Accessing SharePoint document library with AI Search for Azure OpenAI GPT

The first quarter of this year has been insanely busy and has led to my inability to blog as much. I have been carving whatever time I have over the weekends to continue testing new Azure AI Services but couldn’t find the time to clear out my backlog of blog topics.

One of the recent tests I’ve done is to test out the in-preview feature of using Azure AI Search (previously known as Cognitive Search) to index a SharePoint Online document library. This feature has been one that I had interest in because of the vast amounts of SharePoint libraries I work with across different clients and the ability to use Azure OpenAI to tap into the libraries would be very attractive. CoPilot Studio offers such a feature where you can easily configure a SharePoint URL for a CoPilot to tap into but I still prefer Azure AI Services as I feel the flexibility that development offers provides much more creative ideas.

With the above said, the purpose of this post is to provide 2 scripts:

1. Script to create the App Registration with the appropriate permissions to access SharePoint Online
2. Script that will create the AI Search data source, indexer, and index

The deployment will follow the same found in the following Microsoft document: https://learn.microsoft.com/en-us/azure/search/search-howto-index-sharepoint-online

Please take the time to read the supported document formats and limitations of this feature.

Step 1 – Enable system managed assigned managed identity

This step is optional and isn’t needed for the configuration in this blog post because we’ll be including the tenant ID in the connection string of the data source but if your environment uses AI Search to access storage accounts then this will likely already be enabled.

Step 2 – Decide which permissions the indexer requires

There are advantages and disadvantages to go either way. This post will demonstrate using application permissions but the script also includes commented out code for delegated.

Step 3 - Create a Microsoft Entra application registration that will be used to access the SharePoint document library

Use the following script to create the App Registration that will configure the required permissions: https://github.com/terenceluk/Azure/blob/main/AI%20Services/SharePoint%20Online%20Indexer/Create-App-Registration.sh

Note that there does not appear to be a way for Azure CLI to configure Platform configurations so you'll need to manually perform the following after the App Registration is created:

1. Navigate to the Authentication tab of the App Registration
2. Set Allow public client flows to Yes then select Save.
3. Select + Add a platform, then Mobile and desktop applications, then check https://login.microsoftonline.com/common/oauth2/nativeclient, then Configure.

Step 4 to 7 – Create SharePoint data source, indexer, index, and get properties of index

Use the following PowerShell script to create and configure the above components in the desired AI Search: https://github.com/terenceluk/Azure/blob/main/AI%20Services/SharePoint%20Online%20Indexer/Configure-AI-Search-for-SharePoint.ps1

The following components should be displayed when successfully configured:

AI Search Data Source

AI Search Indexer

AI Search Index

Test Chatbot with SharePoint Online document library data

With the AI Search configured to tap into the SharePoint Online library, we can now use the Azure Open AI Studio to test chatting with the data.

Launch Azure Open AI Studio:

Select Add your data and Add a data source:

Select Azure AI Search as the data source:

Select the appropriate subscription, AI Search service, and the index that was created.

There is also an option to customize the field mapping rather than using the default.

These two screenshots show the customization options:

For those who have watched the YouTube videos demonstrating the configuration, most of them have selected “content” for all the fields but as shown in the screenshot below, this is not allowed anymore as of March 23, 2024 because if such an attempt is made, the following error message will be displayed:

You cannot use the same column data in multiple fields

Proceeding to the Data management configuration will reveal that Semantic search is not available:

Only Keyword is available:

Review the configuration and complete the setup:

You should now be able to chat with your data:

Thoughts and Options

As noted in the beginning of the Microsoft document, this preview feature isn’t recommended for production workloads and Microsoft is very clear in the limitations section indicating:

• If you need a SharePoint content indexing solution in a production environment, consider creating a custom connector with SharePoint Webhooks, calling Microsoft Graph API to export the data to an Azure Blob container, and then use the Azure Blob indexer for incremental indexing.

Using the indexer against an Azure Storage account opens up text embedding model capabilities that provide vector and semantic search, which would yield much better results. However, if the requirement is simply to gain some light insight into a SharePoint document library then piloting this preview feature and waiting for it to GA may be a good initiative.

Disabling Teams File Sharing and Disabling OneDrive for Office 365

Two of the most common questions I’ve been asked when engaged with a financial or government organization for a Office 365 deployment, which involves Microsoft Teams and OneDrive is whether it was possible to disable file sharing within teams and/or disabling OneDrive. What’s complicated about this is that Teams integrates with SharePoint Online and therefore is very different than what administrators are used to when working with the older Skype for Business, Lync Server and Office Communications Server. OneDrive is also integrated with SharePoint Online. Given that this appears to be asked frequently and I had reached out to Microsoft support for an official answer, I thought I’d write this short blog post about:

1. Disabling Teams File Sharing (1 method)
2. Disabling OneDrive (2 methods)

Disabling Teams File Sharing

Microsoft Teams uses SharePoint Online for file transfers and storage and therefore removing the SharePoint license from users would prevent them from sharing files. This obviously has the consequence of removing SharePoint Online functionality all together so this may or may not be viable if it is needed. The following is an example of removing the feature for a user who is licensed for E1 or E3:

Open the license properties of the account for the user:

Scroll all the way to the bottom of the licenses until you see the Apps section then click on the downward carrot to expand the list:

Locate the item SharePoint Online (Plan 2) and uncheck it:

Disabling SharePoint will also disable the user’s ability to use SharePoint Online.

Disabling OneDrive

There are 2 ways to disable OneDrive. The first option is to repeat the same procedure as above with Teams.

The second option, which is a bit more complicated is to remove the ability to create OneDrive sites, along with removing any existing sites through the use of PowerShell.

Begin by removing ability to create a site for everyone. Navigate from the admin center then click on SharePoint admin center:

Click on User Profiles:

Click on Manage User Permissions:

Remove the permissions currently configured that allows users to create My Sites:

The above will prevent new users from creating a MySite which is the storage repository of OneDrive.

For users who already have used OneDrive and therefore created a MySite repository, we’ll need to use PowerShell to remove their created MySite.

Connect to SharePoint Online with PowerShell via the following commands in this document: https://docs.microsoft.com/en-us/powershell/sharepoint/sharepoint-online/connect-sharepoint-online?view=sharepoint-ps

Remove the MySite page with PowerShell via the following commands in this document: https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/remove-sposite?view=sharepoint-ps

The command above will require you to enter the URL of the MySite page of the user who has OneDrive access and to determine the URL, navigate to the user’s account properties in the Microsoft 365 admin center, the OneDrive menu and then click on Create link to files to generate the URL to this user account’s MySite page:

The action will create a URL for you to copy and paste into the command to remove the MySite page:

Remove-SPOSite -Identity https://44-my.sharepoint.com/personal/tluk -NoWait

The second option is a bit of a manual process but if there a lot of user accounts then it would be worthwhile to create a script that will traverse through each account and export the link rather than manually doing so from the GUI.

Generating a SharePoint Online permissions audit report by site collection

I was recently asked by a client to look for a PowerShell script that would export the permissions for all of the files and folders within each of their site collection so they can perform a thorough audit and as common as such a request seemed to me, I had much difficulty when I searched through the internet for such a script. Since I did not have any luck finding one that actually worked, I reached out to one of our SharePoint resources for help and he eventually provided one that was able to execute and export the permissions to a CSV file. I am unsure as to where the script is from so I’d like to apologize for not crediting the author but I hope this will provide anyone who may be looking for such a script as I did.

The generated report will look as such:

 

The following PowerShell script runs against per site collection so you will need to run it multiple times against as many sites as required as well as grant yourself administrative permissions to the site collection:

The script only requires two lines to be adjusted accordingly:

#region ***Parameters***

$SiteURL="https://contoso.sharepoint.com/"

$ReportFile="C:\temp\SitePermissionRepor.csv"

#endregion

Other sites will require the path to be adjusted as such:

$SiteURL="https://contoso.sharepoint.com/sites/FinanceSite"

The following is the PowerShell script:

#Function to Get Permissions Applied on a particular Object, such as: Web, List, Folder or List Item

Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)

{

#Determine the type of the object

Switch($Object.TypedObject.ToString())

    {

"Microsoft.SharePoint.Client.Web"  { $ObjectType = "Site" ; $ObjectURL = $Object.URL; $ObjectTitle = $Object.Title }

"Microsoft.SharePoint.Client.ListItem"

        {

If($Object.FileSystemObjectType -eq "Folder")

            {

$ObjectType = "Folder"

#Get the URL of the Folder

$Folder = Get-PnPProperty -ClientObject $Object -Property Folder

$ObjectTitle = $Object.Folder.Name

$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.Folder.ServerRelativeUrl)

            }

Else #File or List Item

            {

#Get the URL of the Object

Get-PnPProperty -ClientObject $Object -Property File, ParentList

If($Object.File.Name -ne $Null)

                {

$ObjectType = "File"

$ObjectTitle = $Object.File.Name

$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.File.ServerRelativeUrl)

                }

else

                {

$ObjectType = "List Item"

$ObjectTitle = $Object["Title"]

#Get the URL of the List Item

$DefaultDisplayFormUrl = Get-PnPProperty -ClientObject $Object.ParentList -Property DefaultDisplayFormUrl

$ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$Object.ID)

                }

            }

        }

Default

        {

$ObjectType = "List or Library"

$ObjectTitle = $Object.Title

#Get the URL of the List or Library

$RootFolder = Get-PnPProperty -ClientObject $Object -Property RootFolder

$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $RootFolder.ServerRelativeUrl)

        }

    }

#Get permissions assigned to the object

Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments

#Check if Object has unique permissions

$HasUniquePermissions = $Object.HasUniqueRoleAssignments

#Loop through each permission assigned and extract details

$PermissionCollection = @()

Foreach($RoleAssignment in $Object.RoleAssignments)

    {

#Get the Permission Levels assigned and Member

Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member

#Get the Principal Type: User, SP Group, AD Group

$PermissionType = $RoleAssignment.Member.PrincipalType

#Get the Permission Levels assigned

$PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name

#Remove Limited Access

$PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","

#Leave Principals with no Permissions

If($PermissionLevels.Length -eq 0) {Continue}

#Get SharePoint group members

If($PermissionType -eq "SharePointGroup")

        {

#Get Group Members

$GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName

#Leave Empty Groups

If($GroupMembers.count -eq 0){Continue}

$GroupUsers = ($GroupMembers | Select -ExpandProperty Title) -join ","

#Add the Data to Object

$Permissions = New-Object PSObject

$Permissions | Add-Member NoteProperty Object($ObjectType)

$Permissions | Add-Member NoteProperty Title($ObjectTitle)

$Permissions | Add-Member NoteProperty URL($ObjectURL)

$Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)

$Permissions | Add-Member NoteProperty Users($GroupUsers)

$Permissions | Add-Member NoteProperty Type($PermissionType)

$Permissions | Add-Member NoteProperty Permissions($PermissionLevels)

$Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")

$PermissionCollection += $Permissions

        }

Else

        {

#Add the Data to Object

$Permissions = New-Object PSObject

$Permissions | Add-Member NoteProperty Object($ObjectType)

$Permissions | Add-Member NoteProperty Title($ObjectTitle)

$Permissions | Add-Member NoteProperty URL($ObjectURL)

$Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)

$Permissions | Add-Member NoteProperty Users($RoleAssignment.Member.Title)

$Permissions | Add-Member NoteProperty Type($PermissionType)

$Permissions | Add-Member NoteProperty Permissions($PermissionLevels)

$Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")

$PermissionCollection += $Permissions

        }

    }

#Export Permissions to CSV File

$PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append

}

#Function to get sharepoint online site permissions report

Function Generate-PnPSitePermissionRpt()

{

[cmdletbinding()]

Param

    (   

[Parameter(Mandatory=$false)] [String] $SiteURL,

[Parameter(Mandatory=$false)] [String] $ReportFile,

[Parameter(Mandatory=$false)] [switch] $Recursive,

[Parameter(Mandatory=$false)] [switch] $ScanItemLevel,

[Parameter(Mandatory=$false)] [switch] $IncludeInheritedPermissions

    ) 

Try {

#Connect to the Site

Connect-PnPOnline -URL $SiteURL -UseWebLogin

#Get the Web

$Web = Get-PnPWeb

Write-host -f Yellow "Getting Site Collection Administrators..."

#Get Site Collection Administrators

$SiteAdmins = Get-PnPSiteCollectionAdmin

$SiteCollectionAdmins = ($SiteAdmins | Select -ExpandProperty Title) -join ","

#Add the Data to Object

$Permissions = New-Object PSObject

$Permissions | Add-Member NoteProperty Object("Site Collection")

$Permissions | Add-Member NoteProperty Title($Web.Title)

$Permissions | Add-Member NoteProperty URL($Web.URL)

$Permissions | Add-Member NoteProperty HasUniquePermissions("TRUE")

$Permissions | Add-Member NoteProperty Users($SiteCollectionAdmins)

$Permissions | Add-Member NoteProperty Type("Site Collection Administrators")

$Permissions | Add-Member NoteProperty Permissions("Site Owner")

$Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")

#Export Permissions to CSV File

$Permissions | Export-CSV $ReportFile -NoTypeInformation

#Function to Get Permissions of All List Items of a given List

Function Get-PnPListItemsPermission([Microsoft.SharePoint.Client.List]$List)

        {

Write-host -f Yellow "`t `t Getting Permissions of List Items in the List:"$List.Title

#Get All Items from List in batches

$ListItems = Get-PnPListItem -List $List -PageSize 500

$ItemCounter = 0

#Loop through each List item

ForEach($ListItem in $ListItems)

            {

#Get Objects with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch

If($IncludeInheritedPermissions)

                {

Get-PnPPermissions -Object $ListItem

                }

Else

                {

#Check if List Item has unique permissions

$HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property HasUniqueRoleAssignments

If($HasUniquePermissions -eq $True)

                    {

#Call the function to generate Permission report

Get-PnPPermissions -Object $ListItem

                    }

                }

$ItemCounter++

Write-Progress -PercentComplete ($ItemCounter / ($List.ItemCount) * 100) -Activity "Processing Items $ItemCounter of $($List.ItemCount)" -Status "Searching Unique Permissions in List Items of '$($List.Title)'"

            }

        }

#Function to Get Permissions of all lists from the given web

Function Get-PnPListPermission([Microsoft.SharePoint.Client.Web]$Web)

        {

#Get All Lists from the web

$Lists = Get-PnPProperty -ClientObject $Web -Property Lists

#Exclude system lists

$ExcludedLists = @("Access Requests","App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",

"Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Images", "site collection images"

,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Reporting Metadata", "Reporting Templates", "Search Config List","Site Assets","Preservation Hold Library",

"Site Pages", "Solution Gallery","Style Library","Suggested Content Browser Locations","Theme Gallery", "TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Pages")

$Counter = 0

#Get all lists from the web  

ForEach($List in $Lists)

            {

#Exclude System Lists

If($List.Hidden -eq $False -and $ExcludedLists -notcontains $List.Title)

                {

$Counter++

Write-Progress -PercentComplete ($Counter / ($Lists.Count) * 100) -Activity "Exporting Permissions from List '$($List.Title)' in $($Web.URL)" -Status "Processing Lists $Counter of $($Lists.Count)"

#Get Item Level Permissions if 'ScanItemLevel' switch present

If($ScanItemLevel)

                    {

#Get List Items Permissions

Get-PnPListItemsPermission -List $List

                    }

#Get Lists with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch

If($IncludeInheritedPermissions)

                    {

Get-PnPPermissions -Object $List

                    }

Else

                    {

#Check if List has unique permissions

$HasUniquePermissions = Get-PnPProperty -ClientObject $List -Property HasUniqueRoleAssignments

If($HasUniquePermissions -eq $True)

                        {

#Call the function to check permissions

Get-PnPPermissions -Object $List

                        }

                    }

                }

            }

        }

#Function to Get Webs's Permissions from given URL

Function Get-PnPWebPermission([Microsoft.SharePoint.Client.Web]$Web)

        {

#Call the function to Get permissions of the web

Write-host -f Yellow "Getting Permissions of the Web: $($Web.URL)..."

Get-PnPPermissions -Object $Web

#Get List Permissions

Write-host -f Yellow "`t Getting Permissions of Lists and Libraries..."

Get-PnPListPermission($Web)

#Recursively get permissions from all sub-webs based on the "Recursive" Switch

If($Recursive)

            {

#Get Subwebs of the Web

$Subwebs = Get-PnPProperty -ClientObject $Web -Property Webs

#Iterate through each subsite in the current web

Foreach ($Subweb in $web.Webs)

                {

#Get Webs with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch

If($IncludeInheritedPermissions)

                    {

Get-PnPWebPermission($Subweb)

                    }

Else

                    {

#Check if the Web has unique permissions

$HasUniquePermissions = Get-PnPProperty -ClientObject $SubWeb -Property HasUniqueRoleAssignments

#Get the Web's Permissions

If($HasUniquePermissions -eq $true)

                        {

#Call the function recursively                           

Get-PnPWebPermission($Subweb)

                        }

                    }

                }

            }

        }

#Call the function with RootWeb to get site collection permissions

Get-PnPWebPermission $Web

Write-host -f Green "`n*** Site Permission Report Generated Successfully!***"

     }

Catch {

write-host -f Red "Error Generating Site Permission Report!" $_.Exception.Message

   }

}

#region ***Parameters***

$SiteURL="https://contoso.sharepoint.com/"

$ReportFile="C:\temp\SitePermissionRepor.csv"

#endregion

#Call the function to generate permission report

#Generate-PnPSitePermissionRpt -SiteURL $SiteURL -ReportFile $ReportFile -Recursive

Generate-PnPSitePermissionRpt -SiteURL $SiteURL -ReportFile $ReportFile -Recursive -ScanItemLevel

Attempting to install NuGet provider in PowerShell fails with: "PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider."

You’re attempting to install a PowerShell module such as SharePointPnPPowerShellOnline to use Connect-PNPONline (https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/connect-pnponline?view=sharepoint-ps) to establish a connection to SharePoint online, which prompts you to install the NuGet provider. Proceeding to answer yes to the prerequisite install quickly fails with the following message:

PS C:\> Install-Module SharePointPnPPowerShellOnline

NuGet provider is required to continue

PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet

provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or

'C:\Users\tluk\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running

'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import

the NuGet provider now?

[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y

WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.

WARNING: Unable to download the list of available providers. Check your internet connection.

PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider

'NuGet'. The package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package

has the tags.

At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21

+ ... $null = PackageManagement\Install-PackageProvider -Name $script:N ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac

kageProvider], Exception

+ FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro

vider

PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name

'NuGet'. Try 'Get-PackageProvider -ListAvailable' to see if the provider exists on the system.

At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7411 char:21

+ ... $null = PackageManagement\Import-PackageProvider -Name $script:Nu ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidData: (NuGet:String) [Import-PackageProvider], Exception

+ FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProv

ider

WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.

WARNING: Unable to download the list of available providers. Check your internet connection.

PackageManagement\Get-PackageProvider : Unable to find package provider 'NuGet'. It may not be imported yet. Try

'Get-PackageProvider -ListAvailable'.

At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7415 char:30

+ ... tProvider = PackageManagement\Get-PackageProvider -Name $script:NuGet ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : ObjectNotFound: (Microsoft.Power...PackageProvider:GetPackageProvider) [Get-PackageProvi

der], Exception

+ FullyQualifiedErrorId : UnknownProviderFromActivatedList,Microsoft.PowerShell.PackageManagement.Cmdlets.GetPacka

geProvider

Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201'

or newer version of NuGet provider is installed.

At line:1 char:1

+ Install-Module SharePointPnPPowerShellOnline

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException

+ FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module

PS C:\>

Solution

A quick workaround for this error is configure TLS 1.2 for the PowerShell session with the following command:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

NuGet provider will install once the above is executed:

PS C:\> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

PS C:\> Install-Module SharePointPnPPowerShellOnline

NuGet provider is required to continue

PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet

provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or

'C:\Users\tluk\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running

'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import

the NuGet provider now?

[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y

Untrusted repository

You are installing the modules from an untrusted repository. If you trust this repository, change its

InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from

'PSGallery'?

[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): Y

PS C:\>

To permanently correct the issue, open the registry and navigate to the following path for the 64 bit .Net Framework:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319

Add the chUseStrongCrypto key with the following PowerShell cmdlet:

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

Repeat the same for the 32 bit .Net Framework:

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

Clean MOSS Farm Install Error - 403 - Forbidden: Access is denied.

After finishing the MOSS 2007 64bit SP2 on Windows Server 2008 base OS, I went ahead to create a web application and then a site collection as per document's instructions: http://technet.microsoft.com/en-us/library/cc262714.aspx

The problem I experienced was that when I hit the new site, everything loads except for the graphics. I went ahead to figure out the directory for the image and I can go to the directory to see the picture. Since the pictures weren't showing up, I also tried to directly access the image through the URL: http://99.99.5.91/_layouts/images/navshape.jpg and this is where I get a:

· 403 - Forbidden: Access is denied.

You do not have permission to view this directory or page using the credentials that you supplied.

I have no issues with all the images in the Sharepoint Administration page and when I browse the image via http://server1:32873/_layouts/images/recycbin.gif I can see the recycling bin.

I went ahead to try to review the permissions to see if they were set appropriately and they were (Users and WSS_admin_wpg were listed). As a troubleshooting step, I also added “everyone” and the “IUSER” account to read access but even by doing so, I was still getting the 403 error.

After spending some more time to troubleshoot the issue, I noticed that both:

1. Allow unspecified CGI modules

2. Allow unspecified ISAPI modules

…were both unchecked. This was when I finally found a workaround here: http://support.microsoft.com/default.aspx/kb/942065

This fixed the problem but it was only for this site. As soon as I deployed another site, it would have the same issues.

With a bit more troubleshooting, I realized that there was a missing component required for IIS and that was the “ASP.NET” in the Web server role services.

This was not included in this document: http://technet.microsoft.com/en-us/library/cc731760.aspx

I asked a Microsoft engineer as to why this was not included in the document and he pointed me to this link: http://technet.microsoft.com/en-us/library/cc263408.aspx I wasn’t able to find a list of components required either so I ended up documenting the information in the following table so I have a reference list of what is required to be installed in case I need it in the future.

Description

Front-end Server

Roles

Web Server (IIS)

· Common HTTP Features

· Static Content

· Default Document

· Directory Browsing

· HTTP Errors

· Application Development

· ASP.NET

· .NET Extensibility

· ISAPI Extensions

· ISAPI Filters

· Health and Diagnostics

· HTTP Logging

· Logging Tools

· Request Monitor

· Security

· Basic Authentication

· Windows Authentication

· Request Filtering

· Performance

· Static Content Compressions

· Management Tools

· IIS Management Console

· IIS 6 Management Compatibility

· IIS 6 Metabase Compatibility

Features

Microsoft .Net Framework 3.0 Features

· .NET Framework 3.0

· XPS Viewer

Remote Server Administration Tools

· Role Administration Tools

· Web Server (IIS) Tools

Windows Process Activation Service

· Process Model

· .NET Environment

· Configuration

Reinstalling MOSS and Required Components (IIS 7.0)

This was one of the problems I encountered a year or two ago while during a project at a college when installing MOSS 2007 on a Windows 2008 server:

One of the problems I encountered while reinstalling a MOSS farm front-end servers was when I had removed IIS 7.0 from Windows Server 2008 and tried to reinstall it. What happened was that it would keep failing when I tried to reinstall IIS 7.0 and the various components required for the installation. After troubleshooting for a bit, I realized that in order for IIS 7.0 to reinstall properly, you need to uninstall Windows Process Activation Service in the Features section. This component is required component and is automatically installed when you install IIS 7.0 but is not automatically uninstalled if you remove IIS 7.0 from the roles. The following is a screenshot of where it can be found:

MOSS 2007 TCP/IP and Named Pipes Requirements

Yes, I know SharePoint 2010 is out but in case anyone is interested in knowing what I found out 3 years back:

As per the documentation in the MOSS installation guide, it’s been noted that both TCP/IP and Named Pipes are supposed to be turned on. What’s interesting is that I’ve come across an environment with a farm setup that only had TCP/IP turned on yet was still functioning. I spoke with a Microsoft Engineer about this and they couldn’t really explain it either. In any case, best practice is to follow the guide to ensure this is turned on.

Configure surface area settings in SQL Server 2005

1. Click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration.

2. In the SQL Server 2005 Surface Area Configuration dialog box, click Surface Area Configuration for Services and Connections.

3. In the tree view, expand the node for your instance of SQL Server, expand the Database Engine node, and then click Remote Connections.

4. Select Local and Remote Connections, select Using both TCP/IP and named pipes, and then click OK.