Archive for the ‘MOSS 2007’ Category

Co-Authoring Excel Documents with SharePoint 2013

August 1st, 2014 No comments

Co-authoring documents has been part of SharePoint for quite a while. This feature helps multiple authors work on a given document at the same time while they see each other works in the document so they don’t create conflicts as they edit.

Among all Office client apps (the one that you install with office suit), Excel client does not support co-authoring, only through the Excel Web App can we do this. This has been clearly documented by Microsoft here. The limitation is primarily due to Excel client’s richness in functionality (i.e. – data models in PivotCharts and PivotTables) which makes co-authoring a bit tricky.

The requirement for co-authoring is that the document is in fact stored in SharePoint (on-premise or online in Office365) OR SkyDrive. So if you take the document out of SharePoint (or SkyDrive), co-authoring files will be out of the window with it!! Depending on where the document is stored, there are some similarities and differences in behavior which as been documented here.

Upgrading to SharePoint 2013 doesn’t change these limitations, however SharePoint 2013 adds a few new features to what was already there (see this post here). Overall, there is a better syncing pipeline between co-authors in Excel web apps and there is more visibility over who is online doing “what” in the workbook. Limitations still apply though!! When you view a workbook in Excel Web App 2013, some features are not supported or might work differently, as summarized in this post by Microsoft (Excel Web App 2010 link is here).

A few common questions I get asked by clients about co-authoring:

  • Q) Can you co-author on Excel files stored in SharePoint using Excel clients (2013, 2010, 2007, etc)?
  • A) No. You need Excel Web App and Excel Services depending on what you do in the Excel file.

     Supported software versions


  • Q) Can you take the Excel file out of SharePoint (or SkyDrive) and still co-author?
  • A) No. Co-authoring requires the file to stay in SharePoint (or SkyDrive).
  • Q)Does upgrading to SP2013 really help?
  • A)Yes. It improves the co-authoring experience but the unsupported features differences in behavior between client and browser still applies.
  • Q)What are the unsupported features in Excel web app?
  • A)Here is the list. Please note Microsoft is not using the word “Unsupported”, they’re saying features that differ in the browser, client and then in the description they say it doesn’t work in the browser.

Workblook features that differ between browser and desktop

SharePoint Jargon Is Not a Value-Add, Be Simple!

October 16th, 2013 No comments

As SharePoint evolves, so does its language!  For every new feature or workload Microsoft introduces in this great platform, a whole new buzzword is born. As a SharePoint consultant who has worked with dozens of enterprise customers for a decade, the one thing I have learned, over and over, is that using buzzwords or getting too technical is simply a bad sign in communicating with the business users.

Based on my experience business users only understand (and care for) six things in SharePoint:

  1. Sites: A central place for collaboration, communication, or storing information.
  2. People: Those who are involved in the site, either contributing information, facilitating the communication or consuming information.
  3. Apps: Those similar to what they have in their smart phone! I am sure you have heard this before: On my phone, I can find contacts alphabetically, give me a People Finder in search that works exactly the same! 
  4. Themes: Cosmetics, look and feel , basically everything that can make their ideas shine to the C-Level people.
  5. Search: The one that they use in Google or Bing sites with the exact same simplicity, speed and user experience.
  6. Metadata: Information about their information. Things like Author, Created By, etc.


When you go beyond the basics, it becomes important to have an strategy to make complex matters simple for them to understand. Getting too technical? They don’t understand you. They don’t understand you, then they don’t trust you . If they don’t trust you, nothing will happen, regardless of how qualified you are to get the job done!

So, how should you spoon feed information to your business audience?  I use many techniques varying from one interaction to another. However, the following three techniques are pretty much always in common:

Prepare, Prepare and Prepare

I never EVER meet with a business user without having an agenda. That’s just a simple rule that I never forget. I share the agenda ahead of the time and communicate the outcomes that would like to achieve. Sometimes, I send them home work or a survey to get them THINK in advance.

The Power of Stories

For every topic in my agenda, I have got a supporting story to tell. I try to keep the stories short and add a few jokes here and there. Below is “The New Home Metaphor” and the story I tell my business users when walking them through content migration from file share to SharePoint:

Think of building your SharePoint site as building a new home for your family. You design the structure, layout, façade and other requirements of your new home based on the taste and needs of your family. Before you move in, you divide (classify) all of your possessions into boxes and label (tag) those boxes to indicate “what each box contains” and “where they will be going” in the new home. At the end of the day, what is in those boxes will represents your home and how modern or old-school it looks like. If you are moving into a larger home, you’ll likely take items that were in a single room and put them into multiple rooms. On the other hand, if you are moving into a smaller home, you may end up merging your belongings from several rooms and put them into one single room.

Then there is the “moving day”, and movers help you move into your new home. And that’s when the real work begins!  You want to keep things in order so you can find them faster. You upgrade your home appliance, clean up your home and handle the day-to-day maintenance. Some maintenance like lawn mowing is outsourced, and some is done in-house. You and each member of the family are just one tenant of the new home and you all need to share some facilities, therefore you all need to follow some rules and requirements. There are communication, training, spot checks and monitoring activities to determine if each member of the family is doing their job right.

And the story goes on. You get my point!

The Art of Drawing

I like whiteboard drawings to express myself and to back up my stories in a “visually telling” manner.

I use simple drawings when I feel that the client is overwhelmed and is unable to metabolize the flow of information.  For instance, I draw the following picture on the white board to present the high level structure of Managed Metadata as well as how it works in SharePoint.


I draw the following picture to explain how content types are used as the  “information building blocks” of their sites . This picture is also useful when explaining the difference between managed terms and column metadata.


Make them Feel Part of the Process

Let’s face it. No business user enjoys sitting there in an hour-long meeting, and listen to you talking about how much you are in  love with SharePoint. They quickly get bored and you lose their attention. Use different engaging techniques to make them feel they are part of the process. Conduct workshops, play games, use card sorting, make them draw something on the whiteboard (this one is a bit tricky)…I don’t know, do whatever you can if you don’t want to see them playing with their BalckBerries !



SharePoint is complex! When working with business users, try not to make it more complex than what it is.  Most of business users never even have to know the details like what a web part connection is or how document set works behind the scene. Avoid getting too technical or using jargon simply because you’ll lose their attention.

Try to be simple and focus on helping them get the biggest bang for their buck!



Interesting Difference Between “View Only” & “Read” Permission Levels

October 26th, 2012 5 comments

As the saying goes, the devil is in the details! This meant to be a note to self, but I thought it might be helpful for some of you too. Here we go:

If John has “Read” permission level to a document named sales.docx, John is able to search and find this document and view it either in Office Web App on the server (in the browser), or in Office client on his computer.

If John has “View Only” permission level to sales.docx, John *can* browse to the document library and see the document, however John cannot open the document in Office Word client on his computer.  Lucky John, if Office Web App is installed, John is able to see the document online. Ok, I get it! John has “View Only” permission level and this level doesn’t have “Open Items” permission (See the product documentation here). So far so good…

Interesting part is here –> If John has “View Only” permission level to sales.docx, he is not able to find it using search.  Furthermore, if he types the URL of the document in the browser address bar (http://SharepointSite/doclib/sales.docx), he receives an Access Denied error. Now, I don’t get it! John has “View Only” permission level. He should be able to find the document via search, and see it using Office Web app just like how he’s able to do so when he browses to the document library and clicks on it!

This leads to two different security access behaviors:

  1. If a user has “Read” permission level to a document, they can always find the document using search or browser and open it in the browser or their Office client app.
  2. If a user has “View”Only” permission level to a document, they can only find and open the document in the browser. In that case, Search doesn’t show the document!

Conclusion: Looks like “Open Items” permission plays an important role in search security trimming on the core search result. This makes people with “View Only” permission level ( With No “Open Items” Permission) not to be able to search for the documents they are already authorized to view. Obviously, you can go ahead and change the OOTB View Only permission level , but then again, that’s not “View Only” permission level anymore!

Make sure you are aware of this difference when planning your site permissions.

Policy Enforcement Solutions in SharePoint

July 1st, 2012 No comments

In SharePoint, the concept of policy enforcement is different than security.Security features of the product are used to stop people from accessing secured information and policy enforcement solutions are there to control and limit what users can do with the information once they gain access.

The following figure shows how security and policy enforcement solutions in SharePoint work hand in hand to help you protect and secure your information:


At a very high level, security features of SharePoint are handled at three stages:

1) Authentication : A process in which users prove they are who they claim to be. Typically, SharePoint externalizes its identity management business to other technologies like IIS, Active Directory, SQL Server, Windows Identity Foundation (WIF) and Forefront Identity Management (FIM), to name a few, and relies on standards and identity metasystems like SAML, Trust, Federation to enhance  information security, and enable interoperability.

2) Authorization: Once a user is authenticated and gains access to a SharePoint site, what they can do in the site is important and is primarily determined by a separate process called authorization. SharePoint uses security groups and its extensible permission levels to perform authorization and to adjust a user’s access level to various objects such as sites, subsites and information in those containers. Note that you can use Claims to make authorization decisions in SharePoint too, but that’s out of the scope of this discussion.

3) Security Inheritance : SharePoint security model is designed based on the concept of inheritance . Just as an FYI, inheritance has nothing to do with writing your will or your grandchildren taking over your properties! Most of objects in SharePoint such as sites and documents can inherit the security permissions of their parents or they can have their own security scheme.

Audience Targeting is not a security feature in SharePoint. It has never meant to be like that either! It’s a CSS hack to hide/unhide and to tailor information to specific group of people (an audience group) and should never be used as a mechanism to secure content.

Once a user passes the security barriers mentioned above, there are two primary policy enforcement solutions in SharePoint to further control what needs to happen to the information they consume and interact with:

Information Management Policy: Information Management Policy is a set of rules that define certain behaviours or restrictions on information stored in SharePoint (only to information stored in SharePoint). For example, auditing accessing and modifying secured information is a popular need for many departments such as HR which can be easily implemented using Information Management Policies.

It’s important to note that information management policies in SharePoint can also be used in other use cases such as labeling and retention which has nothing to do with securing information.These policies are created and put in place to ensure your organization stay compliant. What makes Information Management Policy a powerful solution to enforce your organizational policies is that you can create your own custom policies or plug in 3rd party solutions to SharePoint. It’s an extensible framework!

Information Rights Management: People often confuse Information Management Policy with Information Rights Management. Well, they may look the same but they’re two different technologies with a little bit of overlap! I will cover the overlaps in future posts.

One problem with enforcing policies through Information Management Policy is that it only captures and intercepts user interactions with information kept in SharePoint. How the interaction is done is not important. It could be  through Office Clients or Office Web App or even the browser, but the information has to stay in SharePoint in order for the policy to applly. Once the information is taken offline (i.e. download), there is no way to apply those policies to local copies.

Unlike Information Management Policies which is purely a SharePoint-y solution, Information Rights Management policies apply to both online and offline information and works across the board in SharePoint, Office client apps, SharePoint Workspace, Office Web App and Exchange, regardless of where the information is stored and how it is accessed.

Here are a few scenarios that an organization can benefit from using Information Rights Management :



Highjack-Proof Information HR managers can choose to protect downloads from certain HR sites, sections or sub-sections. When a user attempts to download a HR document, system will verify that the user has permissions to the given file, and issues a license to the user that enables their access to the document. System will then download the document to the user’s computer in an encrypted, rights-managed file format which is valid for that user only. If the information is stolen from that user’s computer or secretly copied to another computer, the hijacker won’t be able to open the document.
Online-Only Information HR managers can choose that some information can only be viewed online and only a subset of authorized users can print them and create hard copies.
Information Licensing HR managers can choose the number of days for which the license is valid. After the specified number of days has passed, the license expires, and the user must download the file again from the HR site
Premature Information Disclosure HR managers can choose to remove information protection after a certain date. For example, HR managers may want to make certain information public when off-boarding process for an employee is completed. Before such a date, however, they want to restrict access to such information to prevent premature disclosure.

In the next blog post, we will talk about Information Rights Management in more details.

Categories: MOSS 2007, SharePoint 2010 Tags:

Setting My Regional Settings

December 16th, 2011 No comments

The quesion that came up today was if the SharePoint Server is set to a specific time zone and users are all around the world, how would I programmatically set the right time zone under “My regional settings” for those users in a batch operation?

SPUser object has a property called RegionalSettings by which you can change the regional settings per user.First you need to create an SPRegionalSettings object, set its TimeZone.Id to whatever you wish.

SPRegionalSettings spReg = new SPRegionalSettings(web, true);
spReg.TimeZone.ID = 10; //Toronto

Get the list of all available time zones from here, see the offical MSDN documentation here.

As you can see, SPRegionalSettings takes two parameters, the SPWeb and a boolean. Make sure you pass true to specify that the regional settings object you are creating pertains to the user not the web. Finally set the RegionalSettings property to the settings that you just created above.

user.RegionalSettings = spReg;

user and web variables are your SPUser and SPWeb objects which can be obtained in several ways depending on how you want to go about this. If you are looping through a lot of users to apply this change, you may want to factor in the performance impact and the time required to get this done.

Categories: MOSS 2007, SharePoint 2010 Tags: