After using the Telerik “RadEditor for SharePoint 2007 Lite” for a few months, I decided that we should purchase the full version of the product. A piddly $350 gets you the right to run the full version of this most incredibly useful tool on all of your SharePoint sites. When was the last time that you bought anything for your servers for $350?
If you have not seen RadEditor before, you need to:
I did run into a brief hiccup in installation, though. After installing the software and deploying it as a solution from SharePoint central admin, I found that regular users could not activate the RadEditor feature on their sites. We get the intimidating “403 Forbidden” error…
After a good deal of head pounding, it is SysInternals to the rescue again:
I loaded up ProcMon, set a filter for the SharePoint service accounts, and another filter for Result = “ACCESS DENIED”. Lo and behold, the WSS service account is getting “ACCESS DENIED” to the following files:
C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12TEMPLATECONTROLTEMPLATESRadEditorList.ascx
C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12TEMPLATEFEATURESRadEditorFeatureRadEditorList.ascx
Interestingly, the WSS service account actually does have R/W access to these files. However, recall that the WSS service account actually impersonates the credentials of the user currently logged in to SharePoint. We note in the ProcMon event details the following:
Desired Access: Generic Write, Read Attributes
Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File
ShareMode: Read, Write
Eureka! The SharePoint end user needs to be able to over-write these files! Sounds a bit shaky from a security perspective, but if we grant the R/W access to these files to all SharePoint users, we find that problems with site feature activation disappear.