Active Directory), User Identity Management (frequently used with a custom system), User Authentication System, and User Membership Provider (frequently used to refer to the LDAP provider) interchangeably depending on the context of the topic. In all cases, the term refers to the system that keeps the user information and also provides access permission to SharePoint sites.

Top

Using Multiple Authentication Methods to Access a SharePoint Web Application

You can configure SharePoint Web Applications for access by up to five different authentication methods, thus allowing content of the same web sites to be accessed and authenticated by different target users. For example, employees can be authenticated by using one of the standard Windows authentication methods, which can be Windows integrated login (NTLM) behind the firewall and SSL outside of the firewall. Partners or customers can be authenticated against a simple SQL database Form Authentication or even their own identity management system.

To configure a SharePoint Web Application for access by two or more different authentication systems, you configure additional zones by extending the Web Application in the Central Administrator. SharePoint Zones represent different logical paths of gaining access to the same physical application. After extending the Web application, you can configure a separate authentication method for the new zone. The available zones are: Default, Intranet, Internet, Custom, and Extranet.

Top

SharePoint User Management

Since SharePoint uses an external user identity provider, its user operation is very simple. The fact that SharePoint can be provisioned in many different ways, and the overlap between WSS and MOSS tends to confuse most users on how it actually works. Here are some of the important points to remember:

Creating users: You do NOT create a user in SharePoint. Users are created in a user directory provider. You can then add or invite a new user to SharePoint.

Adding new users: You can add or invite a new user from any zone and all authentication methods that are configured, if the membership provider and role manager are registered in the current Web.config file. When you add a new user, Windows SharePoint Services 3.0 resolves the user name against the following sources in the following order:

The UserInfoList table stored by WSS v3. User information is in this list if users have already been added to another site.
The authentication provider that is configured for the current zone. For example, if a user is a member of the authentication provider that is configured for the default zone, WSS v3 first checks this associated membership provider.
All other authentication providers.

Deleting users: User accounts are marked as deleted in the WSS v3 database. However, the user record is not removed.

Managing users: Generally, users who are members of an authentication provider in one zone can manage accounts across all zones as long as they are granted permissions.

Some user authentication systems behave differently within WSS v3, depending on the authentication provider. The table below highlights several common user account tasks that differ depending on the authentication method that is implemented.

Note also that MOSS does NOT provide any user management functionality. Although MOSS provides a User Profile database, MOSS uses WSS to handle user management. We will address the differences between User Management and User Profile Management in the next section.

Top

User Profile Management

When you are using just WSS, the user management situation is pretty simple as shown below. WSS has a People and Groups feature that keeps track of user information. The user information is managed by:

When you add a user to WSS, the system adds a limited number of properties from the user authentication provider (e.g. Active Directory) to the WSS Content database’s User Info table. This is a one-time sync between the User Directory provider to the WSS database as shown in path 1 in Figure 8. WSS tries to map as much information from the User Directory Services to the UserInfo table as possible on the initial sync.
You can add extra columns to the user info list, but they must be updated manually and are not synced with the User Directory services as shown in path 2 above.
This user information is stored per site (remember, this is not per SharePoint Web, it is the top site collection). Clicking on the “My Settings” link takes you to a page where this information can be maintained.

MOSS, on the other hand, is a little confusing. MOSS has a User Profile database that is stored in the SSP database. It provides a much more extensive User Profile feature that allows for scheduled synchronization from one or more User Directory Services, which could be AD/LDAP/BDC/Custom, at regular intervals. You can also define properties and set various policies on how data is imported from various User Directory Services.

As you can see here, there are more complex conditions in MOSS when dealing with user management. The user information is propagated between various databases.

Since MOSS is based on WSS, it also lets WSS manage its own user information. When you add a user to a MOSS site, such as a Team Site, WSS still copies a subset of the user information from the User Directory Services (AD) to the UserInfo table in the content database, as shown in path 1.
At the same time, when you add a user to MOSS, it also checks to see if that user already has a record in its User Profile database. If a record does not exist, it creates a record in the User Profile table.
The User Profile table is stored in the Shared Services Provider (SSP) database. Remember that SSP is independent of any front-end Web Application, thus it can manage the users within a farm that has multiple Web Applications.
The SSP User Profile database is updated from the profile information in the User Directory services via a scheduled update. This is done in the Central Admin site of the SharePoint Farm. You can specify when this import runs, and what properties are imported to SSP. This is path 2.
MOSS replicates the profile information in the SSP database to the individual content database’s UserInfo table via a scheduled update. This timer runs every hour and copies properties, such as picture, department, etc. Note that only the profile properties that are marked with the option “replicable” are updated via the timer. This is path 3.

With a MOSS installation, you also need to be aware of several differences from a WSS-only installation:

The most confusing factor for some people is how MOSS displays user information. When you view an item’s CreatedBy and ModifiedBy, those fields came from the UserInfo table in the content database. But when you view information in My Site, that information comes directly from SSP’s User Profile database. If you update a user profile in MOSS, there might be some delay in propagating this information from the SSP database into the UserInfo table and thus create lots of confusion.
Since SSP-based User Profile information exists, if you edit MySettings at a SharePoint site collection, it actually edits the User Profile information in the SSP database. This is different from a normal WSS mode where My Settings updates the information in the UserInfo table.
Individual users can manage their information in the UserInfo table via the MySettings link, which is directed to the display form userdisp.aspx?ID=[userid], or to the edit form useredit.aspx?ID=[userid]. This information is overridden by the user profile information in the SSP database.

To make it even more confusing, if your SharePoint installation has My Sites enabled, things are more convoluted. In MOSS, My Sites are special SharePoint sites that are personalized for each user. My Sites are enabled by default, and every user in an organization has a unique My Site. The reason that site personalization is stored in SSP is so that larger organizations that have multiple Web Applications and Portal sites can reference ONE personalization site.

As soon as the My Site feature is activated, any User Profiles from an existing installation of WSS are replaced by the public profiles that are part of My Site. A My Site link is added to the top menu bar for all sites in the site collection, along with the My Links menu. In other words:

If My Sites is enabled, the user has to manage their profile information via their My Site link. The link at My Settings in this configuration is read-only.
If My Sites is NOT enabled, then administrators can and should manage User Profile information via the SSP profile database, or My Settings for the user being edited.

Lastly, deletion of a user profile also has implications in MOSS. When you delete a User Profile in MOSS, the profile record is moved from the UserProfile table in SSP to the DeleteUsers table, and the deleted user’s My Site becomes inaccessible. This way, if the user is re-imported in at a later date, some information such as Document Libraries and the My Site can be reactivated.

Top

User Profile Information from Business Data Catalog

Business Data Catalog (BDC) is a feature in MOSS that allows users to create an interface to external information systems (databases) without writing any code. You can also import external User Profile information from a BDC interface into the MOSS User Profile database. A real world example is to set up a BDC interface to your company payroll or financial system to import employees’ Social Security Numbers into their MOSS User Profiles. This capability also provides some misconceptions on how BDC plays into the overall SharePoint user management capability.

Although you can import user information from a BDC interface into a MOSS User Profile, similar to how you import data from Active Directory, BDC can NOT act as an authentication provider.
Although you can import data from a BDC catalog, this can only act as a supplemental import. Another primary user authentication provider (i.e., Active Directory or LDAP) has to be configured as the primary source before you can use BDC. This has implications when you use SQL Forms as your primary authentication provider: you will not be able to set up the automatic import from that source and thus you will also not be able to import supplemental data from a BDC catalog.

Top

SharePoint Authorization

Once a user has been authenticated for access to a SharePoint site, the SharePoint authorization process determines which objects in the system a user can access and perform actions on. With the latest release of MOSS 2007, permissions are handled strictly at the WSS platform level.

In this section, we will describe several important concepts that make up the authorization process in SharePoint:

· Permissions

· Permission Levels

· Securable Objects

· SharePoint Groups

Permissions

Permissions (rights in previous WSS versions) are the rights for a user to perform specific actions such as viewing pages, editing items, and creating sub-sites. WSS provides 33 pre-defined permissions that you can use to allow users to perform specific actions that are grouped into three main categories: List, Site, or Personal. SharePoint permissions are not assigned directly to users or SharePoint groups, but are assigned to one or more permission levels, which are in turn assigned to users and SharePoint groups.

Top

SharePoint Permission Levels

A SharePoint Permission Level (site groups in previous WSS versions) is a group of permissions that can be granted to users or SharePoint groups so that they can perform specific actions on securable objects such as a site, library, list, folder, item, or document on your site. Permission levels allow you to group permissions and apply them to users and SharePoint groups on various sites in your SharePoint installation.

When you create a new SharePoint site, there are five permission levels provided by default:

Full Control: allows users or groups full control over a site. Full Control is the least restrictive permission level. You can not modify or remove this permission level.
Design: allows users or groups to view, add, update, delete, approve, and customize lists, libraries, and pages on your site, including themes and style sheets.
Contribute: allows users or groups to view, add, update, and delete previously created list items and document libraries.
Read: allows users or groups to read pages on the site including the resource libraries. Read is the most restrictive permission level.
Limited Access: is a permission level that is automatically assigned to a user or group and therefore cannot be directly assigned by the administrator. It is used when you assign the users or groups to a child object of a parent object to which they do not have access. You can not modify or remove this permission level.

Top

Securable Objects Permission

SharePoint provides the ability to manage item level permissions on individual objects (such as lists and libraries), even down to the individual folders, documents, and list items within those lists and libraries. These items that you can apply permissions to are called Securable Objects. Each site contains additional securable objects which have a particular position in the site hierarchy, as shown here.

Hierarchy and Inheritance

In SharePoint, permissions on any securable object, such as web sites, lists, libraries, folders and documents, are inherited from their parent object. However, you can break this inheritance for any securable object at a lower level in the hierarchy by creating a unique permission on that securable object. For example, you can create a sub-site (Web) and break the permission inheritance from the parent if you want to limit (or expand) the group of users who can have access permission to the site for security reasons. When you break the inheritance from the parent, the securable object to which you broke the inheritance receives a copy of the parent’s permissions. You can then edit those permissions to be unique — meaning that any changes you make to the permissions on that securable object do not affect the parent.

In our example, sub-sites A, B and C inherit permissions from the top-level Web site. This means that changes made to SharePoint groups and permission levels on the top-level site also affect all of those sub-sites. When you make any change in sub-sites A, B or C, you are actually making changes at the parent site, since SharePoint does not allow you to manage permission on a sub-site that is inheriting permissions from its parent site.

Sub-site D has unique permissions, which are not inherited from its parent site. Therefore, any changes made to the permission levels and SharePoint groups on Sub-site D do not affect its parent site.

Top

SharePoint Users and Groups

You can add a user to SharePoint who has a valid account that has been authenticated as mentioned in SharePoint User Authentication. When a user is added to the system, you can assign permissions directly to a securable object (web, list, library, etc.) or indirectly through a SharePoint Group. Using SharePoint Groups is the recommended practice when managing security since it’s easier to manage changes for a group than for individual users, and apply the same group to different objects across your sites.

A SharePoint Group (cross site group in previous WSS versions) is a logical grouping of users that you can create to manage permissions to the site and to provide an e-mail distribution list for site members. All SharePoint groups are created at the site collection level and are available to all sub-sites in the site collection. You can also create groups that only have permissions to a particular sub-site as shown in path 1 in Figure 15.

SharePoint provides three default SharePoint groups with permissions on the top-level site, each with a Site name prefix. These default groups are also provided when a new site with unique permissions is created.

Site Owners: have Full Control permissions in the site.
Site Members: have Contribute permissions.
Site Readers: have Read permissions.

Each of these SharePoint groups is associated with a default permission level, but you can change the permission level for any SharePoint group as needed.

Top

SharePoint Audience

A practical way to apply user profiles out of the box is audience targeting. Audience targeting refers to the ability to create a group of users based on a specific set of rules and then target content to that specific audience. You can target specific content such as a SharePoint List, library items, navigation links, and Web Parts to a specific group of people.

You can create an audience in MOSS using its Central Administration tool. Audiences are created based on a set of rules. The example in Figure 17 shows how an audience of Sport Fans is created by looking for the world “NFL” in the About Me field in their User Profile.

Once the Audience is created, you can enable audience targeting. Select the securable objects for specific audiences using an Audience Targeting column for the library or list containing the items of interest.

MOSS Single-Sign-On

MOSS provides another capability to help with user security management which is called Single-Sign-On (SSO). This is a feature that does not affect the internal operation of MOSS, and actually is not even installed by the default installation program. SSO is a database created in MOSS to keep and manage a set of user names and passwords that can be used to access specific external systems that require access authentication.

An example is if you have a need to crawl and index a backend office system (e.g. SAP or Oracle) to retrieve information that is then made available to the SharePoint enterprise search. These systems might require login accounts for access, and the accounts’ access information can be retrieved for those purposes. There are several benefits to using SSO; i.e., the access information is encrypted and is more secure, and the account information can be managed by an IT administrator while the Web Parts or code that use the account do not have to know the account details, but just how to use it.

Top

Summary

Hopefully, this article provided you with a solid basic understanding of how SharePoint manages its users. Additional information can be found in various books and online articles; please see the Reference section for suggested reading. Given the complexity of managing users in SharePoint, Bamboo Solutions has provided several Web Parts and Solution Accelerators that are very useful to help you keep the situation under control and create a happy and productive work force. Check these products out on the Bamboo Solutions’ web site:

User Account Setup. Quickly and easily create new users in both Active Directory (or NT) and SharePoint from one location, saving IT Administrators time and effort.
Password_Reset. Allow SharePoint users to reset their Active Directory or NT password without administrator intervention.
Password_Change. Alleviate the workload of SharePoint Administrators by allowing users to change their own passwords while automatically adhering to your security policy.
Password_Expiration. Send your SharePoint users e-mail notifications before their password expires.
User Profile Sync. Synchronize user profile information between your SharePoint Directory and Active Directory databases.

This article has been updated for SharePoint 2010 which can be found here.

Selecting Account Options

Your administrator can configure options that allow you to add new accounts to security groups and grant SharePoint permissions at the same time the account is created. These settings can be predefined, or a list of options can be provided in the User Account Setup form.

The options you see in the new account form will vary depending on how the administrator configured the Web Part.

In the example here, the web part is configured to provide a list of options for Active Directory group membership, SharePoint group membership, and SharePoint site permission levels. The requestor can define which group memberships and site permissions to grant.

Security Settings for User Account Setup

Return to User Account Setup Configuration

After you first add User Account Setup to a page, the web part cannot be used to create accounts. A SharePoint user with the Full Control permission level or higher on the site must first configure the web part and select specific SharePoint groups and/or permission levels who are authorized to create accounts.

To authorize users who are members of SharePoint groups or permission levels to create accounts, add groups and permission levels in the Security Settings tab as described below. To begin configuring the Bamboo User Account Setup Web Part, first edit the Web Part:

Step	Action	Result
1.	In the Preference section of the Web Part Settings, click the Security Settings tab.
2.	Select one or more SharePoint groups and/or permission levels, and use the arrow buttons to move them to the Selected SharePoint Groups or Selected Permission Levels section.	NOTE: Only SharePoint groups and permission levels that exist in the site where the Bamboo User Account Setup Web Part instance resides will be available.
3.	Any user in the selected SharePoint group OR with the selected permission level can now use the Web Part to create accounts.	After the Security Settings are configured, users who access User Account Setup without the required permissions will see the following error message:

Required Installation Permissions

The installation account must be a member of the local server Administrators group and have the db_owner role for the SharePoint configuration database.

To automatically activate site collection features during installation (optional), use an account that is also a SharePoint site collection administrator.

If the installation account is not a Site Collection Administrator for all site collections in a web application, then you should choose to not automatically activate the solution during the installation. Site Collection Administrators can activate the solution when they are ready to use it in their site collection.

How to modify a web.config file using PowerShell

Background

Some custom SharePoint products make changes to the web.config file of a web application via SPWebConfigModification calls in order to support particular features. There is a web.config file for each web application on your farm and they reside on each WFE server. If your farm has 3 WFE servers and 2 web applications, you have 6 web.config files.

For SharePoint 2010, Bamboo product installs may add entries to the web.confg to support Telerik functionality. Telerik is a 3rd party that provides some user interface controls for some Bamboo products. See Bamboo products that use Telerik for a list.
For SharePoint 2007, Bamboo product installs may add entries to the web.confg to support Telerik and AJAX functionality. We use AJAX to allow web applications to send data to, and retrieve data from, a server asynchronously (in the background) without interfering with the display and behavior of the existing page. See Bamboo products that use AJAX for more information.

At times, some of these changes need to be modified (via additions to the web.config), or partially removed for particular web applications on your SharePoint farm.

It is neither recommended nor a best practice to manually update a web.config file. Manual changes are not tracked by SharePoint in the configuration database; as such, they will likely cause future problems for users on the farm. For example, when creating a new web application, the new web.config is generated automatically by SharePoint and the auto-generated file will not include any changes that were made manually.

Resolution

Use PowerShell to programmatically remove or add web.config modifications so that changes are updated in the configuration database as well as on the server(s). An added benefit of making changes via PowerShell is that SharePoint will propagate the changes, so if you have 6 web.config files on your farm, you need to run the PowerShell script only once.

For more information, please see:

Release Notes for User Account Setup

NOTE: Release Notes will open in a new browser tab

WSSv3/MOSS	SharePoint 2010	SharePoint 2013	SharePoint 2016
Release Notes	Release Notes	Release Notes	Release Notes
Microsoft ended mainstream support for SharePoint 2007 in October 2012. See Microsoft’s Lifecycle Support Policy. At that time, Bamboo stopped enhancements to our SharePoint 2007 product line, but continues to provide support and bug fixes to customers with active support contracts until October 2017. Previously purchased licenses will continue to function after October 2017, but support for these products will end, and no additional bug fixes will be provided beyond that time. Bamboo plans to cease selling new licenses and annual support contacts for its SharePoint 2007 products in October 2016 to ensure customers will be eligible to receive support for at least one year after purchase.	Microsoft plans to end mainstream support for SharePoint 2010 in October 2015. See Microsoft’s Lifecycle Support Policy. At that time, we will stop any enhancements for our SharePoint 2010 product line but will continue to provide support and bug fixes for our SharePoint 2010 products to customers with active support contracts until October 2020. Previously purchased licenses will continue to function after October 2020, but support for these products will end, and no additional bug fixes will be provided beyond that time. Bamboo plans to cease selling new licenses and annual support contacts for its SharePoint 2010 products in October 2019 to ensure customers will be eligible to receive support for at least one year after purchase.	Visit our website where you can get the latest info about each of our products for SharePoint 2013. A separate installation package and license key is required for SharePoint 2013 deployment. For additional details, review the following knowledge base articles: How to Migrate Your Bamboo Products to SharePoint 2013 How to Move Bamboo Product Licenses to SharePoint 2013	Bamboo Solutions has also begun releasing products for SharePoint 2016. For additional details, check the product release notes in the link above, or contact us. For details on migration, see the Knowledge Base Article “Migrate Bamboo Products from SharePoint 2013 to SharePoint 2016”

WSSv3/MOSS

SharePoint 2010

SharePoint 2013

SharePoint 2016

Release Notes

Microsoft ended mainstream support for SharePoint 2007 in October 2012. See Microsoft’s Lifecycle Support Policy.
At that time, Bamboo stopped enhancements to our SharePoint 2007 product line, but continues to provide support and bug fixes to customers with active support contracts until October 2017. Previously purchased licenses will continue to function after October 2017, but support for these products will end, and no additional bug fixes will be provided beyond that time. Bamboo plans to cease selling new licenses and annual support contacts for its SharePoint 2007 products in October 2016 to ensure customers will be eligible to receive support for at least one year after purchase.

Microsoft plans to end mainstream support for SharePoint 2010 in October 2015. See Microsoft’s Lifecycle Support Policy. At that time, we will stop any enhancements for our SharePoint 2010 product line but will continue to provide support and bug fixes for our SharePoint 2010 products to customers with active support contracts until October 2020. Previously purchased licenses will continue to function after October 2020, but support for these products will end, and no additional bug fixes will be provided beyond that time. Bamboo plans to cease selling new licenses and annual support contacts for its SharePoint 2010 products in October 2019 to ensure customers will be eligible to receive support for at least one year after purchase.

Visit our website where you can get the latest info about each of our products for SharePoint 2013.

A separate installation package and license key is required for SharePoint 2013 deployment. For additional details, review the following knowledge base articles:

Bamboo Solutions has also begun releasing products for SharePoint 2016. For additional details, check the product release notes in the link above, or contact us.

For details on migration, see the Knowledge Base Article “Migrate Bamboo Products from SharePoint 2013 to SharePoint 2016”

Understanding Bamboo Releases:

Bamboo offers Trial, Basic and Premium support.
- Free Trial support expires after 30 days.
- For more information about Basic and Premium support, please see the Support Plans page.
- There may be a fee to upgrade from a major version to another.

See Also:

Best Practices for a successful install

Follow these guidelines to ensure a successful installation:

No.	Function
1.	Back up your system.
2.	Make sure that your system meets the requirements listed in the System_Requirements section.
3.	Installing PM Central, Community Central, Grants Management, or other applications may upgrade some Bamboo components previously installed in your SharePoint farm. For example, PM Central includes the Data Viewer Web Part (among other things) and installing PM Central may upgrade the Data Viewer Web Part that you may have previously installed. Before installing PM Central or another Bamboo application, make sure you understand the effect upgrading installed components will have on your existing solutions.
4.	Before installing, review information about where to run the Setup program in Location of Install Files and the Required Installation Permissions. This information is shown on the Installation/Setup program interface, but is also available from the links above.
5.	If you are upgrading an existing, installed product rather than installing it for the first time, read the information about Upgrading for the product you are interested in. The upgrade process is slightly different than installing for the first time.
6.	On all servers in the SharePoint farm where the solution will be deployed: Go to Start > Administrative Tools > Services and stop or restart the following services: Stop the World Wide Web Publishing Service on all servers. Do this step first because it prevents users from accessing sites during installation and files that may need to be updated from being locked. Note: If your SharePoint environment is configured for Claims Based Authentication or is running SharePoint 2013 or SharePoint 2016, you should NOT stop the World Wide Web Publishing Service if you wish to automatically activate product features during installation. Read SharePoint 2010 solution deployment when Claims Based Authentication is configured for more information. Restart the Microsoft SharePoint Foundation Timer service (called SharePoint Timer Service for SharePoint 2013 and 2016, SharePoint 2010 Timer service if you are using SharePoint 2010, or Windows SharePoint Services Timer service if you are using SharePoint 2007) on all servers. Do this step even if the service is currently running. It will ensure no files that may need updating are locked. Restart the Microsoft SharePoint Foundation Administration service (called SharePoint Administration in SharePoint 2013 and 2016, SharePoint 2010 Administration service if you are using SharePoint 2010, or Windows SharePoint Services Administration service if you are using SharePoint 2007) on all servers. Do this step even if the service is currently running. It will ensure no files that may need updating are locked.
7.	Review the Options for Installing.

Return to Installing for the first time

Overview of User Account Setup Web Part

User Account Setup is typically added to a page within your site. When a user with Administrator Site Group access visits the page, they can add new users to both SharePoint and Active Directory or local NT.

NOTE: The user can click the Clear button to clear text in all the fields on the Web Part.

After the User Account Setup Web Part is configured, users follow a simple one or two-step process to create accounts.

Enter account information; all columns are required fields.
If configured as an option, select Active Directory and SharePoint group membership and permission levels.

When the request is submitted, and after an optional approval process is complete, the account is created in Active Directory, or the local server, or SQL membership provider, which are also configured in SharePoint.

Overview of the Updated Installation Process for Bamboo components

Options for Installing

In April 2017, with the Q1 Cumulative Update (CU) Bamboo introduced updated install/uninstall processes for component products (web parts). Instead of the Setup.exe Installation Application, we now supply two PowerShell scripts – one for Install/Upgrade and the other for Uninstall – to be used to install, upgrade, or uninstall the product. The install package downloaded from My Bamboo is now a *.zip file rather than a self-extracting executable.

The installation process was updated based on feedback from our customers. We are excited about the benefits the new processes offer:

Benefits
The processes are now very transparent; you know exactly what happens during the install/upgrade/uninstall. If you want/need to modify the scripts for your farm, you can do that.
If you are upgrading to a new version of a Bamboo product or if a new install updates a shared component used by another Bamboo product installed previously, the installed solution is saved before the upgrade. If the new install fails, you can easily rollback to the previously installed solution.
Rather than deploying each solution individually, deployments are queued which minimizes farm disruption by reducing the IIS Resets on the farm.
By design, the scripts are written to be compatible with PowerShell versions found on an SP2010 WFE server. Written to use the features of the older version of PowerShell, the scripts are simple and should work the same in all environments. If you would prefer to employ some PowerShell features available in new versions (e.g., output results to the grid/table), you can modify the scripts to use the PowerShell features available in your environment.

Please note the following for the new scripts:

The script installs all the WSPs found in the installation folder, in alpha order
The install/upgrade script deploys to all content web apps. If you would prefer to deploy to a single web app, you can modify the script or deploy via Central Administration.
Uses Upgrade instead of Install for existing components.

For additional information about how to use the updated processes:

Overview of User Account Setup Configuration

User Account Setup allows authorized SharePoint users to add accounts in Active Directory Services, the local Windows server, or a SQL membership provider. The new account can simultaneously be added to SharePoint, with updated profile information and SharePoint group membership. Need the ability to approve new accounts before they are created? User Account Setup provides a configurable approval process, with customizable notifications and a simple Web-based approval form. New account transactions can also be logged, with relevant account data stored in a custom SharePoint list for easy retrieval and review. Configure User Account Setup following the steps below.

First, add the web part to a pageand then follow the links below to configure User Account Setup.

Overview of the Installation/Setup Program

Options for Installing

IMPORTANT: As of April 2017, Bamboo no longer includes the Installation/Setup Program in product download packages. Please see Overview of the Updated Installation Process for Bamboo components for details.

There are several areas of note in the Installation/Setup program interface, shown below.

No.	Function
1.	The Setup program contains links to various product components listed under the Components header on the left. Click on any of these links to view additional information about the component on the right. The product components fall into the following categories: Prerequisites: Some products include prerequisite components that must be installed before the Bamboo product core components. Not all products will have prerequisites. Examples of prerequisites include the Microsoft Exchange Web Services (EWS) Managed API, Shared Assemblies Library, Microsoft AJAX Extensions, and Bamboo AJAX Config. If you have more than one Bamboo product installed on your farm, some of the pre-requisites may already be installed. Core Components: The product will include one or more core components that are required for the Bamboo product to work. Optional Items: Optional items provide additional features or functionality but are not required to use the Bamboo product. Not all products will have optional items. Licensing: All products will include the Bamboo Web License Manager or Bamboo License Manager. Licensing is required to activate a product license. It is not required during 30-day product trials. If you have previously installed the Bamboo Web License Manager with another Bamboo product, it may not be necessary for you to install it again. Help: When clicking the Help component, you will see links for the Online Documentation and other product-related resources. Click the Home icon () at the top of the components list to return to the Setup main page.
2.	The Installation Location section will tell you where to run the Installation/Setup program for the selected component. Read this information carefully before proceeding.
3.	The Required Installation Permissions section will explain required permissions for the selected component. Read this information carefully before proceeding. If the person running the installation/setup doesn’t have the appropriate level of permission, the install will fail.
4.	When ready, click the Install button to begin the installation process. It will do a few system checks, ask you to agree to our End User License Agreement, ask which Web Applications you want to install to (you don’t have to pick any), and ask if you want to automatically activate the solution on the selected web apps. When the install is complete, it will display an Installation Summary that you should review carefully. See an example below.

Click here for information about running the installation or go back to Installing for the first time… topics.

Overview of Licensing and Product Activation

When to Activate

After you purchase, you receive License Keys to use to activate the product license on each WFE server on your farm. License Keys never expire. See How many License Keys do I need for my SharePoint farm for more information. You can use a license key on only one server at a time. Servers in non-production (i.e., Staging, Test, Dev) farms require licenses too, just like servers in your production farm.

Activating a Standard Product License

For most Bamboo products, license keys are required for each WFE server in the SharePoint Farm. For certain products, such as Alert Plus or List Rollup, additional license keys may be required for application servers as well to use certain features. See Activating Your Bamboo Product License

Suites, Packs, Libraries, and Toolkits

For Bamboo Suites, Packs, Libraries and Toolkits, a single license activates all the products in the suite or pack for a specific WFE server. See Overview of Suite or Pack Licensing.

Keyless Licensing

On very large farms with several Bamboo products installed, it is often difficult to manage so many license keys. Bamboo offers keyless licensing for these scenarios. Please contact your Sales Manager for more information about keyless licensing.

Use the Bamboo Web License Manager to activate Bamboo products install on the SharePoint farm. For additional details, please see

Installing the Bamboo Web License Manager
Activating Your Bamboo Product License
Activating My Bamboo Product License Offline if your server doesn’t have access to the Internet.

Desktop Applications

Some Bamboo products are not installed on the SharePoint farm, but on a PC or server somewhere on your network. To activate the license for these products, please see Activating a Bamboo Desktop Product Using the License Manager.

Moving or Migrating your farm

If you are moving your SharePoint farm to new servers, please see Migrating my Bamboo Product License to a New Server. Licenses are activated to a particular hardware profile of the server. If the profile changes (i.e., you add a hard drive), the license will require migration.

If you have migrated your environment to a new SharePoint version (i.e., from SharePoint 201 to SharePoint 2013), see Migrate your Bamboo Product License Key From one SharePoint version to another. License keys for products running in different SharePoint versions are different. On-Prem Bamboo products on active support are eligible for no-cost upgrades to a newer SharePoint version (2016/2019/2022) as long as the two farms are not running concurrently for more than 60 days. Migrations to Microsoft 365 will require the purchase of new licenses. However, we do offer a discount for customers on current support for an on-premise product that has a Microsoft 365 equivalent

Trials

For product trials, no license is required. If you are wondering about the status of your trial or when it will expire, please see

Overview of Bamboo Product Trials

Overview of Licensing and and Product Activation

Try our products before you buy!

Trials are fully functional for 30 days from the date of installation.
Once a 30 day trial of a product has been installed on a server or farm, no further trial copies of the same product will function on the server or farm. When a product license key is purchased and activated (even after the trial has expired), the product will continue to work as it did during the trial.
Users who need additional time to evaluate a product will need to request a trial extension from their Bamboo Sales Account Manager (sales@bamboosolution.com).
There is no functional difference between the trial and purchased version of our products, with the exception of List Bulk Import and List Bulk Export. When a trial user purchases a license, it is not necessary to install a new version to replace the trial. You simply activate the license of the “trial” copy. Any configuration done on the product during the trial period will remain after the license is activated.
The List Bulk Import and the List Bulk Export product trials are limited in the number of items that can be imported/exported. Regardless of the number of items in an import file or in a SharePoint List/Library, only 15 items will be imported/exported with the trial version of these products. Once the license is activated, this restriction is lifted.

Overview of the new Bamboo product Logging

In April 2017, Bamboo released Bamboo.Logging v3.1.0.0 with the Q1 (2017) Cumulative Update of Bamboo component products.

In response to customer feedback the new logging version uses SharePoint ULS logs by default, instead of the the Bamboo logs. The main benefits of this change are:

Bamboo Log files will not fill the C: drive on WFE servers. Previously, Bamboo products reported errors to proprietary log files located in C:WindowsTempBambooSolutions on each web front end server in the farm as described in Error Log Files.
SharePoint administrators are very familiar with ULS logs and the ULS Log Viewer. When Bamboo products log to ULS, SharePoint administrators have one less set of logs to review.
ULS log files can be more easily managed for size and archived, a feature that was not previously available for Bamboo logs.

Bamboo component products installed or upgraded after April 2017 will have the new Bamboo Logging deployed as part of the Bamboo.Framework.wsp solution, which is common to Bamboo products and globally deployed to the SharePoint farm.

IMPORTANT:
1) If you have multiple Bamboo products installed on your farm, some Bamboo log files may remain in C:/Windows/Temp/BambooSolutions until you upgrade all of the Bamboo products.
2) Bamboo applications (e.g., PM Central, Workflow Conductor, In/Out Schedule Board) will not have the new Bamboo Logging until their respective CU’s are available in Q2 2017.

Please note the following for the new scripts:

The script installs all the WSPs found in the installation folder, in alpha order
The install/upgrade script deploys to all content web apps. If you would prefer to deploy to a single web app, you can modify the script or deploy via Central Administration.
Uses Upgrade instead of Install for existing components.

For additional information about how to use the updated processes:

Installing using the updated install process
Upgrading using the updated process
Uninstalling using the updated process

My product was licensed yesterday and today there is an error; what happened?

License keys are tied to the hardware GUID of the WFE server and if the GUID changes, the license will revert to the trial status. You will need to deactivate the license key and then re-activate the license using the same key.

GUIDs may change when a WFE server is dropped from a farm and then re-added.

IMPORTANT: For products licensed with the Bamboo License Manager (rather than the Web License Manager), the license key is tied to the hardware profile of the PC where the product is installed. If the hardware profile changes (i.e., a hard drive is added), the license will revert to the trial status. You will need to deactivate it and then re-activate it using the original license key. Products that use the Bamboo License Manager include: List Bulk Import, List Bulk Export, and User Profile Sync.

The problem is that the license status will no longer show the license key once the GUID changes, it will show as an expired trial license. See Is there a way to find a lost or unknown Bamboo product license key and then How to move your Bamboo Product License to a new server to resolve this issue.

Overview of moving a Bamboo Product License

To move a license, you need to deactivate the license key for the old server so you can activate it on the new server. A license key can be used on only one server at a time.

If the WFE servers in your SharePoint farm have access to the Internet, see How to move your Bamboo Product License to a new server.
If your WFE servers do not have Internet access, you will need to deactivate the license key via My Bamboo. See How to deactivate your Bamboo Product License is your server doesn’t have access to the Internet.

Migrating User Account Setup from SharePoint 2007 to SharePoint 2010

Be sure you have at least the Minimum SharePoint 2007 Product Release (shown in the table below) installed before migrating. If not, upgrade your Bamboo product release before migrating. For more information, see Upgrading your Bamboo Web Part. Also, the target SharePoint 2010 farm requires at least the Minimum SharePoint 2010 product release shown.

IMPORTANT: When migrating from SharePoint 2007 to SharePoint 2010, you MUST select the option to change existing SharePoint sites to use the new user experience. Your Bamboo products will not perform as expected with the old look and feel.

Minimum SharePoint 2007 Product Release	3.4.8	Minimum SharePoint 2010 Product Release	30.4.31

In-Place Upgrade
Issues	The User Account Setup Web Part does not successfully migrate to SharePoint 2010. The user will experience 2 separate issues: The User Account Setup Web Part display fails. Instead, the Web Part shows the error: `Web Part Error: One of the properties of the Web Part has an incorrect format. Microsoft SharePoint Foundation cannot deserialize the Web Part. Check the format of the properties and try again.` When adding the Web Part to the page in SharePoint 2010, users will see two instances of the Web Part in the Web Part gallery. The first entry in the Web Part Gallery can be added to the page without any problems. When adding the second entry to the page, users will see the following error: `Bamboo.HelperWebParts.CreateUser.CreateUser class does not derive from the Microsoft.SharePoint.WebPartPages.WebPart class and therefore cannot be imported or used in a WebPartZone control`
Resolution	To resolve Case 1, you will need to delete the existing User Account Setup Web Part instance and add a new instance to the page. Before resolving Case 1, you will need to resolve Case 2 or pick the first web part in the Gallery. Follow these steps to resolve isse 2 by removing an instance from the Gallery: Log into SharePoint 2010 as a Site Collection Administrator and go to Site Actions > Site Settings on the top site of a Site Collection. In the Site Collection Administration section, click Site Collection Features. Locate the entry Bamboo User Account Setup Web Part and click Deactivate then Deactivate Feature. Return to Site Settings. In the Galleries section, click Web Part Gallery. Locate the entry Bamboo User Account Setup Web Part (there should only be one) and delete this entry. Return to Site Collection Administration and click Site Collection Features. Locate the entry Bamboo User Account Setup Web Part and click Activate. Repeat for other Site Collections where the User Account Setup web part is used.
Database Attach Upgrade Method
Issues	The issues for this method are the same as those noted for the In-Place Upgrade method.
Resolution	The resolution for this upgrade method is the same as that noted for the In-Place Upgrade method.

Migrating User Account Setup from SharePoint 2010 to SharePoint 2013

Be sure you have at least the Minimum SharePoint 2010 Product Release (shown in the table below) installed before migrating. If not, upgrade your Bamboo product release before migrating. For more information, see Upgrading your Bamboo Web Part. Also, the target SharePoint 2013 farm requires at least the Minimum SharePoint 2013 product release shown.

IMPORTANT: When migrating from SharePoint 2010 to SharePoint 2013, the Database Attach Upgrade Method is the only method supported.

Minimum SharePoint 2010 Product Release	40.0.107	Minimum SharePoint 2013 Product Release	40.0.148.2013

Database Attach Upgrade Method
Issues	The User Account Setup migrates with a few issues: If relative paths were used when configuring the web part in the SP2010 farm, SP2010 SharePoint Groups or Permission Levels will still show below SharePoint Group/SharePoint Permission Levels sections. If absolute paths were used when configuring the web part in the SP2010 farm, no SharePoint Groups or Permission Levels will load below SharePoint Group/SharePoint Permission Levels section.
Resolution	To resolve the first issue, you will need to delete and re-add SharePoint Groups/ Permission Levels. To resolve the second issue, you will need to re-configure the new 2013 URL in order to add SP Group or Permission Levels.

Database Attach Upgrade Method

Issues

The User Account Setup migrates with a few issues:

If relative paths were used when configuring the web part in the SP2010 farm, SP2010 SharePoint Groups or Permission Levels will still show below SharePoint Group/SharePoint Permission Levels sections.
If absolute paths were used when configuring the web part in the SP2010 farm, no SharePoint Groups or Permission Levels will load below SharePoint Group/SharePoint Permission Levels section.

Resolution

To resolve the first issue, you will need to delete and re-add SharePoint Groups/ Permission Levels.

To resolve the second issue, you will need to re-configure the new 2013 URL in order to add SP Group or Permission Levels.

Migrate your Bamboo product from SharePoint 2013 to SharePoint 2016

Overview

This article outlines how to migrate Bamboo products from SharePoint 2013 to SharePoint 2016.

NOTE: In order to migrate a Bamboo product to SharePoint 2106 from a SharePoint 2013 environment, you need to ensure that the SharePoint 2013 farm has the appropriate version installed. If your Bamboo product version is older, you may need to upgrade the SharePoint 2013 version before migrating to SharePoint 2016. Please refer to information about the specific products that are installed on the farm you are migrating for possible additional steps needed or limitations of the migration.

For additional information about upgrading your existing SharePoint 2013 Farm to SharePoint 2016, read these TechNet articles:

Bamboo Solutions supports the Database Attach upgrade method for upgrading to SharePoint 2016. The migration of Bamboo products deployed on SharePoint 2007 or SharePoint 2010 environments directly to SharePoint 2016 Farms is not supported. These environments must be migrated to SharePoint 2013 first.

Migration Steps

Step	Description
1.	Before migrating, update the Bamboo products you have in SharePoint 2013 to the latest available release.
2.	Uninstall any products that are not available on SharePoint 2016. Group Email is an example of a product that was not ported to SharePoint 2016. If you do not remove the Bamboo Group Email from the SharePoint 2013 farm before migrating, the migration will fail because the feature will not be available in the SharePoint 2016 farm.
3.	Retrieve the SharePoint 2016 installation package and license keys for the Bamboo products you are migrating. See Migrate your Bamboo Product License Key From one SharePoint version to another for additional details. Install the Bamboo products on the SharePoint 2016 farm.
4.	Backup the SharePoint 2013 content database(s) and attach it to the SharePoint 2016 farm. If the database attach fails, see steps 1-3 above. IMPORTANT: Follow Microsoft’s Upgrade databases from SharePoint 2013 to SharePoint 2016 article to perform the database-attach migration.
5.	After the 2013 content databases have been successfully attached and upgraded to SharePoint 2016, you MUST retract and redeploy (or uninstall and reinstall) your Bamboo SharePoint 2016 products on the SharePoint 2016 farm. This process removes the SharePoint 2013 Web Part references and replaces them with SharePoint 2016 references in the newly attached content databases. This is not a Bamboo specific step. It must be performed for most 3rd party SharePoint software installations. If this step is skipped users will usually see errors when adding web parts to pages. IMPORTANT: If you have a staged migration that moves content databases in stages, you need to retract and re-deploy after each database (or group of databases are attached.

Migrate your Bamboo Product License Key From one SharePoint version to another

Overview of Licensing and and Product Activation

Bamboo Solutions completed its migration of more than 60 Bamboo products to SharePoint 2013 I the fall of 2013. A few years earlier, we completed the migration of many of those same products from SharePoint 2007 to SharePoint 2010.

Bamboo License Keys for previous versions of SharePoint are not valid for newer versions. If eligible, you can retrieve license keys for newer SharePoint versions through the My Bamboo area of the Bamboo Solutions web site.

When you activate product license keys for a newer SharePoint version, the keys for the older version become invalid after 60 days.

Bamboo Policy for Migrating License Keys

To receive a free SharePoint 2010 or SharePoint 2013 license key, you must have a valid Premium Support Contract for the product you are migrating to SharePoint 2010 or SharePoint 2013.

We support a 1:1 exchange of license keys. If your SharePoint 2007 farm had two WFE servers and your SharePoint 2010 farm has four WFE servers, you will need to purchase two additional SharePoint 2010 license keys. The same requirement holds for SharePoint 2010 farms you are migrating to SharePoint 2013.

How to get your new license keys

If you have a valid Premium Support Contract for the product you intend to migrate, follow these steps:

Step	Action
1.	Login to My Bamboo with the Bamboo account that made the original SharePoint 2007 Bamboo license key purchase or an account that can see the purchases.
2.	Click My Orders Product Licenses under the sectionlocated at the bottom of the page.
3.	On the Product Licenses tab of the My Orders page, each product purchased is listed. If an update is available, a Request SP 2013 License button is displayed in the Update Keys column. Click the button for the product you want to migrate. NOTES: 1. The Request SP 2010/2013 License button will not be available unless a Premium Support Contract is in place. 2. If you see something you think is wrong with your Product License listing, please contact your Bamboo Sales Representative at Sales@Bamboosolutions.com
4.	An order will be created automatically and you will be redirected to the order completion page, where you can retrieve the installation package. You will also receive an e-mail that provides you the link to the download package and your SharePoint 2013 License Keys. NOTE: If the text Not Available is displayed, this means either you do not have an active Premium Support contract or there is no SharePoint 2010 version of that product. Please contact your Sales Representative at Sales@bamboosolutions.com for additional assistance. For information about migrating the product, see these topics.

Migrate your Bamboo product from SharePoint 2010 to SharePoint 2013

Overview

This article outlines how to migrate Bamboo products from SharePoint 2010 to SharePoint 2013 (SharePoint Foundation 2013 & SharePoint Server 2013).

NOTE: In order to migrate a Bamboo product to SharePoint 2103 from a SharePoint 2010 environment, you need to ensure that the SharePoint 2010 farm has the appropriate version installed. If your Bamboo product version is older, you may need to upgrade the SharePoint 2010 version before migrating to SharePoint 2013. Please refer to information about the specific products that are installed on the farm you are migrating for possible additional steps needed or limitations of the migration (including whether the product is supported on SharePoint 2013 with the SharePoint 2010 look and feel).

For additional information about upgrading your existing SharePoint 2010 Farm to SharePoint 2013, read these TechNet articles:

Bamboo Solutions supports the Database Attach upgrade method for upgrading to SharePoint 2013. The migration of Bamboo products deployed on SharePoint 2007 environments directly to SharePoint 2013 Farms is not supported. These environments must be migrated to SharePoint 2010 first. Bamboo also does not support the downgrade of SharePoint editions during a migration. (i.e., SharePoint Server 2010 to SharePoint Foundation 2013)

Migration Steps

Step	Description
1.	Before migrating, update the Bamboo products you have in SharePoint 2010 to the latest available release.
2.	Uninstall any products that are not available on SharePoint 2013. Cross List is an example of a product that was not ported to SharePoint 2013. If you do not remove the Bamboo Cross List from the SharePoint 2010 farm before migrating, the migration will fail because the feature will not be available in the SharePoint 2013 farm.
3.	Retrieve the SharePoint 2013 installation package and license keys for the Bamboo products you are migrating. See Migrate your Bamboo Product License Key From one SharePoint version to another for additional details. Install the Bamboo products on the SharePoint 2013 farm.
4.	Backup the SharePoint 2010 content database and attach it to the SharePoint 2013 farm. If the database attach fails, see steps 1-3 above. IMPORTANT: Follow Microsoft’s Upgrade databases from SharePoint 2010 to SharePoint 2013 article to perform the database-attach migration.
5.	After the 2010 content databases have been successfully attached and upgraded to SharePoint 2013, you MUST retract and redeploy (or uninstall and reinstall) your Bamboo SharePoint 2013 products on the SharePoint 2013 farm. This process removes the SharePoint 2010 Web Part references and replaces them with SharePoint 2013 references in the newly attached content databases. This is not a Bamboo specific step. It must be performed for most 3rd party SharePoint software installations. If this step is skipped users will usually see errors when adding web parts to pages. IMPORTANT: If you have a staged migration that moves content databases in stages, you need to retract and re-deploy after each database (or group of databases are attached.
6.	Perform the permanent Visual Upgrade to upgrade your SharePoint 2010 site collections to the SharePoint 2013 Look and Feel. IMPORTANT: Bamboo does not support our SharePoint 2013 products running on a SharePoint 2013 server using the SharePoint 2010 Look and Feel.

Manually uninstall using stsadm

A single Bamboo product may include a combination of one or more SharePoint solutions (WSPs) and components installed using an MSI installer. Refer to the original installation files from your product for information about the components that may have been installed.

To manually uninstall a Bamboo SharePoint solution, follow the steps below. If you need to uninstall a component that was installed using an MSI installed, see Manually Uninstalling a Bamboo .msi.

NOTE: The steps in these instructions use the stsadm.exe command, which can be found in the BIN folder of the 12/14/15 hive of a SharePoint server. For example, on a SharePoint 2010 farm, that would be %PROGRAMFILES%Common FilesMicrosoft SharedWeb Server Extensions14BIN

NOTE: You can also retract and remove a SharePoint solution from SharePoint Central Administration. To uninstall your Bamboo product this way, see Uninstalling from SharePoint Central Admin.

Step	Action
1.	Locate your stsadm.exe command utility. These instructions use the stsadm.exe command, which can be found in the BIN folder of the 12/14/15 hive of a SharePoint server. For example, on a SharePoint 2010 farm, that would be %PROGRAMFILES%Common FilesMicrosoft SharedWeb Server Extensions14BIN
2.	Schedule the solution Retraction. You can schedule the solution to be retracted from one web application at a time: `stsadm.exe -o retractsolution -name [Component].wsp -immediate -url [http://WebApplicationUri:Port]` or from all web applications at once: `stsadm.exe -o retractsolution -name [Component].wsp -immediate -allcontenturls` Where: [Component] is the name of the installed component (i.e., Bamboo.TreeView.wsp), as shown in the cab installation sub-folder or in the list of solutions in the Manage Farm Solutions page of SharePoint Central Administration. [http://WebApplicationUri:portNumber] is the URL and Port for the web application where the solution is installed.
3.	Execute the solution retraction. NOTE: This command needs to be run on each Web front-end (WFE) server in the farm. `stsadm.exe -o execadmsvcjobs`
4.	Remove the solution. Delete the solution from the SharePoint solution store only AFTER the retraction job is complete. `stsadm.exe -o deletesolution -name [Component].wsp` Where: [Component] is the name of the installed component (i.e., Bamboo.TreeView.wsp), as shown in the cab installation sub-folder or in the list of solutions in the Manage Farm Solutions page of SharePoint Central Administration.
5.	Repeat steps 2-4 for each solution included in the product. NOTE: There are two solutions that are common across multiple Bamboo products. They are: Bamboo AJAX Config (SP2007 only) and Bamboo Core. Do NOT uninstall them unless you are sure there are no other Bamboo products remaining on your farm. If there are no other Bamboo products on your farm, uninstall these two solutions last.

Manually Install using stsadm

Options for Installing

These instructions use the stsadm.exe command, which can be found in the following location:

SharePoint 2007: %PROGRAMFILES%Common FilesMicrosoft SharedWeb Server Extensions12BIN
SharePoint 2010: %PROGRAMFILES%Common FilesMicrosoft SharedWeb Server Extensions14BIN
SharePoint 2013: %PROGRAMFILES%Common FilesMicrosoft SharedWeb Server Extensions15BIN

NOTE: Your product may include several SharePoint solutions in multiple [Component].wsp installation folders. Follow all steps for each solution to install the product for the first time.

Step	Description
1.	Review Best practices_for_a_successful_intstall to learn which servers to install on and what services to stop or restart.
2.	Add the solution to the SharePoint solution store. Run this command on the appropriate server in your farm and be sure you are running the command with an account that is a member of the local server Administrators group. The appropriate servers are typically those running the Foundation Web Application service or the Microsoft SharePoint Foundation Web Application service (or Windows SharePoint Services Web Application if you are using SharePoint 2007). Refer to Location of Install Files for more information. `stsadm.exe -o addsolution -filename [path][Component].wspcab[Component].wsp` where: [path] – the path to the extracted installation folders [Component] – the name of the component you are installing, as shown in the installation folder. The name of the component in the cab sub-folder may be slightly different than the installation folder name.
3.	Deploy the SharePoint solution. After adding the solution to the SharePoint solution store on your farm, it must be deployed to one or more Web Applications. This can be accomplished via Central Administration (see Deploying a Bamboo solution to a new Web Application for more information) or by running one of the following commands on the same server where you added the solution in Step 1 above. To deploy to a specific Web Application, run this command: `stsadm.exe -o deploysolution -name [Component].wsp -immediate -url [http://WebApplicationUri:portNumber] -allowGacDeployment -allowCasPolicies` where: [Component] – the name of the component you installed, as shown in the cab installation sub-folder [http://WebApplicationUri:portNumber] – the URL and Port for the target Web Application. Repeat this command for each web app you need to deploy to. OR To deploy to all Web applications EXCEPT the Central Administration Web application, run this command: `stsadm.exe -o deploysolution -name [Component].wsp -immediate -allcontenturls -allowGacDeployment -allowCasPolicies` where: [Component] – the name of the component you installed, as shown in the cab installation sub-folder
4.	Execute the deployment job(s). This is an optional step. The SharePoint Timer job will take care of the deployment eventually, but if you don’t want to wait for it, you can run this command. NOTE: This command needs to be run on every server on the farm that runs the Foundation Web Application service (or the Windows SharePoint Services Web Application service if you are using SharePoint 2007): `stsadm.exe -o execadmsvcjobs`
5.	Manually Activate the Product Feature(s) in the appropriate Site Collection After the Bamboo product solution is deployed to a Web Application, it must be activated in the site collection before it can be used. When you are ready to activate the site collection feature, please see Activating a Bamboo Site Collection Feature. NOTE: You must be a Site Collection Administrator to activate site collection features.

Manually Install using PowerShell

Options for Installing

IMPORTANT: As of April 2017, Bamboo no longer includes ManualInstallation.ps1 or DisableAllBambooTimerJobDefinitions.bat in product download packages. An updated uninstall script is included instead. Please seeOverview of the Updated Installation Process for Bamboo components and Uninstalling using the updated process for details.

Perform the actions below to manually install or repair a product.

NOTE: Pay close attention to where a command should be run. Some commands must be run on either ONE or ALL Web front-end servers (WFE). A WFE is a server running the Microsoft SharePoint Foundation Web Application service. Refer to the System Settings > Manage Servers on this farm page in Central Administration for a list of servers running this service.

Step	Action
1.	Shut down the application pools for each Web application where you are installing the product. This will prevent other users from accessing sites and locking files that the installation script needs to update. NOTE: If you are using SharePoint 2010 and not Claims Based Authentication (CBA), instead of shutting down the app pools, you can stop the World Wide Web Publishing Service to prevent users from accessing sites and locking files. You should NOT stop the WWW Publishing service in SP2013 or in a CBA environment.
2.	On one Web front-end server (WFE), run the product .EXE file to extract its installation files. Browse to the misc folder. NOTE: If you do not see the misc folder or a file called ManualInstallation in this folder, your Bamboo product does not support this type of install.
3.	Right-click on the file DisableAllBambooTimerJobDefinitions.bat and choose Run as administrator. This script stops the timer job services for all Bamboo products installed on the farm, helping to put the farm in a quiescent state for the install. NOTE: If this script is not present in the misc folder for your Bamboo product, skip this step.
4.	On all WFE servers in the farm, perform the following actions: Run the command iisreset. Restart the SharePoint 2013 Timer (or SharePoint 2010) service.
5.	On the WFE where you extracted the product folders, right-click on the PowerShell application in the Start menu and choose Run as administrator. You can use Windows PowerShell or SharePoint 2013 Management Shell.
6.	Change to the misc folder in the extracted product installation files and enter the following command to start the manual installation script: `.ManualInstallation.ps1`
7.	When prompted, enter the Web application URL and choose whether you want to automatically activate the product features in the site collection(s). NOTE: To allow the installation script to run without prompting for input, edit the miscManualInstallation.ps1 script file and replace Read-Host with the highlighted text shown below: The script file installs Bamboo.Core.V2.wsp and Bamboo.Logging.V2.wsp, if they are not already in the solution store, and any required product components.
8.	Return to the misc folder. Right-click on EnableAllBambooTimerJobDefinitions.bat and choose Run as administrator. This enables all Bamboo timer job services. NOTE: If this script is not present in the misc folder for your Bamboo product, skip this step.
9.	Re-start the Application pools.
10.	Manually Activate the Product Feature(s) in the appropriate Site Collection(s) If you didn’t choose to activate site collection features automatically in step 7 above, don’t forget to activate those features in the site collections where you want to use them. After a Bamboo product solution is deployed to a Web Application, it’s feature(s) must be activated in the site collection before it can be used. When you are ready to activate the site collection feature, please see Activating a Bamboo Site Collection Feature. NOTE: You must be a Site Collection Administrator to activate site collection features.

Location of Installation

IMPORTANT: As of April 2017, Bamboo has changed the installation process for Bamboo components. The Setup Program has been replaced by an updated process. Please see Overview of the Updated Installation Process for Bamboo components and Uninstalling using the updated process for details.

If you are installing a Bamboo product in a SharePoint farm environment, make sure to start the installation on the correct server. The required installation location is listed in the Setup/Installation program interface in the description for each component. See Overview of the Setup Program from more information.

Most Bamboo products are installed on a farm server running the Microsoft SharePoint Foundation Web Application service (or the Windows SharePoint Services Web Application if you are using SharePoint 2007), but some are installed on a farm server running the Central Administration service. Refer to SharePoint Central Administration -> System Settings -> Servers -> Manage servers on this farm for a list of farm servers running these services. If you are using SharePoint 2007, find the list of farm servers in Central Administration > Operations > Servers in Farm.

CA-Manage Servers on this farm.png
During the install process, the component will be automatically deployed to all Web front-end servers by the SharePoint Timer service via SharePoint Solution Deployment. There is no need to run the Setup/Installation program on more than one server in the farm.

Refer to Required Installation Permissions for information about the level of permission the installation account requires.

Localize Bamboo Web Parts for your Language

Overview of the localization process for Bamboo Products

Applies to:

All Bamboo Web Part components
Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007
SharePoint Foundation 2010 and SharePoint Server 2010
SharePoint Foundation 2013 and SharePoint Server 2013

Bamboo products can be configured to display product menus, user interface text, and settings in your local language. You can also customize the default text provided with the product. To change the language or text a product displays, perform the steps described in this page. Click a link below for detailed information about each step.

About the Language Files
Editing Text in Language Files
Selecting a New Language File for a Product

Top

About the Language Files

There are four language files included with Bamboo products. Their name and location may differ by product.

Setting	Older Products	Newer Products
Web Part Language Settings		Newer products will show the language choices in the Web Part settings using the abbreviated [language]-[COUNTRY] format (e.g. “en-US”)
Language File Names	1033.English.xml (the default) 1031.German.xml 1034.Spanish.xml 1036.French.xml	Bamboo.[Product].en-US.resx (the default) Bamboo.[Product].de-DE.resx Bamboo.[Product].es-ES.resx Bamboo.[Product].fr-FR.resx
Language File Location	These files are located in the wpresources folder. This folder and its associated language files may be located under one of the following paths on each SharePoint server: servernamedriveInetpubwwwrootwss VirtualDirectoriesportwpresources[Product] servernamedriveInetpubwwwrootwss VirtualDirectoriesportwpresources[Product] LanguageFiles servernamedriveProgram FilesCommon FilesMicrosoft Sharedweb server extensionswpresources[Product]	Depending on your version of SharePoint, your localization files may be found in the following locations. servernamedriveProgram FilesCommon Filesmicrosoft sharedWeb Server Extensions15CONFIGAdminResources (SharePoint 2013) servernamedriveProgram FilesCommon Filesmicrosoft sharedWeb Server Extensions14CONFIGAdminResources (SharePoint 2010)

Setting

Older Products

Newer Products

Web Part Language Settings

Newer products will show the language choices in the Web Part settings using the abbreviated [language]-[COUNTRY] format (e.g. “en-US”)

Language File Names

1033.English.xml (the default)
1031.German.xml
1034.Spanish.xml
1036.French.xml

Bamboo.[Product].en-US.resx (the default)
Bamboo.[Product].de-DE.resx
Bamboo.[Product].es-ES.resx
Bamboo.[Product].fr-FR.resx

Language File Location

These files are located in the wpresources folder. This folder and its associated language files may be located under one of the following paths on each SharePoint server:

servernamedriveInetpubwwwrootwss
VirtualDirectoriesportwpresources[Product]
servernamedriveInetpubwwwrootwss
VirtualDirectoriesportwpresources[Product] LanguageFiles
servernamedriveProgram FilesCommon FilesMicrosoft Sharedweb server extensionswpresources[Product]

Depending on your version of SharePoint, your localization files may be found in the following locations.

servernamedriveProgram FilesCommon Filesmicrosoft sharedWeb Server Extensions15CONFIGAdminResources (SharePoint 2013)
servernamedriveProgram FilesCommon Filesmicrosoft sharedWeb Server Extensions14CONFIGAdminResources (SharePoint 2010)

The German, Spanish and French files have not yet been translated; although the file name suggests otherwise, their content is English. Edit these files to provide your own text or translation of the product user interface and settings.

IMPORTANT: If you do not rename the files you modify, your customizations will be overwritten when you upgrade to a new Bamboo product release.

To make sure that your customizations do not get overwritten when you upgrade the product, follow these steps:

Step	Action
1.	Copy the default file for the appropriate language and rename the copy. For example, you might save a localized French language file as CompanyName.1036.French.xml or Copy.Bamboo.ProductName.fr-FR.resx. NOTE: When you next upgrade the product, the default file (i.e., 1036.French.xml) will be overwritten with the new version. Your file will not. You can use any file name, as long as the file extension is .xml (or .resx for newer products). To create language files for languages other than German, English, Spanish, or French, copy one of the existing language files and rename it. Then edit the file to provide your own translation.
2.	When you upgrade your Bamboo product, the installation/setup application will not remove or overwrite language files you created if you saved them with a name other than the default. However, product upgrades may require that you merge new resource strings for the new product release. NOTE: If you forget to add new resource strings to your custom language file, you may see strange things in the user interface. The product will display missing resource string IDs instead of text. Copy these new resource string IDs from a default language file to your custom file and make any desired translations.

Step

Action

Copy the default file for the appropriate language and rename the copy. For example, you might save a localized French language file as CompanyName.1036.French.xml or Copy.Bamboo.ProductName.fr-FR.resx.

NOTE: When you next upgrade the product, the default file (i.e., 1036.French.xml) will be overwritten with the new version. Your file will not. You can use any file name, as long as the file extension is .xml (or .resx for newer products).

To create language files for languages other than German, English, Spanish, or French, copy one of the existing language files and rename it. Then edit the file to provide your own translation.

When you upgrade your Bamboo product, the installation/setup application will not remove or overwrite language files you created if you saved them with a name other than the default. However, product upgrades may require that you merge new resource strings for the new product release.

NOTE: If you forget to add new resource strings to your custom language file, you may see strange things in the user interface. The product will display missing resource string IDs instead of text.

Copy these new resource string IDs from a default language file to your custom file and make any desired translations.

Top

Editing Text in Language Files

IMPORTANT: Before making any changes to any file, back up your original file and put it in a safe place.

To change text in a language file, follow these steps:

Step	Action
1.	Open the language file in a text editor and locate the text you want to change.
2.	Edit the text between the <resource></resource> tags but do not edit the tags. NOTE: Do NOT modify the resource id value. Modify only the text between the <resource></resource> tags. If you want to remove text completely, delete only the text; do not delete the <resource> entry from the file, or the product interface will display an error message. In the example below, the text you can modify is highlighted in gray.
3.	When you are finished with your changes, save the file and copy it to the appropriate resources folder on all Web front-end servers in your SharePoint farm.
4.	Follow the instructions below to select your new language file in the product settings.

Top

Selecting a New Language File for a Product

The instructions below for changing language file settings apply to Bamboo products with settings configured in the Web Part tool pane or Web Part Settings pop-up page. If you have multiple instances of a product in your portal, you must make the same change for each instance that requires the change.

Change the Language Settings in the Web Part Tool Pane:

Step	Action
1.	Click the edit drop-down menu on the Web Part title bar and select Edit Web Part (or Modify Shared Web Part if you are using SharePoint 2007). See the example from the Group Email Web Part.
2.	In the Language Settings section of the Web Part tool pane, select the language file you want to use. See the example from the Group Email Web Part. If you have created a new file (i.e., Copy.Bamboo.ProductName.fr-FR.resx), it should appear in the list as a valid selection.
3.	Click Apply and then OK in the Web Part tool pane to apply your changes.

Change the Language Settings in the Web Part Settings Pop-up Page:

Step	Action
1.	Click the edit drop-down menu on the Web Part title bar and select Edit Web Part (or Modify Shared Web Part if you are using SharePoint 2007).
2.	Click the [Product] Settings button in the Web Part tool pane.
3.	Click Language Settings in the Web Part Settings page and select the language file you want to use. If your product does not have a Language Settings section, look for the Select a Language drop-down list in General Settings instead. If you have created a new language file (i.e., Copy.Bamboo.ProductName.fr-FR.resx), it should appear in the list as a valid selection.
4.	Click the Save & Close button to save the Web Part settings.
5.	Click Apply and then OK in the Web Part tool pane to apply your changes.

Is there a way to find a lost or unknown Bamboo product license key?

If your Bamboo Product License is invalidated because of a change to the hardware profile of a server, the license key used to activate it previously will not be shown in the Bamboo Web License Manager in SharePoint Central Administration.

You should be able to find the license keys associated with your purchase in the My Bamboo area of the Bamboo Solutions web site.

Step	Action
1.	Login to My Bamboo.
2.	Click the My Orders link from the Home page.
3.	On the Product Licenses tab of the My Orders page, the license keys associated with the products you’ve purchased are listed. NOTE: If you don’t see your orders listed on the page, please contact your Bamboo Sales Representative at Sales@bambooosolutions.com

Step

Action

Click the My Orders link from the Home page.

Mb-Home squares.jpg

On the Product Licenses tab of the My Orders page, the license keys associated with the products you’ve purchased are listed.

MB-MyOrders blurred.jpg

NOTE: If you don’t see your orders listed on the page, please contact your Bamboo Sales Representative at Sales@bambooosolutions.com

Installing the Bamboo Web License Manager

Overview of Licensing and and Product Activation

If you need to activate your Bamboo product license, you most likely need the Bamboo Web License Manager installed on your farm. If you need to activate a Bamboo Desktop application, please see Activating a Bamboo Desktop Product Using the License Manager

NOTE: If you are running with a free trial license, there is no need to install this component.

Install the Bamboo Web License Manager on one of the servers in the SharePoint farm that is running the Central Administration service. The component will be automatically deployed to all Central Administration Web applications by the SharePoint timer service.

NOTE: You must be a member of the local server Administrators group and have the db_owner role for the SharePoint configuration database to install and run the Bamboo Web License Manager.

Step	Action
1.	On the server running the Central Administration service, run the Setup program for any Bamboo product. NOTES: 1. Refer to System Settings in SharePoint Central Administration for a list of servers running this service. 2. Although every product Setup package includes the Web License Manager, it is necessary to install it only once on the farm.
2.	From the Setup interface, click the Bamboo Web License Manager component. Verify that the installation location is correct. Verify that the you have the required installation permissions. Click the Install button. The installation for the Web License Manager will begin.
3.	Click Next to continue.
4.	The install will run through some system checks. If they pass, click Next. NOTE: The Web License Manager expects Bamboo Logging V1 to have been previously installed. If you have installed a Bamboo product before installing the Web License Manager, this Prerequisite Component will already be installed.
5.	Read and accept the Bamboo End-User License Agreement. When you check the box labeled “I accept the terms in the License Agreement”, the Next button will be enabled. Click it to continue.
6.	The Web Application where Central Administration is running should be displayed in the Deployment Targets page. Check the box at the bottom to automatically activate the feature during the install. NOTE: If desired, you can always activate the feature manually in Central Administration.
7.	Monitor the progress of the install. When its complete, click Next.
8.	A Summary of the installation is presented. Click Close to complete the process.
9.	After a successful installation of the Web License Manager, you should see a Bamboo Solutions entry on the main page of SharePoint Central Administration on the main page.

Installing the Suite License

Bamboo Web License Manager activates and manages licenses for Bamboo products, including the products in your Bamboo Suite. Use the Setup program provided with the Suite License package to install Bamboo Web License Manager.

Where to run the installer for this component:

The Bamboo Web License Manager installer must be run on one front-end Web server in the SharePoint farm where the Central Administration service is running. Check SharePoint 3.0 Central Administration Topology and Services or SharePoint 2010 Central Administration System Settings for a list of servers running this service.

Required permissions for the installation user account:

Must be a member of the local server’s Administrators group.
Must be a member of the SharePoint Farm Administrators group.

Installing the Bamboo Web License Manager

When installation is finished, click Next.
Setup displays an installation summary screen. Check that the solution was successfully deployed, and then click Close.

When you have finished installing the Suite License and Bamboo Web License Manager, read Activating the Suite License.

Installing using the updated install process

Overview of the Updated Installation Process

To install using the updated install process, please follow these steps (Warning.. Installs should be performed in Non-Peak hours as your farm will temporarily go offline):

No.	Function
1.	Download the install package from My Bamboo.
2.	Extract the contents of the package.
3.	Run the Install.ps1 from a WFE server in PowerShell as an admin.
4.	The script will look for WSPs in the install folder and list those found. It will install them in alpha order. Rather than deploying the solution immediately after its installed, the script schedules deployment time for 1 minute in the future so multiple installs won’t collide. IMPORTANT: By default, the script deploys solutions to all content web applications. If you don’t want to do this, please update the script for your needs.
5.	When the deployment completes, check Central Administration to confirm deployment completion.
6.	Activate in the desired Site Collections. See Activating a Bamboo Site Collection Feature for details.

Generating Activation Keys using My Bamboo

All Bamboo products that deploy to SharePoint can be activated online and the license(s) managed using Bamboo Web License Manager. Bamboo Web License Manager is included with the Setup program for every Bamboo product. You only need to install it once on your farm to manage all Bamboo products that have been or will be installed. After installation, it is accessed via SharePoint Central Administration.

If you are activating a Bamboo product on a server that does not have Internet access, you can activate your license offline and send the License Key and Machine Key to the Bamboo Support Team.
Alternatively, you can generate the Activation Key yourself via the My Bamboo area of the Bamboo Solutions website.

To generate the Activation Code yourself, follow these instructions.

Step	Action
1.	On a computer with Internet access, log in to My Bamboo with any valid account. In the My Orders tab, click Manage License.
2.	On the Manage License tab, enter the License Key and Machine Key. NOTE: See Activating My Bamboo Product License Offline to get the Machine Key. Click the Generate button to generate the activation key. Copy this key and put it in a safe place. You will need it in the next step. NOTE: If you are unable to successfully generate an activation key, send the License Key and the associated Machine Key to the Bamboo Support Team via Support@bamboosolutions.com. They will send the Activation Key to you via Email.
3.	Return to the Bamboo Web License Manager Offline Activation page in SharePoint Central Administration. Paste the activation key in the Activation Key box, and then click Activate.
4.	Your Bamboo product is now Active and is ready for use, as shown by the Status column. If you ever need to check which license key you used to activate each server, the license key used is shown on this status page.

Options for Installing

Option

When or Why to use this?

Use the Updated Installation Process for Bamboo components

Based on feedback from our customers, Bamboo introduced updated install/uninstall processes for component products (web parts). Instead of the Setup.exe Installation Application, we now supply two PowerShell scripts – one for Install/Upgrade and the other for Uninstall – to be used to install, upgrade, or uninstall the product.

For more information, see Overview of the Updated Installation Process for Bamboo components.

Use the Bamboo Installation/Setup program

IMPORTANT: As of April 2017, Bamboo no longer includes the Installation/Setup program in product download packages.

This is an easy option for small to medium sized farms with not too many web applications and/or WFE servers. The program will automatically check certain conditions, ask which Web Applications you want to deploy to, and then ask if you want to automatically activate site collection features. These are things that are easy to forget when installing any other way.

For more information, see Overview of the Setup Program and How to run the Installation/Setup program.

NOTE: You may decide NOT to use the Installation/Setup Program if your farm has several web front end servers (WFEs) or Web Applications. The installation and/or the solution deployment may timeout trying to deploy to a very large farm. In this case, it may be best to manually install the product on your farm.

Manually Install

Extra care must be used when installing a product manually because the series of automated checks performed by the Bamboo Installation program will not be available. Unexpected behavior during product configuration, licensing, or use may occur if some steps are skipped.

I am having trouble adding the product Web Part to a page

Verify that the associated product feature is active in the site collection by following the instructions for Activating a Bamboo Site Collection Feature. If you are wondering which Site Collection Feature to activate for your product, refer to.
If the product feature is active but you still have problems adding it to the site, deactivate it and then activate it again.
If the product feature is not available to the site collection, verify that the product was successfully deployed to the Web Application. Deployment status can be verified in SharePoint Central Administration > System Settings > Manage Farm Solutions. If you are using WSSv3/MOSS, its in SharePoint Central Administration > Operations > Solution Management.
If the product does not appear in the list of Farm Solutions in Central Administration, it hasn’t yet been installed on the farm.
If the product shows a status of “Error” in the Farm Solutions list in Central Administration, Retract and then Remove the solution before running the Installation/Setup Program again to reinstall it. Refer to How to run the Installation-Setup Program for more information.

How to uninstall Bamboo.core.v1.wsp from your SharePoint farm

APPLIES TO:

Bamboo Farm deployed products that use Telerik. See Bamboo products that use Telerik for a list.
SharePoint Foundation 2010 and SharePoint Server 2010 have Bamboo.core.wsp and Bamboo.core.v1.wsp.
SharePoint 2007 has Bamboo.core.wsp

SYMPTOM:

Errors occur and you can not access your sites after manually retracting and removing bamboo.core.v1.wsp or Bamboo.core.wsp from your SharePoint farm.

CAUSE:

If you need to remove all of your Bamboo products from the farm, and you run the installers that come with the products and select the option to “remove”, the bamboo.core.wsp and/or bamboo.core.v1.wsp is intentionally left behind.

This is because during installation and deployment, the bamboo.core.v1.wsp (or bamboo.core.wsp) solution puts specific versions of the Telerik.web.ui and Telerik.web.ui.Skins assemblies into the Global Assembly Cache (GAC). The associated bamboo.telerik.config.wsp solution programmatically adds Telerik-related entries into the web.config for the web application(s) selected during the install. These entries refer to specific versions of Telerik.web.ui* assemblies. Web.config files should not be modified manually.

When the product(s) and solutions are uninstalled, the changes to the web.config file regarding Telerik.web.ui are not removed. This is because there may be other SharePoint solutions from sources other than Bamboo that use this version of Telerik. For the same reason, the bamboo.core.v1.wsp (or bamboo.core.wsp) is left deployed because uninstalling it removes some specific versions of Telerik.web.ui* assemblies from the GAC.

If you remove bamboo.core.v1.wsp (either manually via Central Administration, PowerShell, or stsadm), then the Telerik.web.ui* assemblies will be removed from the GAC but the entries will remain in the web.config files. This may leave you unable to access your web pages.

If you are sure there are no other solutions that rely on Telerik on your farm, it will be OK to retract and remove the bamboo.core.v1.wsp (or bamboo.core.wsp) solution. However, you must be sure to also remove the Telerik entries from the various web.config files where they have been added.

RESOLUTIONS:

Leave the bamboo.core.v1.wsp deployed. Do not uninstall it.

If you must remove the bamboo.core.v1.wsp (or bamboo.core.wsp), remove it by retracting and then removing the solution from the Manage Solutions page in Central Admin. See Uininstalling from SharePoint Central Administration for more information.

After it is successfully removed, please use PowerShell to remove the Telerik entries from the web application(s) web.config file. This will ensure that changes to the web.config are saved in the database. For more information, see How to Remove a web.config Modification Using PowerShell

How to run the Installation/Setup Program

Options for Installing

IMPORTANT: As of April 2017, Bamboo no longer includes the Installation/Setup program in product download packages. Please Overview of the Updated Installation Process for Bamboo components for information about the updated process.

To access the Setup program:

Note: The minimum screen resolution to view the Setup program is 1024×768.

Step

Action

Download the self-extracting product EXE (i.e., HW03.R1.7.SP2010.SL.exe) and save it to a local folder on the appropriate SharePoint server (see Location of Install Files if you are unsure about which SharePoint server to install on).

Double-click the product EXE file to extract the contents of the product download.
The Setup program will automatically start (see example screen shot below). See Overview of the Setup Program for more information.

If you aren’t ready to install, click the X in the upper right corner to close it. To start the Setup program manually later, double-click the Setup.bat file in the root folder where the product files were extracted.

To Run the Setup:

Step	Action
1.	Review Recommendations for a successful install
2.	Run the Installation/Setup program and highlight a component to install. It’s best to install components in the order they are listed, if more than one is listed.
3.	Verify the installation location and required permissions for the selected component. They will be listed on the right side of the screen and could change for different selected components.
4.	Click the Install button that appears in the lower right corner. The install process will begin. During the install process, you will be asked: to verify that the system checks pass successfully. Some products have more checks than others. If some checks display an error, you will not be able to proceed until the error is resolved. Abort the install and try again once the issue is resolved. to read and accept the Bamboo Solutions End-User License Agreement (EULA). In the Deployment Targets screen, select the Web Application(s) on the farm where you want to deploy the product. If you are a Site Collection Administrator for all the site collections in the selected Deployment Targets (web apps), it’s OK to leave the Automatically activate features… option checked, otherwise uncheck it. NOTE: If you prefer that Site Collection Administrators activate product features as they are needed, uncheck the Automatically activate features option, then read How to activate a Bamboo Site Collection Feature to understand how to manually activate these features at a later time.
5.	When the installation is complete, a Summary will be displayed. Some Bamboo product components install several features. The install routine does not abort the installation if one feature fails to install. It continues to install the next feature. For this reason, be sure to review this summary carefully to make sure the install completed without error. You may need to scroll up to review the entire summary. NOTE: If one or two features failed, you can reinstall the failed features individually at a later time (after resolving any issues described in the log file). This may save you time if the installation was successful for all but a few components. See How to use the Installation-Setup program to install a single WSP for more information.
6.	Repeat Steps 2-5 for each required component listed. Required components are designated with a red asterix. Install optional components as needed. NOTE: It is not necessary to install the Bamboo Web License Manager if it is already installed on your SharePoint farm. This component is included with every Bamboo product, but only needs to be installed once.
7.	When all desired components are installed, restart the World Wide Web Publishing Service or the App Pools, depending on which you may have stopped.
8.	If you didn’t automatically activate features in site collections during the install, be sure to activate the site collection feature(s) in the appropriate site collection before adding the web part to a page. See Activating a Bamboo Site Collection Feature for more information.

Return to Options for Installing

Example:

Issue 1: Copying or Removing Assemblies

Resolution:

Issue 2: Deployment Fails or Times Out

Resolution:

Issue 3: Copying a File Failed

Resolution:

Issue 4: Resources Scoped for one Web App must be deployed to more Web Apps

Resolution:

Issue 5: Cannot Find a Certain File

Resolution:

Contents

Introduction

SharePoint Architecture

SharePoint Foundation 2010 Architecture

SharePoint Server 2010 Architecture

SharePoint Hierarchy

SharePoint User Authentication

Claims-based Authentication

Multiple authentication methods to access a SharePoint Web Application

SharePoint User Management

User Profile Management

User Profile Information from BCS

SharePoint Authorization

Permissions

Permission levels

Securable Objects Permission

Hierarchy and Inheritance

SharePoint Users and Groups

SharePoint Audience

SharePoint Server 2010 Secure Store Services

Summary

References

Contents

Introduction

SharePoint Architecture

Windows SharePoint Services Architecture

MOSS Architecture

SharePoint Hierarchy

SharePoint User Authentication

Using Multiple Authentication Methods to Access a SharePoint Web Application

SharePoint User Management

User Profile Management

User Profile Information from Business Data Catalog

SharePoint Authorization

Permissions

SharePoint Permission Levels

Securable Objects Permission

Hierarchy and Inheritance

SharePoint Users and Groups

SharePoint Audience

Summary

Background

Resolution

When to Activate

Activating a Standard Product License

Suites, Packs, Libraries, and Toolkits

Keyless Licensing

Desktop Applications

Moving or Migrating your farm

Trials

Please note the following for the new scripts:

For additional information about how to use the updated processes:

Overview

Migration Steps

Bamboo Policy for Migrating License Keys

How to get your new license keys

Overview

Migration Steps

Applies to:

About the Language Files

Editing Text in Language Files

Selecting a New Language File for a Product

APPLIES TO:

SYMPTOM:

CAUSE:

RESOLUTIONS:

To access the Setup program:

To Run the Setup: