Top 10 Bad Practices
SharePoint_ITP220
Ben Curry, CISSP, Microsoft SharePoint MVP
Agenda
 What is
a Best Practice?
 What is a Bad Practice?
 The Top 10 Bad Practices
See http://mindsharpblogs.com/ben for
details on each of these topics. I’ll be
writing on these for the next few weeks.
What is a Best Practice?
 Adapts
to culture, politics, business, and
security
 Intellectually Simple
 Practical application may be difficult 
 Aligns
with organizational strategy
 Intentional, Deliberate practice for a given
set of requirements
 Often different between verticals
What is a Bad Practice?
 Ignores
expert advice
 Doesn’t account for business requirements
 Directly conflicts with design, examples are:




SLA
Configuration management
Change management
Security Policy
 Ignores
corporate culture
Example Bad Practice
The Top 10 Bad Practices
It’s worth noting that every organization
will have a different set of the “Top 10”
#1 – No Implementation Methodology
 “setup.exe,
I Agree, Next, Next, Finish” is
chaos waiting to happen
 Pick one and stay with it
 ITIL, PMI, MSF/MOF, Agile, INCOSE
 See sessions by Paul Culmsee, Andrew
Woodward, and Ruven Gotz
 Should
align with corporate strategy
 Consistency is key
 Requires Stakeholder support
Minimum Implementation Plan:










Get the stakeholders involved
Gather requirements from the business people (the more
interviews, the better)
Create a project plan
Get some training!
Engage the services of an architect if you don't have one on
staff
Create an IT Governance (assurance) plan for the project
Prototype solutions
Create a Test and/or Development environment
Execute a test plan
Document, Document, Document!
#2 – Lack of Requirements
 Business
 Executives, Managers, Business Analysts
 Information Workers
 Technical
 Power Users
 IT Staff
 Performance
 Policy
 IA, Security
Requirements Gathering
 Define
‘need’ versus ‘want’ and prioritize
accordingly
 Elicitation Techniques
 Traditional – questionnaires, surveys, discussion
groups
 Existing Systems
 Pain Points as Requirements
 Group – brainstorming, lunch and learn (free
food)
 Prototyping
 Contextual
#3 – Insufficient Training
 Leads
to poorly implemented, underengineering, over-engineered, underutilized,
and impossible to use systems
 Who should I train?





Stakeholders (end user training)
Information Workers
Business Analysts
Administrators and Developers
Designers and Architects
EXAMPLE
TRAINING
SOLUTION:
UserVersity Certification Paths

Collaboration Specialist
Be able to use the tools such as search, navigational aids, site directory to navigate and find
content within SharePoint. Use of list and libraries within a site including all list and library
features. Collaboration within workspace sites, wiki sites and blog sites.

My Sites Specialist
Personalize My Profile in My Site, Manage Colleagues in My Site and use the colleague tracker
web part, Microsoft Office 2007 integration with My Site, SharePoint sites web parts, My
workspaces web part, recent blog posts web part and the My Links drop-down, User
Libraries In My Sites.

Security Specialist
Know how on security in WSS 3.0, Manage permission levels and SharePoint groups, Create
custom permission levels and SharePoint groups, Manage access to a Site, Manage access
to a library or list, Manage permission inheritance.

Publishing Specialist
Overview of Microsoft Office SharePoint Server 2007, Overview of Web Content Management.
Create pages in Publishing sites, Edit pages in Publishing sites, Approve content in
Publishing sites, Version history in Publishing sites, Overview of News sites.


Content Management Specialist – separate slide
Site Creation and Customization Specialist - separate slide
#4 – No Governance Plan
 While
everyone doesn’t agree on what
governance is, you still need it
 Assurance or Governance?
 Does
it align with IT Governance? Corporate
Governance?
Preliminary Governance
Requirements
•
•
•
•
•
•
•
•
•
Backup/Restore*
Authentication*
Authorization
System Monitoring*
Antivirus*
IT vendor oversight
Alerting/Notification
Auditing Policies
Distribution
•
•
•
•
•
Usage Reporting
Search Security*
Versioning
Branding
Custom
Development
• Publication
• Taxonomy
• Retention
#5 – Not Using Solutions for Customization
 Why
don’t people use them?
 Don’t know how
 Too difficult
 Too lazy (sorry in advance if this applies)
 Hard
to maintain consistency without them
 Can dramatically increase maintenance costs
Web Part Maintenance Example
A






Web Part requires:
.dll
.webpart XML
Feature.xml
Elements.xml
Safe Control
CAS (if applicable)
 So
if a single server, and single Web part,
then 6 actions to deploy…but…
What if you have 3 servers x 3
Web apps? 36 actions!






A .dll to be deployed to the web application BIN directory so that it can
implement Code Access Security. (Deploy to 3 web app bin directories
on 3 servers = 9 changes)
A .webpart XML file (Deploy to 12\TEMPLATE\FEATURES on 3 servers =
3 changes)
A Feature.xml file (Deploy to 12\TEMPLATE\FEATURES on 3 servers = 3
changes)
An Elements.xml file (Deploy to 12\TEMPLATE\FEATURES on 3 servers
= 3 changes)
A Safe Control entry for the web application’s web.config file (Change
the web.config file for 3 web applications on 3 servers = 9 changes)
Code Access Security policies that defines what the web part will be
allowed to do. (Change the web.config file for 3 web applications on 3
servers = 9 changes)
#6 – Insufficient DR Planning and Testing
 Define
RPO and RTO Targets
 Recovery Point Objective
 Recover Time Objective
 Get Stakeholders buy-in and agreement
 Define
granularity of restores
 SQL + Native Backups or 3rd Party Solutions
 High Availability
 Document, Test, Refine, Document
#7 – Lack of Capacity Planning and Testing
 What
works for 1 user may not work for 500
 Lots of tools for testing
 Visual Studio Team Suite, Fiddler, Ping.exe,
wireshark, etc.
 Software
vs. Hardware Boundaries
 See Mike Watson’s blog and TechNet
 Plan
for the worst, hope for the best!
 Don’t guess – know
#8 – No Configuration/Change Management
 Windows
Server platforms, IIS Configuration
 Information Management Policies / Auditing
 SharePoint Web Applications
 SQL Server
 Dependent systems (e.g. via BDC)
 Site Collection / Sites
 AuthN and AuthR
 Content Types, Metadata, etc.
#9 – Solving Every Problem With SharePoint
 It’s
a tool – use the right tool for the job
 SharePoint commonly addresses:
 Forms, business workflows, Task Order
Management, calendaring, collaboration, search,
aggregation, search, organization, presentation
 SharePoint
probably doesn’t address:
 CRM, Accounting, ERP, ERM, Time & Expense,
Portfolio Management, and Resource
Management
#10 – No Information Organization /
Information Architecture





Lack of consistency in how data is input into the
information system
Lack of agreed-upon meanings for metadata
keywords, lowering findability
Data redundancy goes up, incurring incremental
costs
Lack of findability of information in an e-discovery
proceeding can cost millions, jury might infer fraud
Inefficient IA costs much more than a IOPS
#11 – Solving Every Problem With Code
 Developers love
to write code
 If there’s a problem, writing code will fix it 
 Use
OOB Web parts as much as possible
 Refer to original business requirements
before customizing SharePoint
 Test before implementing
 Test before upgrades, Service Packs, etc.
 Remember when adding servers to the farm!
Thank you for attending!
Please fill out your evaluation and
turn it in on the back table!