Using the SharePoint 2010 Wizards

95
Setup(*).log”/>
<! <PIDKEY Value=”Enter Product Key Here” /> >
<Setting Id=”SERVERROLE” Value=”SINGLESERVER”/>
<Setting Id=”USINGUIINSTALLMODE” Value=”1”/>
<Setting Id=”SETUPTYPE” Value=”CLEAN_INSTALL”/>
<Setting Id=”SETUP_REBOOT” Value=”Never”/>
</Configuration>
This is the confi guration fi le that SharePoint uses for defaults when you run the normal GUI setup
by running
setup.exe. Let’s look at a couple of quick changes you can make.
Look at the line that reads:
<! <PIDKEY Value=”Enter Product Key Here” /> >
If you remove the <! from the beginning, and the > from the end, you can add your product
key and get a line like this:
<PIDKEY Value=”11111-22222-33333-44444-55555” />
This might be a good idea if you are putting the fi les on a fi le share to be reused often. I also recommend
changing
SERVERROLE to APPLICATION in the next line so that the default is no longer Stand-Alone:
<Setting Id=”SERVERROLE” Value=”APPLICATION”/>
Those are little novelty tricks to save you some typing and clicking. The real power comes from
customizing
c:\install\files\setupsilent\config.xml. Modify this fi le with your desired
SEVERROLE and PIDKEY and then pass a reference to the fi le. Now the install magic just happens. Use
a line like the following at the command prompt:
C:\install\setup.exe /config c:\install\files\setupsilent\config.xml
If all of your settings are acceptable, the install will just run for you. It may take a couple of
attempts to get everything right, but once you do you are on the road to a scripted install.
One gotcha to watch out for is that the config.xml fi le is case sensitive.

While there is no SharePoint 2010 reference available yet, the settings are very close to, if not
exactly the same as, those used with SharePoint 2007. You can fi nd that reference at
http://technet
.microsoft.com/en-us/library/cc261668.aspx
.
USING THE SHAREPOINT 2010 WIZARDS
SharePoint 2010 provides two wizards to help you get a new SharePoint farm up and running:
the SharePoint Products and Technologies Confi guration Wizard (Confi g Wizard) and the Initial
Farm Confi guration Wizard (Central Administration Wizard). The Confi g Wizard is used to create
96

CHAPTER 4 iNstalliNg aNd coNfigUriNg sharePoiNt 2010
a new SharePoint farm or add your server to an existing farm. The Central Admin Wizard is used to
help you provision service applications.
Configuration Wizard
After the install finishes you are brought to the configuration wizard (which could be called the grey
wizard—more on that later). This tool is responsible for helping you create or join a SharePoint farm
and then configuring all of the necessary databases and files for that farm to work.
Connecting to a Server Farm
A SharePoint server farm is one or many SharePoint servers that share the same configuration data-
base, as explained in Chapter 2. The first important decision you need to make when running the
configuration wizard is whether you want to “Connect to an existing server farm” or “Create a new
server farm.” More simply put, do you want to attach to an existing configuration database or create a
new configuration database?
If you choose to connect to an existing server farm, you are prompted to enter the SQL Server that
hosts the database, after which you click Retrieve Database Names, and then you select the configura-
tion database, as shown in Figure 4-5. After that you will need to enter the farm passphrase (covered a
little later in this chapter) to join the farm. You will also have the opportunity to specify this server
as the host for SharePoint Central Administration if you wish.
FIGURE 45

With this information, the wizard can then run. It will configure the files and registry on your server
with the proper settings and permissions, and add your server to the SharePoint farm and register it
Using the SharePoint 2010 Wizards

97
with the appropriate databases. By default, this server will also host the web application role, so all
web applications, except for Central Administration, will be created and available on this server.
WHAT ABOUT DUPLICATE DATABASE NAMES?
You shouldn’t encounter any database name confl icts. If you are using the same
SQL Server to host multiple SharePoint farms, then you should have multiple
instances of SQL Server confi gured. Avoid having two SharePoint farms using the
same SQL instance; managing those databases can quickly become a nightmare,
and security is very touchy.
Creating a New Farm
If you choose to create a new farm, the options are slightly different but similar. You will be taken
to a screen to specify the Database Server and Name. It is recommended to use the default database
name of SharePoint_Confi g. You will also need to enter the username and password for your server
farm account.
Establishing the Farm Account
It is very important to assign the correct settings for the server farm account. This account needs to
be part of the domain, but it only needs to be a regular user and not a domain admin. As part of the
confi guration wizard, SharePoint will elevate this account’s access as necessary. It will be given the
SQL Roles of dbcreator and securityadmin. The account will also be added to the following local
security groups:
IIS_IUSRS

Performance Log Users

Performance Monitor Users


WSS_ADMIN_WPG

WSS_RESTRICTED_WPG

WSS_WPG

The account is also given the following Local Security Policy - User Rights Assignments:
Adjust memory quotas for a process

Logon as a service

Replace a process level token

The account will be used for the following Windows Services:
Windows SharePoint Services Timer V4

Windows SharePoint Services User Code Host V4

98

CHAPTER 4 iNstalliNg aNd coNfigUriNg sharePoiNt 2010
Finally, the account is used for the application pool for SharePoint Central Administration, the
Topology Web Service, and the Security Token Service. With all of that it is very clear that this account
should be considered carefully.
The Farm Passphrase
In the next dialog of the Config Wizard, SharePoint prompts for the farm passphrase. The passphrase
is used to secure farm communications and will have to be provided by any additional servers join-
ing the farm. You should choose a reasonably strong passphrase and document it in a safe place.
Recovering a lost passphrase is very difficult if not impossible. Changing the passphrase is possible
after the farm is online using the Windows PowerShell cmdlet

Set-SPPassPhrase.
Central Administration Settings
In the next screen, the Central Administration settings enable you to configure a port number and
authentication method for your Central Admin web application. It is recommended that you use a
port number that is easy to remember for remote administration.
For authentication methods, the default is NTLM, which should be used unless you need the
Central Administration web application to use Kerberos authentication; typically this is not nec-
essary. Each web application has its own authentication settings, so using NTLM for Central
Administration does not preclude you from using Kerberos on a different SharePoint web
application.
Advanced Settings—SharePoint Foundation Only
The last screen of the Config Wizard enables you to confirm the settings you have chosen before
committing to them. If you are doing anything other than a SharePoint Foundation install, you will
see an Advanced Settings button that is grayed out. If you are doing a SharePoint Foundation install,
this button is enabled. If you click the button, you are taken to the Enable Active Directory Account
Creation Mode screen shown in Figure 4-6.
Active Directory Account Creation Mode (ADACM) is an interesting but mostly unused feature
of SharePoint. It allows your SharePoint farm to be set up to automatically create Active Directory
users when you add them to SharePoint. These new accounts are created in the organizational unit
(OU) specified on the screen. You can even have SharePoint e-mail a notification to users when their
account is created, along with the password. This is a truly automated scenario that works very well
in hosted environments.
Of course, there is a down side. You cannot use existing Active Directory accounts to access SharePoint,
only accounts created through this mode. So if you are deploying SharePoint in ADACM, you cannot
use your existing AD account to access SharePoint. Users hate having one username and password; can
you imagine telling them they need a second username and password to access SharePoint? Now you
can see why this mode is not used very often. And remember, it is only available in Foundation, not
Server.
Using the SharePoint 2010 Wizards


99
FIGURE 46
Other Uses for the Configuration Wizard
After configuration, it is typical to forget about this powerful tool, but that would be a mistake. While
its main focus in life is running after setup.exe to get things squared away, it comes into play through-
out the life of the server. It can be used to change the server that hosts the Central Administration site,
commit patches and upgrades to the farm, and cleanly remove a server from the farm before being
decommissioned.
Error Handling for the Configuration Wizard
If the Config Wizard encounters any errors it will fail and give you the basics of the error along with
a link to the log file. In the log file, which is located in
14\logs, you will be able to trace through
the full details of the error. The most common error seen at this point is related to connecting to the
SQL Server, due to either network issues or security settings on the SQL Server.
Central Administration Wizard
SharePoint thought having the grey wizard was so cool that for 2010 it now has added a white
wizard. After running the grey wizard (also known as the SharePoint Products and Technologies
Configuration Wizard), Central Administration opens up the white wizard (also known as the
Initial Farm Configuration Wizard). On the first page of this white wizard, you can either have
SharePoint automatically provision service applications for you using default settings or choose to
configure everything manually. Service applications are covered in great detail in Chapter 7.
100

CHAPTER 4 iNstalliNg aNd coNfigUriNg sharePoiNt 2010
WHAT DO THE WHITE WIZARD AND GREY WIZARD HAVE TO DO WITH
ANYTHING?
In the grand scheme of things… nothing. SharePoint 2010 is packed full of wizards
with very similar names that do similar tasks. So in order for the authors to keep
track of them they have taken to referring to them by color. The SharePoint 2010
Products and Technologies Wizard, which is also called the confi guration wizard

by some, uses grey as the primary color for all of the screens while the Initial Farm
Confi guration Wizard is run on pages that have white as the primary color. So the
names grey wizard and white wizard were born. Also, if you are fan of the Lord of
the Rings books or movies you may also recall a very similar naming situation. At
the end of the day what you call the wizards are not important; keeping track of
which one does what is.
If you choose to have SharePoint help you confi gure your farm, you are taken to a screen where you
can select an existing managed account or have the wizard create one for you, and then select which
of the service applications you wish to have the wizard confi gure for you.
The wizard will also create a web application at
http://servername and will prompt you for what
template to use for the site collection. The account you are logged in with will be made the site col-
lection administrator. If you are like most users, you probably won’t use this site collection so you
can safely click Skip.
Managed Accounts
New to SharePoint 2010 is the concept of managed accounts. With a managed account, you register
a domain account with SharePoint, which stores the account and its password for reuse. Then, any
time you specify an account in SharePoint—whether it is for application pools, database connections,
or services—you have to select one of your managed accounts. The major upside of this is that now
you have one interface for managing password changes for all of your managed accounts, unlike
previous versions where password changes were a complete nightmare. Also, if you choose, you can
have SharePoint handle the management of this account’s password altogether.
For example; if you have a domain policy that passwords must be changed every 60 days, either
you can confi gure SharePoint to notify you by e-mail so you can come into SharePoint and change
the password manually or you can set SharePoint to automatically change the password in Active
Directory. That way, you don’t need to remember who knows the service account passwords because
only the SharePoint farm does. If you need to manually change the password for any reason, you
can change it from within SharePoint using PowerShell. Working with managed accounts is covered
in greater detail in Chapter 6.
Error Handling for the Central Administration Wizard

The Central Administration wizard also has some built-in error handling. If an individual service
application fails, Central Administration will provide you with an error message listing the service app
that failed, details of the failure, and a correlation ID along with a Next button. It will continue