Updated – Maximizing SharePoint Security Whitepaper 2.0

I updated Maximizing SharePoint Security whitepaper with points and topics related to SharePoint 2016 as the following:

  • Added CIS SharePoint 2016 benchmark
  • Added New features of SharePoint 2016 which related to security like
    • Data Loss Prevention
    • Outgoing SMTP Encryption
    • TLS 1.2 support
    • Patching with Zero downtime
    • New changes for SharePoint 2016 service accounts

You can download the document from this URL https://gallery.technet.microsoft.com/Maximizing-SharePoint-cf7f7efc


SharePoint Search result Page throw Error for anonymous User

When anonymous user go to SharePoint search , he got an error with correlation id, when checked the logs I found the following error related to Security Token and SPContext:


To fix the issue, you have to change impersonate=”true” as it’s the default value in web.config:

<identity impersonate=”true” />

and to resolve custom code that need to use impersonate=”false”, run you code with evaluated privilege.

Install SharePoint 2016 Prerequisites Offline/Manually

Nothing new in installing SharePoint 2013/2016 prerequisites offline or manually and you can find many articles for how to do it like for example https://gallery.technet.microsoft.com/office/PreRequisites-for-7f719ff3  but here just some notes to be considered.

  1. You can install all SharePoint prerequisites manually except for Windows Server App Fabric, you need to install it using the following command:
    WindowsServerAppFabricSetup_x64.exe /i CacheClient,CachingService,CacheAdmin /gac
  2. Or by running the following command using  prerequisite installer
    prerequisiteinstaller.exe /AppFabric:path\appFabric1.1-RTM-KB2671763.exe
  3. To install .NET Framework manually, make sure to enable this policy Specify settings for optional component installation and component repair if you want to install it from the internet.
    Dism /online /enable-feature /featurename:NetFX3 /All
  4. Or to install it from the ISO windows server
    Dism /online /enable-feature /featurename:NetFX3 /All /Source:D:\sources\SxS /LimitAccess
  5. Install WcfDataServices by command:
    prerequisiteinstaller.exe /wcfdataservices56: WcfDataServices.exe location

Recommendations for Patching SharePoint 2016

According to Microsoft and other references, SharePoint patching has the following criteria:

  1.  SharePoint 2016 publish new Cumulative update for each month
  2. Always last cumulative update includes Feature 1 & Feature 2 of SharePoint 2016
  3. Start install update file start with “sts” which is the primary SharePoint update
  4. Then install the second file start with “wss” which is contains updates for all languages
  5. SharePoint does not require a specific order for servers to patch
  6. To patch SharePoint 2016 with zero downtime then you need to fulfill a specific condition, for more information
  7. SharePoint 2016 binaries, patches, and language packs include all the fixes are required for Project Server
  8. After applying the patching, run Configuration Wizard in each server or run this command
    psconfig -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd secureresources
  9. In case of issues, review the PSConfig and Upgrade log files
  10. To reduce the time of patching, make sure to stop these services: SharePoint Timer Service, SharePoint Search Service, SharePoint Search HostController Service and IIS
  11. SQL Server patching is separated from SharePoint patching
  12. Always check these sites for new updates and recommendations
  13. Review Microsoft SharePoint update deployment cycle https://technet.microsoft.com/library/476d6a49-7263-4460-8e4c-28102fec1442(v=office.16).aspx#updateprocess