Skip Ribbon Commands
Skip to main content
 

 Follow Me

 
 
 
 

 SharePoint Blog List

 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
Todd Klindt's home page > Todd Klindt's SharePoint Admin Blog
What's going on with TK.
March 05
Podcast 238 - I Blacked Out for a Minute

In tonight's podcast I talk about the new changes to the SharePoint patching model. After all the whining about that is over I tell the good news that I'll be speaking at Ignite in a couple of months. Then I talk about how to get your Claims provider to search for users, and how to find the users in your AD whose passwords are set to expire.

Audio File

Video File

Podcast 238 - I Blacked Out for a Minute (Time 0_06_48;22)

YouTube (Subscribe)

Running Time: 33:32

Links:

02:49 SharePoint patches are no longer in Windows Update
11:00 - I'm speaking at Ignite
11:19 - End-to-End OneDrive for Business Planning, Deployment, Best Practices and Adoption Techniques
14:35 - Upgrade to Microsoft SharePoint 2013 and Ready for Cloud Potential
17:05 - Fixing People Picker for SAML Claims Users Using LDAP
19:30 - LDAP/AD Claims Provider For SharePoint 2013
20:30 - How to find Active Directory users NOT set to PasswordNeverExpires with PowerShell

Brought to you by Rackspace

ShortURL: http://www.toddklindt.com/Podcast238

March 03
Podcast 237 - No Oscar For You

Shane graciously fills in for me this week while I'm on the road. He does an okay job. He talks about tablets, Yammer, SuperFish, and an idiot relative he has. He finishes up with a story on how to fail and still win big. Not a bad podcast, for Shane.

Audio File

Video File

Podcast 237 - No Oscar For You (Time 0_00_26;18)

YouTube (Subscribe)

Running Time: 32:10

Links:

00:58 - Cloud Platform at Rackspace
02:24 - CMSWire Article
04:10 - How to use Windows Update to Patch your SharePoint Servers
07:40 - Tablet version of Office 2016 available in Beta Store
09:10 - PowerShell Desired State Configuration free training
12:20 - SuperFish is bad
18:00 - Microsoft Band gets new features
19:50 - Microsoft Band SDK Preview
21:14 - How to Fail at Everything and Still Win Big
21:36 - Passion is Bull$#!+
26:23 - Mike Rowe on Following Your Passion

Brought to you by Rackspace

ShortURL: http://www.toddklindt.com/Podcast237

March 02
SharePoint Server Patches Are No Longer Published in Windows Update

The people have spoken and Microsoft has decided to not include SharePoint server patches in Windows Update.

A couple of weeks ago I blogged that Microsoft had started pushing SharePoint patches out in Windows Update. Then I walked you through the process in this blog post. Today, Stefan Gossner posted on his blog that there were some more changes. Here is the relevant part for us:

As of March 2015, all Office product updates will be offered via Microsoft Update except for non-security updates for server products.

Emphasis mine.

It sounds like they’re going back to the Pre-February 2015 changes. This doesn’t change my guidance that you should not enable Automatic Updates in Windows Update, at least not in Production.

tk

ShortURL: http://www.toddklindt.com/NoSharePointPatchesInWU

February 20
How to use Windows Update to Patch your SharePoint Servers

Edit 3/2/2015 - This has been changed, please read SharePoint Server Patches Are No Longer Published in Windows Update.

Since Microsoft has started pushing out SharePoint patches in Windows Update there has been a lot of confusion from SharePoint Admins about how all this will work. Fear not, intrepid blog readers, we’ll get to the bottom of it. In this blog post I’ll show you how to verify that Windows Update will update SharePoint, in case that’s the way you roll.

We start out with a SharePoint 2013 server, running on Windows 2012. It is not set to allow Windows Update to patch SharePoint, or any other applications for that matter. It is set to “Download Only” for OS patches. When I open up Windows Update (Win + R > wuapp) this is what I see:

2015-02-14_20-26-17 -edit

67 important patches, 66 of which are itching to be installed. Here is the list:

2015-02-14_20-26-52

Notice that it’s all OS patches. If we go back to the first Windows Update screen there is an innocent looking link at the bottom, “Get updates for other Microsoft products. Find out more.” This is the setting that controls whether SharePoint, and other Microsoft products, is updated with Windows Update. Let’s click it. I like clicking.

2015-02-14_20-27-45

Click the Agree box and then Next.

2015-02-14_20-28-14

I want to continue to use my Current Settings, which are “Download Only, don’t install.”

If all goes well then you’ll get this page.

2015-02-14_20-28-36

Now go back to Windows Update and have it check for updates. Remember we had 67 before, so 67 is the number to beat.

2015-02-14_20-30-45

Things are looking up.

2015-02-14_20-33-36

Now there 84 Important patches and a couple of optional updates thrown in for good measure. Let’s see what they are.

2015-02-14_20-34-28 -edit

There they are, the patches inside of the February 2015 CUs. They are checked, so if we had Windows Updates set to automatically install, they would be. Also note right above it there is a SQL Service Pack trying to sneak in. While I’m a SharePoint guy, I’m sure SQL doesn’t like getting updated via Windows Update either. So make sure you look around in here and understand what is going to be patched now.

Let’s go ahead and click Install and get SharePoint up to date.

2015-02-14_20-47-32

There’s the pudding with the proof right in it. SharePoint should continue to work just fine as your servers update themselves. You will need to run the Config Wizard (psconfig) on all of the servers after they’re all patched. Also note that the SharePoint Server patches are in the Office 2013 group in Windows Update. This is the same group that contains the Office 2013 Clients like Word and Excel. If you’re running WSUS make sure you have a separate computer group for your SharePoint servers. You probably do want to push the Office 2013 client updates to your workstations, but you probably don’t want to push them out to SharePoint servers quite as aggressively.

I hope that clears up some of the confusion over the recent change to SharePoint patching. If you have any questions or comments, leave them in the comment box below.

tk

ShortURL: http://www.toddklindt.com/EnableSharePointPatchesInWu

Edit 3/2/2015 - This has been changed, please read SharePoint Server Patches Are No Longer Published in Windows Update.

February 19
Podcast 236 - No One Ever Complains about SharePoint Patches

Tonight's Podcast is a milestone. I bring in my first, non-Shane guest, Bill Baer (Blog|Twitter). Bill is a Senior Product Manager for SharePoint at Microsoft. Bill and I wax nostalgically about the crazy ride SharePoint has been. Then Bill talks about how great Ignite is going to be, especially for SharePoint folks. SharePoint 2016 has been a big topic on everyone's mind lately and Bill tells us all he can about it. Next we talk about the big changes to SharePoint patching and Bill tries to make it sound like a good thing. :) After Bill signs off I talk a bit about Windows 10 for phones, and how the upgrade went for me. Spoiler alert, not great.

Audio File

Video File

2015-02-19_8-53-47

YouTube (Subscribe)

Running Time: 58:45

Links:

  1. 07:00 - The SharePoint Journey
  2. 17:35 - Top 3 sessions to learn more about SharePoint Server 2016 at Microsoft Ignite
  3. 29:00 - Customer Feedback for SharePoint Server
  4. 46:04 - SharePoint Patches are Now Part of Windows Update, For Real!
  5. 54:35 - Windows 10 Technical Preview for phones now available to download!

Brought to you by Rackspace

ShortURL: http://www.toddklindt.com/Podcast236

February 16
Podcast 235 - Pipe Dream, Unicorns, and Pixy Dust

We filmed this Podcast live at SPTechCon in Austin. Shane joined in the fun. The audio is a little rough, though. Sorry. He and I chat about the future of SharePoint and what it means for us and businesses. We move to Windows 10 and my addiction to gadgets. Then he gets me into trouble with my wife and makes me tell a story about a spanking I got as a child. Good times for everyone involved.

Audio File

Video File

Podcast 235 - Pipe Dream, Unicorns, and Pixy Dust (Time 0_24_07;10)

YouTube (Subscribe)

Running Time: 51:18

Links:

18:35 - How to upgrade to Windows 10 via Windows Update
30:00 - Toshiba Encore Mini Unboxing Video

Brought to you by Rackspace

ShortURL: http://www.toddklindt.com/Podcast235

February 12
SharePoint Patches are Now Part of Windows Update, For Real!

Edit 3/2/2015 - This has been changed, please read SharePoint Server Patches Are No Longer Published in Windows Update.

Starting with the February 2015 CUs, all the SharePoint patches will try to sneak onto your unsuspecting SharePoint servers via Windows Update. Here’s a snippet from Stefan Goßner’s blog post on the matter:

“Be aware that starting with February 2015 CU SharePoint Product Updates including non-security product updates will be made available via Windows Update.”

He included a screenshot to really drive home the horror. Here’s my version of this:

image

Not only do the SharePoint patches show up in Windows Update, they show up as Important updates. That means Windows Update will install them when it gets a chance without warning you at all. As a guy that maintains a wiki whose sole purpose in life is to document problems with SharePoint patches, this gives me the willies. The files highlighted above are the same files that would be installed if you installed the February 2015 CU packages. The CU just puts them in one (or two) big files. What does this mean for you, the harried SharePoint administrator? Allow me to address that in the form of Frequently Asked Questions, that I actually have not actually been asked.

Q1) Is this real? Are you fooling me? Am I on TV? Where are the cameras?

A2) I assure you, this is all real. No screenshots were harmed in the making of this blog post.

Q2) How does this impact my Windows Update settings on my SharePoint servers? I’m scared, hold me!

A2) My lawyers have advised me that cuddling with my readers is strictly forbidden. No exceptions. However, I can help with the Windows Update settings part. Because of problems I’ve had in the past, for years I have recommended not allowing Windows Update to automatically update your SharePoint servers. I set all of mine to “Download only.” This only reinforces my feelings on that. Of course then you have to be diligent about going in and manually installing the patches on all of your servers, every. single. month. That’s a lot to remember.

A better solution is to start using Windows Server Update Services (WSUS) to distribute Windows and SharePoint patches to your servers. This gives you central patching control of all of your servers. In my opinion it’s better than not patching your servers and it’s better than letting SharePoint get patched every month.

Q3) If these patches are installed via Windows Update do I still need to run the Config Wizard after they’re installed?

A3) Absolutely. This requirement has not changed. SharePoint will run, mostly happily, with the binaries updated but without having run the Config Wizard. It’s not a great place to be in, but it will work. You shouldn’t have to worry about your SharePoint farm falling on its face immediately after the patch is installed, at least not because of the Config Wizard hasn’t been run. However, to prevent weird issues from popping up, it’s best to run the Config Wizard as soon as possible after any patch is installed.

Those are all of the phony FAQs I can dream up for now. If you have more questions, throw them in the comments below. I may add them to the article.

Thanks, and happy patching, intentional or not. Smile

tk

ShortURL: http://www.toddklindt.com/SharePointPatchesInWU

Edit 3/2/2015 - This has been changed, please read SharePoint Server Patches Are No Longer Published in Windows Update.

February 07
How to find Active Directory users NOT set to PasswordNeverExpires with PowerShell

I decided to blog this little nugget because everything I found on the web was exactly the opposite of what I wanted to do. Usually when someone is using PowerShell to look for users in the context of the PasswordNeverExpires property, they’re looking for users where PasswordNeverExpires is set to True and they want to set it to False. It’s generally understood that having passwords never expire is a security risk, so most of the time people want to hunt those accounts down. But you know me, I love a good PowerShell challenge and this week someone needed to find all the accounts where the passwords were allowed to expire, so I stepped up to the plate.

First, just for completeness I’ll include how to do the opposite of what I wanted to do:

Search-ADAccount -PasswordNeverExpires | select SamAccountName, UserPrincipalName

That will return all of the users in your domain whose accounts are set so their passwords never expire. In most cases, these accounts are hunted down and set so their passwords do expire.

If PowerShell can’t find the Search-ADAccount cmdlet make sure the Active Directory module is installed. If it’s not, use this command to install it:

Add-WindowsFeature RSAT-AD-PowerShell

Then make sure it’s loaded in your PowerShell host:

Import-Module ActiveDirectory

With that out of the way, how do we do the opposite, the thing I really needed to do? How do we find accounts that are NOT set to have their passwords never expire? It took some backward thinking, but here’s what I came up with:

Get-ADUser -Filter 'PasswordNeverExpires -eq $false' -SearchBase "CN=Users,DC=contoso,DC=com" | select name

If you’d like to see how many it is, you can use Count property like this:

(Get-ADUser -Filter 'PasswordNeverExpires -eq $false' -SearchBase "CN=Users,DC=contoso,DC=com").Count

And if, for some silly reason, you want to set these accounts so that PasswordNeverExpires is set to True you could do it like this:

Get-ADUser -Filter 'PasswordNeverExpires -eq $false' -SearchBase "CN=Users,DC=contoso,DC=com" | Set-ADUser -PasswordNeverExpires $true

Make sure you understand the security repercussions of this before you do it. In most cases this is a bad thing, but there are exceptions.

tk

ShortURL: http://www.toddklindt.com/PoshPasswordExpires

February 05
Podcast 234 - Haven't Made the Cut

In tonight's episode I talk about some big new announcements in SharePoint land. First, Microsoft puts to rest any rumors about whether there will be another version of on-premises SharePoint. Spoiler alert, there will be. It's coming later this year. The next version of SharePoint will be discussed at Ignite this summer and we talk about that some. We follow that up with a lively discussion on newly published developer guidance for SharePoint developers. Then we talk about the adorable little Raspberry Pi 2, and getting Windows 10 on a machine with no DVD drive. All that and more in Episode 234.

Audio File

Video File

Podcast 234 - Haven't Made the Cut (Time 0_06_02;11)

YouTube (Subscribe)

Running Time: 42:22

Links:

03:45 - Podcast Awards
06:25 - Evolution of SharePoint
14:15 - First round of Ignite sessions
16:30 - New Guidance from Microsoft for Packaging and Deploying SharePoint Solutions
17:22 - Microsoft Virtual Academy
20:13 - Using CSOM in PowerShell scripts with Office 365
26:30 - Here is everything you know about the Raspberry Pi 2!
31:11 - How to create Windows 10 install media
36:42 - Microsoft Utility to Create Media

Brought to you by Rackspace

ShortURL: http://www.toddklindt.com/Podcast234

February 02
Podcast 233 - Because the Worm had Disabled It

In tonight's podcast I account my tale of woe after buying some new hardware. You will likely cry before it's over. Then I bring it up with some good news about Dropbox and and Windows Phone. After that I get into some of my favorite things that were announced last week at Microsoft's Windows 10 event. I finish up with some news on Office 2016.

Audio File

Video File

Netcast 233 - Because the Worm had Disabled It (Time 0_21_07;08)

YouTube (Subscribe)

Running Time: 42:22

Links:

16:20 - Dropbox client for Windows Phone available
19:45 - Download January 2014 Preview ISO
21:30 - Free upgrade from Win 7 or 8 in the first year
27:10 - Windows RT is dead
33:34 - Office 2016 Preview video

Brought to you by Rackspace

ShortURL: http://www.toddklindt.com/Netcast233

1 - 10Next
 

 Subscribe to my Netcast

 

You can watch my SharePoint Netcast live every Monday night at 8:30 Central US time at http://www.toddklindt.com/Netcast

You can subscribe to my SharePoint Netcast in the following four ways:

MP3 Audio

Windows WMV video

iOS M4V video

YouTube Channel

 

 Pro SharePoint 2013 Admin

 
 

 SPDocKit

 
 

 Please Support My Sponsors

 
 

 Upcoming Events

 
There are currently no upcoming events.