SharePoint 2007 administration part II: Farm administration

This post is part two of a six part series on SharePoint 2007 administrative commands. The first post is an overview of the effort. This section identifies what farm administrators can do at the farm level. Farm administrators also administer SharePoint web applications, but I will be covering that functionality in the next post.

Note: farm administrators can take ownership of any site collections or deny access to entire web applications, so the people filling this role must be trusted. Auditing can identify and alert the Site Collection Owners to the act of taking ownership, but damage can be done in the intervening period.

As mentioned in the first post, this is a brief command reference organised by administrative scope.

Assign/Remove Farm Administrators

All farm administrators have the right to add/remove other farm administrators, so they must all be trusted equally

Manage Servers, Services and Identities

• Assign SharePoint Server Roles and Enable/Disable Services
• Remove servers
• Configure service accounts and application pool identities

Specify Default Database Server

New content databases will be created on this server unless otherwise specified

MOSS Shared Services

Note: configuration of Shared Services is performed within the SSP Administration site (this will be covered in part IV). These Central Adminstration settings establish and control the relationships between Shared Services and applications within the farm

Create and Configure Shared Services

Create new SSPs, assign a default SSP, associate web applications with SSPs or rebuild an SSP from backup

Manage Shared Services between Farms

Manage provision or consumption of Shared Services from/to other farms

Configure Session State

• Check the state of Shared Services enabled in this farm
• Enable/disable Session State and specify duration

Session State is a store of specific user session information required by some MOSS applications, enabled by default when an SSP is created. It leverages the underlying ASP.NET Session State to minimise quantities of postback data and to maintain sessions across load balanced servers in a transparent manner to end users. Generally the only reason to disable this setting is for troubleshooting.

Note: this is not to be confused with a security validation timeout. Also note: there is a separate Form Session State within the InfoPath Forms Services Configuration

Manage Timer Job Definitions and Statuses

This is where SharePoint does what it’s told, or fails to do so. Farm administrators can disable these jobs if warranted and monitor their success/failure

Solution Management

View solution deployment statuses or deploy solutions to the farm, or to specific web applications

Configure Single Sign-On (SSO)

This feature is available in MOSS only. Manage server settings, encryption keys, enterprise application definitions (SSO settings for each application authenticated by the service) and database properties for the Microsoft Single Sign-on Service

Backup/Restore

Perform backups and restore from within Central Administration at the web application or database level

Configure Antivirus

Require scan on up/down-load. Allow/prevent users from downloading infected documents. Determine if antivirus will attempt to clean infected files

Quota Templates

Create/modify Storage Quota templates. These are later applied during site collection creation. Storage quotas are very important to managing how SharePoint scales within recommended content database growth limits. Failing to design and implement storage quotas effectively can result in underperformance. Note: storage quota templates also directly affect the second stage recycle bin retention space

Data Retrieval Service

Enable/Disable Data Retrieval Services, used for querying with WSS, OLEDB, SOAP Passthrough or XML-URL. These services are used for connecting Data View Web Parts to their data sources.

Note: Data View Web Parts were originally available in WSS 2/SPS 2003. Data View Web Parts are edited with SharePoint Designer, which is not always desirable. Accordingly it may be preferable to disable these services to prevent those connections. In WSS 3/MOSS 2007 there may be other ways to achieve similar results using Reporting Services or the Business Data Catalogue for instance

Logging and Reporting

Enable and configure error reports, customer experience improvement program participation, event logging, trace logging and usage analysis processing

Farm Features

Enable Enterprise Features. Activate/De-active farm-wide features. To quote MSDN, “Unlike other Feature types, a global Feature is activated by default in the farm. A farm Feature contains several elements that are critical for implementing applications and logic”. Examples are Excel Services features and Global Web Parts. Features can also be scoped at the application, site collection or site level

Master Site Directory

MOSS only. Specify a location for the Master Site Directory. Is Site Creation metadata mandatory or not? Which categories of metadata are required, if so?

Site Directory Links Scan

MOSS only. Enables automatic updates to the Master Site Directory based on specific scan locations. The Links Scan can also update Site Properties

E-mail Settings

Configure outgoing and incoming e-mail settings and create/approve/reject distribution groups

Records Centre

MOSS only. Once a site or site collection has been created with the Records Centre site template, this page can be used to configure the farm’s connection to that record centre, which targets the Send To > Records Centre functionality at this location. A farm can only have one records centre configured in this way, although if there is a compelling reason to set up multiple Records Centres, there is nothing in SharePoint preventing new site or site collection creation with the Records Centre template

Content Deployment Paths and Jobs

MOSS only. Manage content deployment between site collections, within or between farms. Specify the paths, content to include and schedule

InfoPath Forms Services

MOSS and Forms Server 2007 only. Upload/manage form templates. Upload/manage data connection files. Enable the web service proxy and/or enable the web service proxy for user forms

Configure InfoPath Forms Services

Configure browser-enabled form template settings. Manage data connection timeouts, response sizes and encryption. Manage authentication settings. Configure session thresholds and session state (see the SSP Session State configuration section above for more information)

Information Rights Management

Service Configuration

Turn on IRM. Use the default server in Active Directory or specify a sever

Policy Configuration

MOSS only. Manage the availability of Information Rights Management Features to the farm. Default policies are defined as follows:

Name	Description
Labels	Generates labels that can be inserted in Microsoft Office documents to ensure that document properties or other important information are included when documents are printed. Labels can also be used to search for documents.
Auditing	Audits user actions on documents and list items to the Audit Log.
Expiration	Automatic scheduling of content for processing, and expiry of content that has reached its due date.
Barcodes	Generates unique identifiers that can be inserted in Microsoft Office documents. Barcodes can also be used to search for documents.

Additional policies can be created, edited or imported at the Site Collection level. Accordingly, it is critical to consider the implications of separating or grouping content at the Site Collection level with these requirements in mind, as well as concerns about ownership, authorisation, taxonomy and ccale