Sunday, December 18, 2011

How to: Install and Configure SharePoint 2010 - Part 1

Hi all,

Its a long time I posted a blog entry. In fact, its more than 1 year and 3 months to be exact. Anyways, today I will walk through an end to end SharePoint 2010 installation and configuration. I know there are tons of blogs, MSDN entries about this written but I wanted to have complete and holistic step by step installation guide for my own reference and hopefully for others. Here it goes.

My virtual environment is as follows:
  1. VM Player - A free Virtual machine that can be downloaded here
  2. Windows Server 2008 R2 Enterprise here  
  3. SQL Server 2008 R2 Enterprise (64 bit)
  4. SharePoint Server 2010 Enterprise (64 bit)
Setting up a virtual machine:

Step1:
Create a new Virtual Machine via VM wizard and downloaded Windows Server 2008 R2 Enterprise trail version as ISO file.


Step2: 
Enter the Windows Server 2008 R2 product key (I put it blank), chose Windows Server 2008 R2 Enterprise 64 bit, entered full name (Administrator), password and confirm password (sp2010). The password should be entered otherwise we may have issues later on.   


 Step3:
 A message pops up about Windows product key. We just skip and click on the "Yes".


Step4:
One more message pops up and again we click on the "Yes" button. 


Step5:
We then name the Virtual Machine (SP2010) and enter the location of VM. I typically put the VM on D drive on my host PC (Windows 7, 64 bit). 




Step6:
We need to specify the virtual disk space. The default settings is 40 GB but I configured to 100 GB.



Step7:
Next screen shows the location and other details. However, we need to customize the hardware:



Step8:
My PC has 8 GB RAM installed. I allocate 3.5 GB for my virtual machine, configure processors to 2 and other settings.


Step9:
The windows server 2008 R2 installation kicks in: 

Step10:
Windows Server set up for its first use




Setting up a Windows Server 2008 R2:


Step12:
Windows Server 2008 R2 screen will look like this.
We also have to rename our server too.


Step13: 
Its very important to check of windows updates and it will ask for server reboot.  

Step14:
Go to the Server Manager and configure "Internet Explorer Enhanced Security Configuration (IE ESC)" as follows:  

Setting up a Active Directory Domain Services

Step15:
Go to the Server Manager, click on Roles, "Add Roles", check on Active Directory Domain Services.
It will prompt for installing additional components. 

Step 16:
We can view the progress of AD installation


Step 17:
The AD installation completes and we need to configure it. 

Step 18: 
AD DS kicks in and keep default settings and click Next button.

Step 19:
AD wizard asks for an "Existing forest" or "Create a new domain in a new forest". Obviously its our first AD installation on Windows Server 2008 server, we click on latter option.
Step 20:
The wizard requires a name of forest root domain. We enter "contoso.com" as the fully qualified domain name (FQDN)


Step 21: 
AD will look for any existing domain and look for a verification on the server


Step 22: 
Wizard prompts us to set the forest functional level. We set "Windows Server 2008 R2" and click on the Next button.    

Step 23:
The next screen asks for selecting for the domain controller. We keep the default settings and click on the Next button.

Step 24: 
The next button prompts a warning and simply choose "Yes"
Step 25: There is another warning about the delegation of the DNS server and again simply choose "Yes"
Step 26:
The AD wizard asks for the Database, log files ans SYSVOL folder. We keep the default settings and click on the Next button.
Step 27:
The AD wizard asks for the Restore Mode Administrator Password. This option is actually of AD got corrupted then we can easily resurrect using this option. (I entered sp2010!sp2010! )

Step 28: 
At last AD wizard shows the summary and we click on the next button.
Step 29: 
It will take couple of minutes to complete AD configuration and it will display the completion. It will also requires to reboot the server.
 
Step 30:
After server reboot, we need to add few more roles i.e. Application and Web servers.Application server needs additional components as follows:  

Step 31:
We also need to check "Web Server (IIS)" while adding roles.


Step 32: 
We have to check additional components for the Application Server as follows:
 
Step 33: 
We have to check additional components for the Web Server as follows:

Step 34: 
Wizard will configure and install these components on the server: 


Configure SharePoint Services accounts
Step 35:
Now we have to create couple of services accounts that are required by SharePoint 2010.
Navigate to Start >> Administrative Tools >> Active Directory Users and Computers. When its opened Click on the "View"   >> Check "Advanced Features".
I created an organizational unit called as "SharePoint Accounts" and created 4 users.


For e.g. I created an account called "sp_sql" (will be used for SQL service account), an account with log-in credentials (sp2010!). The same procedure will be applied to other accounts.  

We now know why we need these accounts and their usage. 

SharePoint 2010 Service accounts

What is a service account?
A service account is an active directory or a local account  that is NOT used by humans but used by a process. SQL Service has its service account. SharePoint has a couple of services accounts. Service account almost elevate the privileges higher than user accounts are. Therefore its best practice to have services accounts to have least privilege and least service (SQL Server and SharePoint).

Best practice is that service accounts for SharePoint 2010 should have few accounts and not a single account that does everything. Following are the SharePoint 2010 service accounts: 
  1. Farm account:   It runs on the context of SharePoint and its for farm level configuration. 
  2. Search crawler account: at least to have read privilege to the file system objects that will searched and indexed. 
  3. SQL Service account: For database agent and database engine etc. 
  4. Application Pool accounts: App pool protects memory space of our web application.. This is likely to get into trouble even in SharePoint 2010. Therefore these service account should be chosen well and we should know what is going on. 
  5. User profile synchronization account:  It deals with synchronizing the metadata from user active directory properties and SharePoint back again.
  6. Set up account: This account is used to set up SharePoint when installing SharePoint binaries and run the SharePoint products configuration wizard.  

Service accounts
Description
Type of account
Permissions
Farm account
It runs on the context of SharePoint and for the Farm level configuration (sp_farm)
Standard domain user account.

--Local administrators group each WFE (Web Front End)
 --automatically added to the SQL Server Logins, server role, security administrator, "dbcreator" & "securityadmin " in SQL server
--Identity of the SharePoint central admin application pool
--Only account with "write" access on SharePoint configuration database
-- Identity of the Windows SharePoint Services "Timer" service.
Set up account
This account is used while installing SharePoint binaries and run the SharePoint products configuration wizard. (sp_admin)
Standard domain user account
--Local administrators group on each WFE
--"sysadmin" and "dbcreator" roles within the SQL Server instance.
SQL service account
Its for database agent and database engine (sp_sql)
Standard domain user account or local system account
-- Identity of the MSSQLSERVER and SQLSERVERAGENT services
Search crawler account
At least to have read privilege to the file system objects that will be searched and indexed. (sp_search)
Standard domain user account
Only full access to content
User profile synchronization account
It deals with synchronizing the metadata from user active directory properties and SharePoint back again. required to import users from a third party LDAP or another AD domain need to specify the import connection account in SSP Administration when creating the data connection. Requires read access to all attributes for which you want to do a profile import.(sp_usersync)

Requires read access to all attributes for which we want to do a profile import.

My next blog would be Installing and configure SQL Server 2008 R2 and SharePoint 2010.  
I hope this blog gave you more information about SharePoint 2010 internals.

Cheers,
Aroh  

Reference:
SharePoint George -  Least Privilege Service Accounts
SharePoint Pro Mag - Least privilege service accounts
Pauls Wider

No comments:

How to display Sharegate administrative dynamic reports via Power BI on SharePoint Online

After working in the SharePoint domain for a couple of years as SharePoint consultant , I am fortunate enough to help customers from man...