Bulk modification of SharePoint sites

Ever need to modify all of the sites in a SharePoint web application?  I never had to do this until we decided to roll out the powerful Telerik radEditor to all of our sites.  In the past, radEditor was scoped “globally”, meaning that once installed to the Web App, all sites started using it.  However, the current release is scoped “per site”.  To activate on all sites, we have to do a few things (well, a lot of things, really):

Here is the blow-by-blow:

  • Retract radEditor Lite (global scope version)
  • stsadm -o retractsolution -name radeditormoss.wsp
  • Download and install radEditor Full
  • Modify the “ONET.xml” file for each site template so that future sites have radEditor pre-activated
    • You will find one ONET.XML per site-template.  This file is located in the <Template>Xml subdirectory of “C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12TEMPLATESiteTemplates”
    • In the <WebFeatures> section of each ONET.xml, add the following:
    • <!– radEditor MOSS Feature –>
      <Feature ID=”747755CD-D060-4663-961C-9B0CC43724E9″ />
      <!– radEditor MOSS IE Feature –>
      <Feature ID=”F374A3CA-F4A7-11DB-827C-8DD056D89593″ />

  • obtain rights required to bulk-mod all sites
  • enumerate all site collections, convert to a usable control file
    • From “CMD”, run:
      stsadm -o enumsites -url [SharePointWebAppURL] > [enumsitesXMLfile]
    • The UNIX utility “CUT” will be used to trim out all XML code from the output file.  Sadly, there appears to be a bug in “CUT when executed from within CMD that prevents further standard output redirection or pipelining, so we now switch to a UNIX shell (cygwin “bash”, or the UnxUtils SH.exe):
      cat [enumsitesXMLfile] | cut -f2 -d” -s > [enumsitesTXTfile]
      unix2dos [enumsitesTXTfile]
      (We are “cutting” after the first text delimiter (or “field 2”) using the quotation mark as the delimiter.  Note that the quote character (“) needs to be escaped (). Use of UNIX2DOS will convert the UNIX-style output file to Windows semantics.)
  • enumerate all subwebs of all sites
    • FOR /f %s IN ([enumsitesTXTfile]) DO stsadm -o enumsubwebs -url “%s” | find “<Subweb>” > [subwebXMLfile]
    • In BASH:
      cat [subwebXMLfile] | cut -c11- | cut -f1 -d< > [subwebTXTfile]
      unix2dos [subwebTXTfile]
      (Here we use “cut” to trim after the 11th character in the source file, and then agan after the first “” character.)
    • Consolidate sites and subwebs into single control file
    • type [subwebTXTfile] > [masterTXTSiteList]
    • type [enumsitesTXTfile] >> [masterTXTSiteList]
    • Using GnuWin32 “sort” command:
      sort -du [masterTXTSiteList] > [masterSortedTXTSiteList]
  • Batch activation of radEditor features using the control file
    • FOR /F %s IN ([masterSortedTXTSiteList]) DO stsadm -o activatefeature -name radEditorFeature -url “%s” & stsadm -o activatefeature -name radEditorFeatureIE -url “%s”

    Taking Control of SharePoint

    Ever since we migrated from WSS 2.0 to 3.0, I have been stymied by site collection permissions issues.  Under 2.0, SharePoint server administrators had access to everything, but under 3.0 they get nothing.  I was getting pretty sick of not being able to manage SharePoint site collections from the command line.  Fortunately, there is a solution… it lies in the “Policy for Web Application” in the Central Admin site (or in the “-o changepermissionpolicy” option of stsadm.exe):


    Become Administrator of the Entire Web Application – The SharePoint Farmer’s Almanac

    To grant a user or group administrator access to a given web application do as follows.

    1. Go to SharePoint Central Administration.
    2. Click on the Application Management tab.
    3. Under Application Security click on Policy for Web Application
    4. Click Add Users
    5. Confirm your settings on the screen (defaults should be what you want) and click Next
    6. Now enter your user or group of users
    7. Click the box beside Full Control ? Has full control.
    8. Click Finish

    Changes in Windows Deployment Technology

    [This article is an updated version of the “What’s new in the Campus domain?” article, previously published in the Spring 2007 IT-News]

    In Spring 2007 we introduced you to two new tools in the Windows Deployment arsenal at UVM.  Further work on and refinement of these tools continues.  If you are interested in developing for, deploying with, or training on these tools, please contact Greg Mackinnon in the ETS Systems Architecture and Administration department.

    A second quick overview on these new technologies follows:

    Windows DS:

    With the release of Windows Vista, Microsoft replaced their venerable “Remote Installation Service” (RIS) with an entirely new product: “Windows Deployment Services” (or Windows DS).  You can learn more about Windows DS here:
    RIS has been in use at UVM since 2003.  This year, Back-to-School systems will be deployed using Windows DS rather than RIS. 

    At the present time, we have installed the Windows DS software on our central imaging servers, SYSIMG1 and SYSIMG2.  We have converted all legacy Windows XP RIS images into the new “Windows Image Format” (WIM) used in Windows DS, and made these images available on the servers.  Use of RIS will be phased out sometime this year.

    “LiteTouch” Deployment:

    To complement the Windows DS service, Microsoft also has released a major update to their Business Desktop Deployment (BDD) toolkit.  This toolkit includes the wonderfully handy “LiteTouch” deployment system.

    LiteTouch is an unattended OS deployment tool.  Unlike the image-based technologies “RIS” and “WIndows DS”, LiteTouch performs a full OS install.  When deploying via LiteTouch, you start the target computer using special boot media (USB flash drive, CD-Rom, or NetBoot), answer a few questions about how you would like your system configured (choose your OS, applications, and configure domain-joining options), and then let LiteTouch do the rest.  When done, you will have a fully-patched OS with most or all of the drivers and applications necessary to get your job done already installed.

    LiteTouch has the potential to replace RIS and Windows DS for most system deployments on campus.  In the future, we most probably use image-based tools  for bulk-deployments only (i.e. for back-to-school distribution and lab deployments).  LiteTouch also has the potential to accelerate the image-development process; in fact, all of this year’s back-to-school images were generated using the LiteTouch system as a starting point!

    Many places on campus can start using Windows DS and LiteTouch deployment tools simply by “net booting” their computers.  However, network boot can be slow and is not available to everyone.  As an alternative, you can create a bootable CD or USB flash drive to access the servers.  Directions are available on the Campus domain file server:

    New Windows Software for Back-to-School

    There are several changes in the after-market software provided on the Back-to-School systems sold by the Microcomputer Computer Depot this year.  All of these new programs are available for download at the UVM Software Archive.  Here is a quick run-down on the most significant changes:

    New Software:

    • WinSCP / PuTTY:
      The venerable “SSH Communications Security” SSH/SFTP client provided on Depot systems in the past has not received an update since 2004.  As a replacement we will be using “WinSCP” (a graphical SFTP/FTP/SCP file transfer client) and “PuTTY” (a simple SSH console program).  Both are well-regarded, active Open Source applications.
    • Pidgin:
      Pidgin is the free, Open Source instant messaging program formerly known as “GAIM”.  It replaces the commercial instant messaging program “AIM”, and has the advantage of being spyware and adware free.
    • UVM Wallpaper Pack 2007:
      Our first annual (?) wallpaper pack is included on all new systems.  This is a collection of 20 regular and wide-screen formatted images from around the UVM campus.  These images are integrated into the “Desktop Background” control panel on Vista.
    • AVG AntiVirus:
      Owing to several significant bugs in the Symantec AntiVirus software used in the past, new student systems will ship with “AVG AntiVirus Free Edition”.  This is a temporary arrangement while replacement AntiVirus package is identified.  Because of restrictions on “corporate” use, this software will not be made available at the UVM Software Archive, and its use on University-owned systems is prohibited.

    Removed Software:

    In the interest of maintaining leaner, more stable base systems, the following applications will not be included on new computers:

    • AOL Instant Messenger (AIM)
    • Apple iTunes/QuickTime (not supported on Vista at the time of image development)
    • DivX Codec
    • Oracle Calendar (Still available on Faculty/Staff systems)
    • Nullsoft Winamp (No longer maintained
    • RealPlayer
    • SSH Communications Security SSH