1. Learn about service accounts for SharePoint 2013
2. Learn how to install SharePoint 2013 using best practices for lowest privilege installations
3. Learn about the installation of workflow server & Office web apps and how they interact with SharePoint 2013
3. +44(0) 782 483 1088
alan.richards@foundation-sp.com
uk.linkedin.com/in/richardsalan
@arichards_Saruk
www.edutechnow.com
•
•
•
•
Senior Consultant
SharePoint MVP
18 years experience in IT
Worked with SharePoint since team
services
5. • Least privilege at all times
• Setup accounts to use with SharePoint
• Setup user
• Domain Users & Local Administrator
• DB – Security Admin & Database Creator
• Farm service account (Database access account)
• Domain Users
• DB – Setup will set permissions
• Application pool account
• Domain Users
• DB – Setup will set permissions
• Active Directory
• Add accounts to Active Directory
• SP-Setup
• SP-FarmAd
• SP-AppPool
http://technet.microsoft.com/en-us/library/cc678863.aspx
13. A managed account allows SharePoint 2013 to control aspects
of the account and synchronise password changes with Active
Directory if necessary
14. • Name for the new website – Make it something
recognisable
• Port for the website – The default is 80, you can use
something different if you need to
• Do you require anonymous access – Is it going to be
a public site
• Secure Sockets Layer – If you require the web
application to use SSL then all servers will require
valid certificates
• Authentication method – NTLM or Kerberos
• URL of the website – The URL that users will use to
access the site (FQDN if using SSL)
• Application pool name – Make it something
recognisable
• Security account – Use the Application Pool
Account (you should have created a managed
account using the instructions above)
• Database server – The name of the database server
storing the SharePoint 2013 databases
• Database name – The name given to the database
for this web application
• Authentication – The default is Windows and this is
the recommended way of accessing the database
server
15. • Name for the new website – Make it something
recognisable
• Port for the website – The default is 80, you can use
something different if you need to
• Do you require anonymous access – Is it going to be
a public site
• Secure Sockets Layer – If you require the web
application to use SSL then all servers will require
valid certificates
• Authentication method – NTLM or Kerberos
• URL of the website – The URL that users will use to
access the site (FQDN if using SSL)
• Application pool name – Make it something
recognisable
• Security account – Use the Application Pool
Account (you should have created a managed
account using the instructions above)
• Database server – The name of the database server
storing the SharePoint 2013 databases
• Database name – The name given to the database
for this web application
• Authentication – The default is Windows and this is
the recommended way of accessing the database
server
16. • Name for the new website – Make it something
recognisable
• Port for the website – The default is 80, you can use
something different if you need to
• Do you require anonymous access – Is it going to be
a public site
• Secure Sockets Layer – If you require the web
application to use SSL then all servers will require
valid certificates
• Authentication method – NTLM or Kerberos
• URL of the website – The URL that users will use to
access the site (FQDN if using SSL)
• Application pool name – Make it something
recognisable
• Security account – Use the Application Pool
Account (you should have created a managed
account using the instructions above)
• Database server – The name of the database server
storing the SharePoint 2013 databases
• Database name – The name given to the database
for this web application
• Authentication – The default is Windows and this is
the recommended way of accessing the database
server
17. • Name for the new website – Make it something
recognisable
• Port for the website – The default is 80, you can use
something different if you need to
• Do you require anonymous access – Is it going to be
a public site
• Secure Sockets Layer – If you require the web
application to use SSL then all servers will require
valid certificates
• Authentication method – NTLM or Kerberos
• URL of the website – The URL that users will use to
access the site (FQDN if using SSL)
• Application pool name – Make it something
recognisable
• Security account – Use the Application Pool
Account (you should have created a managed
account using the instructions above)
• Database server – The name of the database server
storing the SharePoint 2013 databases
• Database name – The name given to the database
for this web application
• Authentication – The default is Windows and this is
the recommended way of accessing the database
server
18. • Name for the new website – Make it something
recognisable
• Port for the website – The default is 80, you can use
something different if you need to
• Do you require anonymous access – Is it going to be
a public site
• Secure Sockets Layer – If you require the web
application to use SSL then all servers will require
valid certificates
• Authentication method – NTLM or Kerberos
• URL of the website – The URL that users will use to
access the site (FQDN if using SSL)
• Application pool name – Make it something
recognisable
• Security account – Use the Application Pool
Account (you should have created a managed
account using the instructions above)
• Database server – The name of the database server
storing the SharePoint 2013 databases
• Database name – The name given to the database
for this web application
• Authentication – The default is Windows and this is
the recommended way of accessing the database
server
21. Certificates
• Recommended for production
• Trusted source
• Required for external sites
Configuration
• PowerShell to configure Web Apps
New-OfficeWebAppsFarm -InternalUrl https://yourserver.local -ExternalUrl
https://webapp.yourdomain.com –CertificateName "OfficeWebApps Certificate" –
EditingEnabled
22. Verify
• Browse to a web page to verify Web Apps is working
• https://yourserver.local/hosting/discovery
• Returns a screen of xml
Claims
• For SharePoint 2013 to access Office Web Apps the web application
must use claims based authentication
• Convert-SPWebApplication -Identity "http://yourwebapplication:port" To Claims –RetainPermissions
23. Licensing
• To enable users to edit documents using Office Web Apps they need to be
assigned licenses to edit.
Get-SPUserLicense
$x = New-SPUserLicenseMapping -SecurityGroup <ADsecuritygroup> –License
OfficeWebAppsEdit
$x | Add-SPUserLicenseMapping
Enable-SPUserLicensing
Binding
• Bind SharePoint 2013 to the Office Web Apps server
New-SPWOPIBinding -ServerName <WebAppServerName>
25. Workflow Manager
• Install of SharePoint 2013 – Provides 2010 workflows
• Standalone or co-located
• The installation of Workflow Manager uses the Web Platform Installer
from Microsoft and can be downloaded from
http://go.microsoft.com/fwlink/?LinkID=252092
26.
27. • You can use default settings
• Configure connection to SQL
• Service account
• Use http or https
• Certificates
28. Connecting to SharePoint
• Logon to each SharePoint 2013 web front end and install the Workflow
Manager Client, this can be downloaded from
http://go.microsoft.com/fwlink/p/?LinkID=268376
• Register workflow server
Register-SPWorkflowService –SPSite "http://myserver/mysitecollection" –
WorkflowHostUri “http://workflow.example.com:12290”
29. Test Configuration
• Download SharePoint Designer
2013 from the Microsoft
website, this link will access the
download site
http://www.microsoft.com/enus/download/details.aspx?id=35
491