Microsoft to withdraw support for VBscript

Posted on By Mark Wilson

OK, we’ve all heard of Microsoft trying to withdraw support for a product (NT 4.0 anybody?), but at a recent partner event they stated that support for VBscript is to be phased out. Apparently there is a replacement product codenamed Monad, which will allow the scripting of console applications. When I pushed for timescales, I was told that it won’t be tomorrow, but could be as soon as 12-18 months before VBscript is withdrawn.

Expect to see an outcry soon from Windows system administrators everywhere!

Microsoft Windows XP Service Pack 2 overview

Posted on By Mark Wilson

A couple of weeks back I was at a Microsoft-hosted event to prepare partners for Windows XP Service Pack 2 (SP2).

The invitation to the event had intrigued me – after all I seem to remember Microsoft making a statement that there would be no new functionality in service packs – how could there be a 1-day event in preparation for a service pack?

Well, it seems that SP2 will be a big headache for many system administrators – and some of the reasons why are pointed out below.

Don’t confuse SP2 with XP Reloaded!

XP Reloaded is not a product – Microsoft says it’s a value-added initiative for XP (marketing hype to you and I).

So what is SP2?

SP2 is part of Microsoft’s Springboard initiative, which is basically about getting secure and staying secure. Springboard starts with SP2, but also includes Windows Update 5.0, Windows Installer 3.0, Windows Update Services (formerly Software Update Services) 2.0 and Windows Server 2003 Service Pack 1.

Springboard is a direct response to the ever closing gap between security updates and the associated exploits. Looking at some recent exploits, the days between patch release and exploit is become alarmingly close – especially when many of us need to test patches fully before deployment. Hiding behind a corporate firewall is no good either – many threats are from within the perimeter – laptops taken home, personal e-mail, etc. According to Microsoft: Nimda followed the Microsoft patch 331 days later; SQL Slammer 180; Welchia/Nachi 151; Blaster 25; and Sasser took just 17 days.

SP2 is a collection of patches and operating system enhancements, designed to improve security. The top line is that XP systems running SP2 will offer enhanced security through:

  • Resilience – through networking protection; data execution prevention; greater control when browsing; and more secure e-mail/instant messaging.
  • Management – through group policy enhancements.
  • Visibility -through Windows Security Center; and Internet Explorer (IE) user interface enhancements to provide more information.

And what isn’t SP2?

SP2 is not a “silver bullet”. It doesn’t protect customers from viruses and prevent data loss. What it does do is make it harder for a hacker to get through multiple levels of security.

So what does SP2 mean to you?

If you run Windows XP on your organisation’s PCs, or if your customers run Windows XP you cannot ignore SP2.

The key messages are:

  • For everyone with a web presence: Alert your customers that their web site experience may change if they run SP2.
  • For ISVs: Test your products against SP2 and make code changes where necessary.
  • For Windows XP customers: Rigorously test applications against SP2 before deployment.

When Microsoft rolled out SP2 internally, the key issues were around IE and the new Windows Firewall. 73% of issues were IE-related. 68% of these problems are fixed in later versions of SP2, but 32% require further action in order to make the application compatible.

Some SP2 features

The following gives a flavour of some of the new features in SP2:

  • The new Windows Security Center ties together many security elements into a new control panel applet. The most significant of the new features is the Windows Firewall (previously Internet Connection Firewall), which is now turned on by default for all connections and is loaded earlier in the boot process (in the kernel). For organisations using Microsoft Active Directory (AD), the firewall is controllable via group policy, with both domain and standalone profiles. It supports exceptions on a global or a subnet level, as well as the concept of application ports, which are opened only when an application is running, with any outbound traffic being allowed, but inbound only for a few seconds following an outbound request. The firewall also disables file and print sharing for all but the local network.
  • The Windows Firewall can be configured using a variety of methods including: the netsh command (which is scriptable); the netfw.inf file (during installation – developers can find the information they need on this in the Windows XP Service Pack 2 SDK); through the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityCenter; using a new group policy template; or directly through the Windows user interface.
  • Some administrative tools will not work under SP2 as the Remote Procedure Call (RPC) service no longer allows anonymous logons (although exceptions can be configured in a new RestrictRemoteClients registry key).
  • DCOM now separates Everyone from Anonymous such that it now behaves more like Authenticated Users. This means that there are now two permissions levels (Launch and Access) for each of three security contexts (Administrator; Everyone; and Anonymous), configurable in Component Services.
  • The Add/Remove programs applet has some user interface enhancements including a new “show updates” checkbox.
  • The Alerter and Messenger services are now disabled by default.
  • Windows Messenger will now block unsafe file transfers (using a MIME sniff to check the file type – so its no good just changing the extension).
  • Outlook Express now uses plain text by default with an link to view HTML content where appropriate. There are also changes to the dialogs around attachment opening.
  • Basic authentication over HTTP is disabled by default under SP2 RC1, although it is rumoured that this will be dropped from the RC2 and RTM version of SP2.
  • The MS JVM is not removed or installed by SP2 (just left at the current state); however there is a new Microsoft Java VM which will only disable the MS JVM, rather than all JVMs (Sun JRE etc.).
  • IE now includes a popup blocker, as well as changes to the default security options. The new IE information bar traps ActiveX content in websites until the user enables it and all ActiveX components must be signed (including the installer). The popup blocker could have a major impact on websites that resize windows, etc. – and even adding a site to the trusted sites list (stored in HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow) will not allow some code to execute. Some of these settings can be overridden using group policy, although Microsoft were at pains to stress that these security enhancements are there for a reason and should not simply be turned off. As for Windows Messenger, MIME handling is used to enforce file type restrictions within IE. All of the security enhancements for IE are per security zone and exceptions can be specified.
  • SP2 supports No eXecution (NX) zones, although hardware support for this is limited at this time. These avoid buffer overrun attacks by splitting RAM into data (NX) and executable. Just In Time code will fail, unless explicitly marked with execute permissions when memory is allocated.
  • There are also changes to the Automatic Updates default client settings.
  • The Windows Security Center runs as a service and slightly annoyingly (but this is always going to be a problem where the code base is shared between consumer and professional versions of an operating system), it uses a different UI when running in workgroup mode; however it does highlight to users when they are not running up-to-date anti-virus (AV) software. Beware that some AV products may not be picked up by the Security Center even if they are present – of course Microsoft say that they have been working with leading vendors, but expect to see a raft of new AV products hitting the market soon.
  • Under SP2, wireless networking now has a new interface and there are new wizards for establishing WiFi and Bluetooth connections.

Other Springboard products

Windows Update 5 will feature a number of enhancements with a revised layout, drawing together content from the current Windows Update and Microsoft Update sites.

Windows Installer 3 will allow: smaller and more reliable patches; patch removal; and sequencing of patches.

Another new upcoming feature is an uninstaller for Windows Media Player 9 (only if installed on top of Windows XP – not if slipstreamed), along with revised license management.

Timescales

So when are we going to see SP2?

The current estimate is for release to manufacturing (RTM) in Summer 2004. According to Microsoft, over a million people are running the release candidate 1 (RC1) version, and RC2 is imminent (May/early June – but as the event was on 27 May, that seems unlikely).

And Windows Server 2003 SP1? The current estimate is Q1/05.

Preparing for SP2

The key areas in preparing for SP2 are to:

  • Plan testing and resources – this will identify how big a problem SP2 will be for your organisation to try and see what issues will be hit;
  • Test external web sites against SP2 – as part of their contracts, OEMs must move to SP2 within 90 days of RTM. That means that external clients with new PCs will be rolling SP2 out almost straightaway. There is also a rumour that Microsoft may classify SP2 as a critical update to force adoption;
  • Test internal applications on SP2;
  • Install all packaged applications (MSIs) and try each one on an SP2 computer – the main problems will be with DLL conflicts where the SP2 version is overwritten by the MSI installation.
  • Plan and test a deployment technique – this could be via SUS, SMS or Windows Update, but beware, SP2 is big!

Testing applications with SP2

Microsoft provides an Application Compatibility Toolkit which can be used to identify installed applications and then verify them to allow identification of known fixes, or where required to target remedial work with developer/vendors; although the SP2-aware version (v4.0) is some way off at the time of writing.

Applications should be tested on SP1 and SP2 PCs, to allow comparisons to be made and if necessary, any issues to be rectified. Following testing, applications can be ranked to allow an assessment of deployment risks, i.e. application is compatible; application requires basic compatibility modifications; application requires extensive modifications; application is incompatible. Once this analysis has taken place, the application benefits can be compared with the risk of not applying SP2.

For troubleshooting:

  • Installation: I have not installed SP2 (because I don’t run pre-RTM code on my laptop) but from what I have heard, even once you have downloaded a copy, it takes a considerable time to install (30 minutes, if virus checking is turned off). Most of the known issues with installation are hardware issues on tablet PCs, but there may also be problems where permissions have been changed in local policies. Also, some product keys that are known to have been compromised will no longer work under SP2.
  • Internet Explorer: Due to the significant changes that SP2 introduces to the browsing experience, IE will be one of the areas where many problems occur. Issues can be isolated by: attempting to replicate the problem on a computer with SP2 and all subsequent updates; adding the problem site to the trusted sites list; lowering security; and finally by switching off features introduced in SP2 via group policy or in the Tools menu. Once isolated, appropriate action can be taken and any features that have been disable may be re-enabled as appropriate.
  • Windows Firewall: The Windows Firewall is another significant change. Under SP2 it is enabled by default, for both domain and standalone profiles and because the firewall also disables file and print sharing for all but the local network there will be some inevitable problems for laptop users who take their PCs home. Exceptions may be required for management agents and administrative tools to work as required, and for remote desktop. Firewall activity is logged to %systemroot%\pfirewall.log.
  • DCOM and RPC: DCOM and RPC no longer allow unauthenticated connections by default. For DCOM, this can be changed in Component Services, and for RPC via the registry. Remember that DCOM is reliant on RPC.

Getting hold of SP2

SP2 is currently around 275MM, although this includes debug code at present and will shrink before RTM. It will be made available on CD, or via a smaller “express installation” for the web, although even that is 80Mb (about 9 hours on a dial-up connection!). Registered users will receive a free CD with SP2. A fully slipstreamed build will also be made available, and other languages will follow approximately 4 weeks after RTM.

Links

Windows XP Service Pack 2 Technical Preview Program
Group Policy Settings Reference for Windows XP Professional Service Pack 2 Release Candidate 1
Windows Application Compatibility Toolkit 3.0
Windows Update Version 5 Beta
Windows Update Services Open Evaluation Version

Slow network copies – duplex mismatch?

Posted on By Mark Wilson

Whilst copying some files across the network today it seemed to me that the operation seemed to be taking much longer than it should. It looks like there may have been a duplex mismatch as setting the network interface cards to 100/full instead of auto seemed to fix the problem.

I’m not sure if this is entirely accurate, but I remember an ex-colleague of mine telling me that the network speed can be auto-detected but auto-detecting the duplex is less reliable.

Returning the cluster service on a Windows Server 2003 server to an unconfigured state

Posted on By Mark Wilson

Over the last few weeks, I’ve been investigating some issues with a clustered server configuration. After having had to rebuild the servers on a number of occasions, I found the advice to return the cluster service to an unconfigured state in Microsoft knowledge base article 282227 extremely useful.

Scripting page file modifications for Windows 2000, XP and Server 2003

Posted on By Mark Wilson

A useful new feature of Windows XP and Windows Server 2003 is the PagefileConfig utility (pagefileconfig.vbs) which enables an administrator to display and configure a system’s virtual memory settings from the command line.

As this new feature is implemented as a Visual Basic script, I tried it on Windows Server 2000 and it works – with one proviso – before running the script, I needed to copy the cmdlib.wsc windows script component from Windows Server 2003 and register it (regsvr32 cmdlib.wsc /s). Just to be sure about the state of my Windows 2000 server, once the page file modifications had been made, I unregistered cmdlib.wsc (regsvr32 /u cmdlib.wsc /s) and deleted the file.

Of course, on useful parameter to have when scripting page file operations is the amount of physical RAM installed in the computer. For this, I used the getram.vbs script from Rob van der Woude’s scripting pages.

HP lights-out configuration utility

Posted on By Mark Wilson

One of the most significant additions to server hardware in recent years has been the inclusion of on-board management facilities. HP, IBM and Dell all have their own hardware implementations, but I’ve been looking at a great piece of software for the Compaq/HP remote insight lights-out edition (RILOE) cards – the HP lights-out configuration utility (cpqlocfg.exe). This can be used (along with appropriate security credentials and an XML configuration file) to remotely manage servers from the command line, for example:

cpqlocfg -s ipaddress -v -f poweron.xml

poweron.xml is a modified version of one of the HP-supplied sample scripts which logs on to the server, sets write access and turns the power on. Full documentation on the scripting interface is available from the HP website.

Scripting changes to resource permissions in Windows

Posted on By Mark Wilson

Earlier today, I needed to include some registry permissions changes within a command line script that I was writing. Microsoft knowledge base article 245031 discusses a method using the regini.exe resource kit tool for Windows NT 4.0; however, for Windows 2000, XP and Server 2003 there is the SubInACL utility (subinacl.exe) which is far more powerful and much easier to use, enabling administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain.

Disabling the Configure Your Server Wizard

Posted on By Mark Wilson

As useful as it may be for some administrators, I don’t want the Configure Your Server Wizard to appear each time I log on to one of my servers. Microsoft knowledge base article 289080 details a quick registry change to prevent the wizard from starting automatically when new users log on to the computer. Of course, it is also possible to select the checkbox not to display the page at logon, but this registry key is useful for setting via a group policy, or as part of an unattended build process.

Understanding and developing with SharePoint products and technologies

Posted on By Mark Wilson

I recently attended an event at Microsoft about understanding and developing with Microsoft SharePoint services. I should point out that I’m not a developer, so some of the development topics meant very little to me, but I have reproduced the bits I understand here anyway!

The need for collaborative applications

According to a 2002 report by Gartner: employees get 50%-75% of their relevant information directly from other people; more than 80% of enterprise’s digitised information reside in individual hard drives and in personal files; and individuals hold the key to the knowledge economy with most of that knowledge being lost when they leave the enterprise. Not surprisingly, Microsoft has interpreted this as a need to provide easy to use and effective collaboration tools and technologies, citing that CEOs recognise that improving knowledge worker productivity will play a major role in their business’ ability to compete.

SharePoint products and technologies

Microsoft claims that its SharePoint products and technologies strategy facilitates a consistent rich experience for users, developers, and IT staff; smart connections for people, teams, divisions or the enterprise; and will support flexible deployment – bottoms-up, centralised, or hybrid on large scale farms.

Despite Microsoft’s claims, this SharePoint products and technologies naming can be confusing as Microsoft actually has two separate products which use the SharePoint name. The basic Windows SharePoint Services (WSS) product is shipped with Windows Server 2003 whereas SharePoint Portal Server (SPS) is a chargeable product which provides extra functionality, bringing SharePoint sites together as a single portal, to make them navigable, searchable, and adding enterprise level features such as:

  • Hierarchical navigation and category services with areas and topics.
  • Publishing and alerts.
  • Search/cross-enterprise indexing (using an okapi probabilistic ranking algorithm).
  • Line of business integration and single sign on (SSO) and BizTalk integration.
  • Document management (alerts, version control and check-in/out).
  • Profiling system.
  • Personalisation (My Sites).

WSS is actually v2.0 of the earlier SharePoint Team Services (STS) product but whereas STS v1.0 only shared the SharePoint name, WSS and SPS are now very tightly integrated. Nearly all SharePoint content is stored in a SQL Server (or MSDE) database.

Microsoft is positioning SharePoint as a platform for an integrated work environment with:

  • Application integration – providing a single place where knowledge workers go to to their work (in context), improving efficiency. Because Office 2003 applications integrate with WSS, Word’s Research Pane can be used to search across the Internet, or a SharePoint-based intranet; by adding document properties to a view (using the same names as in Word), Word document properties can be displayed on a SharePoint site; another example of Office product integration is using InfoPath 2003 for electronic forms, stored and accessed via a WSS forms library, allowing the data to be queried, merged, etc.; Outlook 2003 is SharePoint aware and gives users the option of creating a document workspace, rather than sending an attachment many times over. Users don’t have to be on the latest versions of Office to benefit from SharePoint integration but each new version provides tighter integration and greater functionality: Office 2000 users can save and retrieve documents to a SharePoint repository; Office XP allows users to manage SharePoint lists; but it is Office 2003 that provides the greatest level of integration including colleague presence, instant messaging and site creation directly from Office System applications.
  • Collaboration – out of the box, WSS can be used to manage document lifecycles using document workspaces; facilitate organisation of meetings with meeting workspaces and their integration with Outlook 2003; facilitate communication and build consensus with forums for discussion of team activities and surveys to gather information on team status. Through integration with Live Communications Server (LCS), SharePoint is able to show team members of sites or workspaces as being online or offline to allow instant messaging if desired. Finally, with SPS, notifications and alerts can be sent when chosen documents (or entire lists) change or are added, improving workflow.
  • Personalisation – provided through SPS’s MySite functionality, a personal site where users can save their own private data and make some of that data public but one which also allows for built-in functions to allow viewing of content directed at audience groups that the user is a member of.
  • Scalability – because SharePoint is based on the .NET Framework and SQL Server 2000 it will scale up for improved performance. It will also scale out to a three tier application architecture with separable components for web rendering, database, searching and indexing, allowing web servers to be added as the load increases and SQL storage to be added as the data increases. SharePoint also supports the use of storage technologies such as SANs for disaster recovery and multiple server farms working together.
  • Customisation/extensibility functionality – SharePoint sites, lists and views can be customised in Internet Explorer or with FrontPage. Whilst FrontPage is not required to customise WSS, it does allow a lot more flexibility (especially when working with web parts). No coding is required for immediate use of SharePoint, but it is extensible using its ASP.NET object model which allows the creation of web parts and direct mode .ASPX pages.
  • Manageability – SharePoint provides improved administration with flexible roles to control site usage, specifying quotas and removing dead sites, as well as more granular management for backup and restoration.

SharePoint architecture

Windows SharePoint Services (WSS) Architecture

SharePoint works by installing an ISAPI filter in IIS, which separates content into static content – including folder views, via distributed authoring and versioning (DAV) – and dynamic content.

The dynamic content is further separated into application pages (direct mode) and user pages (safe mode), which are generally more fluid.

A web part is an ASP.NET server control which is deployed as an assembly. Web parts cannot be run unless they are safe (in order to prevent users from adding their own web parts that may have undesirable effects).

Direct mode pages reside in the file system of the web server and are processed with the standard ASP.NET runtime processing model. Direct mode pages are available for all sites on a server computer and are placed in the _layouts directory whilst _vti_bin contains a set of web services which may be called remotely.

Safe mode pages exist within the content database and can be customised and personalised; however they can only use web parts marked as safe and can not directly use in-line scripts.

When a site is created, user is specified as the site administrator. A template is then applied to the site and either shared or individual versions of pages may be modified. Each page is divided into zones, which are used to control the areas of the page which can be customised (e.g. the left zone may be fixed).

The okapi ranking used by SPS for search results is interesting – rather than using Windows’ Indexing Service, SharePoint has it’s own crawler/indexer and then uses the okapi algorithm to rank the results, so the whole process is similar to:

  1. First expand the query to think about which columns make the most sense – weigh particular terms and fields as more important at query time (avoiding re-indexing to change weightings). Also coerce a field called the best bets field and make it really important in the overall ranking.
  2. Break the query terms down and get alternate term forms (stemming – ran, running etc.) doing this in the query maintains the fidelity of terms in the index, and expand the thesaurus for related terms.
  3. Now do the recall phase – find all the documents that match one of the terms in the query – this will result in a large list which is then trimmed down to the documents that a user has access to, and only the documents within the scope of the query.
  4. Finally, allow the probability algorithm to do the precision phase – ranking the best fit documents at the top of the list.

Web parts are installed using the SharePoint Administration Tool (stsadm.exe). This tool also allows items to be saved as a template and brought in to another site, e.g. between development, test and production sites. Additionally, a whole site can be saved into a template library.

Using the stsadm.exe tool to deploy web parts requires a .CAB file (built with Visual Studio) containing:

  • WebPart assembly.
  • Description of contents (manifest.xml).
  • Description of web part (as a .DWP file).

Example stsadm.exe command lines are:

  • stsadm –o addwpppack –filename mycab.cab
  • stsadm –o deletewppack –name mycab.cab
  • stsadm –o enumwppacks

For security, SharePoint can use either Active Directory (AD) or the local security database. Because of this, anonymous access is supported, as is use of built-in AD groups.

Administrators and developers should be made aware that when WSS is installed (onto a server with IIS), it installs into the default web site and makes drastic changes to the web.config file , for example, directing *.ASPX to SharePoint and setting the trust level to WSS_Minimal. Because of this, any existing applications running on the default web site will probably not work and although the changes can be undone, it is probably easiest to install WSS onto its own server (or to move other web applications to their own web site prior to installation).

Developing with SharePoint

SharePoint uses its own object model to create the user interface, so there are no hidden
APIs; however to develop on a Windows XP machine (where WSS will not be available), a few additional DLLs from WSS will be required:

  • Microsoft.SharePoint.DLL
  • Microsoft.SharePoint.Portal.DLL
  • Microsoft.SharePoint.Portal.SingleSignOn.DLL
  • Microsoft.SharePoint.Security.DLL

There is also a SharePoint products and technologies software development kit (SDK), which contains a single file (spptsdk.chm).

SharePoint supports a number of application types:

  • Web parts.
  • .ASPX pages.
  • Console/Windows tools.
  • Document library events.
  • Remote client via web services.

Web parts can be used in either static or dynamic scenarios and are rendered through RenderWebPart(HtmlTextWriter). Each web part cab have custom properties, the values for which can be stored per-zone (Storage.Shared) or per-user, per-zone (Storage.Personal) and the attributes for which are used to control storage, default values and the property user interface. Web parts can make use of child controls in order to achieve their requirements and support connection interfaces to allow the parts to communicate with each other at run time (e.g. as consumer and provider for a cell, list or row). Connections can be either client side or server side but cannot be mixed.

When deploying web parts, ASP.NET needs to be able to find the web part assembly, which can either be placed it in the global assembly cache (GAC) or placed in a private bin folder for the web site. Additionally, types have to be marked as safe in web.config. In order to load the web part into SharePoint, it must be packaged as a .DWP file.

Code cannot exist inline on a page within the site and creating pages in the _layouts directory is often the best option for custom .ASPX applications on top of SharePoint as it allows the page to be accessible from any site. For example, if mypage.aspx exists in in _layouts, it is accessible from the following URLs:

  • http://myweb/_layouts/myapp/mypage.aspx
  • http://myweb/subweb/_layouts/myapp/mypage.aspx

.ASPX pages run using the context of the web under which they is running.

A console tool is the best option for writing code that performs operations on multiple sites (e.g. list the URL and size of each site on the farm; or process all document libraries and archive file versions more than six months old).

SharePoint supports events on document libraries with operations such as add, update, delete, check-in, check-out, etc. Events are asynchronous and call the IListEventSink managed interface, running in the context of the IIS worker process.

SharePoint also has a web services APIs for accessing content remotely (e.g. from a Microsoft Office 2003 application). The web services layer is built on top of the server object model and allows manipulation of lists, webs, views, list items, etc. Functionality is similar to the server object model, but with fewer interfaces optimised to minimise transactions. Web services are added as web references in Visual Studio.NET and available web service include:

  • lists.asmx (list information).
  • webs.asmx (web information).
  • views.asmx (view information).
  • alerts.asmx (alerts).
  • admin.asmx (administering sites).
  • permissions.asmx, usergroups.asmx (site permissions).
  • versions.asmx (file version information).
  • infoforms.asmx (form information).

It will often be necessary to send the logged on users’ credentials from the client in order to make use of web services. This may be achieved by adding the following code in the web reference object’s constructor:

public Lists() {
this.Url = http://server/_vti_bin/lists.asmx;
this.Credentials=System.Net.CredentialCache.DefaultCredentials;
}

Besides using SharePoint’s own web services, it is possible to build custom web services and place them in the _vti_bin directory.

The SharePoint Object Model
The SharePoint object model has four top-level objects:

  • SPWeb (represents an individual site).
  • SPSite (represents a site collection, which is a set of web sites).
  • SPVirtualServer (represents a virtual server).
  • SPGlobalAdmin (used for global administration settings).

In order to perform actions on data within a web, it is necessary to first get an SPWeb object (e.g. SPWeb MyWeb = SPControl.GetContextWeb(Context);)

The complete object model is grouped into lists, files (documents), security and administration:

  • Lists – use these objects under the Microsoft.SharePoint namespace to view and edit data in SharePoint lists:
    • SPList (basic list object for getting to list data).
    • SPListCollection (collection of list objects).
    • SPListItem (item/row in a list).
    • SPListItemCollection (collection of list items).
    • SPView (view of a SharePoint list).
    • SPField (field/column in a list).
    • SPListTemplate (template for a list).
  • Files – use these objects under the Microsoft.SharePoint namespace to access document files in SharePoint sites:
    • SPFile (file object).
    • SPFileCollection (collection of files).
    • SPFileVersion (version of a file).
    • SPFolder (folder object).
    • SPDocumentLibrary (document library object).
    • SPDocDiscussion (discussions on a file).
    • SPDocTemplate (used when creating a new file).
  • Security – use these objects under the Microsoft.SharePoint namespace to edit access rights and security information:
    • SPUser (user object).
    • SPRole (site group object).
    • SPGroup (cross-site group object).
    • SPPermission (assigned permissions).
    • SPRightsEnumeration (available permissions).
  • Administration – use these objects under the Microsoft.SharePoint.Administration namespace to edit server-wide administrative settings.
    • SPGlobalAdmin (top level administration object).
    • SPVirtualServer (virtual Server object).
    • SPQuota (storage/user quota limit object).
    • SPGlobalConfig (configuration options).
    • SPSiteCollection (collection of sites on a virtual server).

In terms of mapping the user interface onto the object model terminology:

  • Site Collection = site.
  • Site = web.
  • Top-level site = rootweb.
  • Subsite = subweb.

Tips and Tricks

Paul Appleby, from Microsoft UK’s Developer and Platform Group, gave the following advice for developing applications with SharePoint:

  • Keep objects around. If objects are created and destroyed objects frequently, extra SQL queries will be required.
  • In spite of the point above, free objects when they are no longer required, calling close or dispose on web and site objects.
  • Use SPWeb Web = SPControl.GetContextWeb(Context); to get the current SPWeb object from a web part or .ASPX page.
  • SPGlobalAdmin and SPSite are the only SharePoint objects created with new. All others are opened from another object.
  • The URL taken by the SPSite constructor must be absolute, and must refer to the actual computer name, not the load-balanced name.
  • Send the user’s credentials to the server when using web services to access data in SharePoint sites and include <sharepoint runat="server" /></sharepoint> in any .ASPX page that needs to make updates.
  • To optimise performance, use foreach() to step through collections. Iterating through collections by index can result in unnecessary database calls to collections such as lists. Items are expensive. Preserve the collection rather than requesting it again.
  • For best performance, use SQL Profiler to minimise the number of queries that an application makes to the database.

Links

Microsoft SharePoint products and technologies.
Microsoft SharePoint products and technologies software development kit (SDK).