Troubleshooting the awesome “RadEditor” for SharePoint

After using the Telerik “RadEditor for SharePoint 2007 Lite” for a few months, I decided that we should purchase the full version of the product. A piddly $350 gets you the right to run the full version of this most incredibly useful tool on all of your SharePoint sites. When was the last time that you bought anything for your servers for $350?

If you have not seen RadEditor before, you need to:

I did run into a brief hiccup in installation, though. After installing the software and deploying it as a solution from SharePoint central admin, I found that regular users could not activate the RadEditor feature on their sites. We get the intimidating “403 Forbidden” error…

After a good deal of head pounding, it is SysInternals to the rescue again:
I loaded up ProcMon, set a filter for the SharePoint service accounts, and another filter for Result = “ACCESS DENIED”. Lo and behold, the WSS service account is getting “ACCESS DENIED” to the following files:
C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12TEMPLATECONTROLTEMPLATESRadEditorList.ascx
C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12TEMPLATEFEATURESRadEditorFeatureRadEditorList.ascx

Interestingly, the WSS service account actually does have R/W access to these files. However, recall that the WSS service account actually impersonates the credentials of the user currently logged in to SharePoint. We note in the ProcMon event details the following:
Desired Access: Generic Write, Read Attributes
Disposition: OverwriteIf
Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File
Attributes: A
ShareMode: Read, Write
AllocationSize: 0
Impersonating: CAMPUS[UserID]

Eureka! The SharePoint end user needs to be able to over-write these files! Sounds a bit shaky from a security perspective, but if we grant the R/W access to these files to all SharePoint users, we find that problems with site feature activation disappear.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s