How I passed 70-331

Last week I sat and passed the exam for 70-331 – Core Solutions of Microsoft SharePoint Server 2013. After having sat a couple of the prerequisite exams for the SharePoint certification streams it was good to get back to reading and learning about SharePoint and the content for this exam didn’t disappoint – it’s always valuable when the study material for a given exam allows you to learn new things and the content for this one opened my eyes up to some pieces of information I wasn’t previously familiar with. For all of the detractors out there regarding Microsoft certifications, this is probably the most valuable argument for why becoming certified has merit (of course you could read this material without sitting an exam, but for me it really helps to focus areas of study – otherwise there’s just so much information out there to get through!).

My preparation for this exam was quite significant. I had a bit of time up my sleeve so I went down the route of both reading as many relevant TechNet articles as possible and also reading Exam Ref 70-331: Core Solutions of Microsoft SharePoint Server 2013. The book started off fairly dry and I was wondering if I’d get any benefit from it but i’m glad I stuck with it, by the end I was very happy with the content I learnt from reading it and it was actually one of the better books I’ve read for learning about SharePoint recently which was somewhat surprising for what I expected would be just a manual to assist with the exam preparation. In the end I probably dedicated about 50h of study time for this one.

Overall I found the exam quite difficult even though I went in fairly confident. I found Alex Dean’s post 70-331 Insights to be a fairly accurate account of my experience also so I figured I’d link to that rather than duplicate it all here.

I mentioned that I read a number of TechNet articles – I primarily used the Born to Learn site’s Server Certification Study Group wiki to determine what to read, however a number of other options exist including Vlad Catrinescu’s Study Guide for Exam 70-331 Core Solutions of Microsoft SharePoint Server 2013, Gavin McKay’s Studying for Exam 70-331: Core Solutions of Microsoft SharePoint 2013 and Becky Bertram’s currently under construction Exam 70-331 Study Guide. To be honest the first 3 I’ve listed are very similar (even to the point where the mistakes are the same!) so I don’t know who should get the ultimate credit but otherwise all will likely serve the purpose. Finding out about the Born to Learn site was a great positive of this process – I feel it’s going to be a heavily visited site for me in the future!

While I didn’t watch any videos this time around there are a number of options out there for those that wish to pursue that way of learning. Some of the options include Pluralsite’s SharePoint Server 2013 Core Solutions (70-331), CBT Nugget’s Microsoft SharePoint Server 2013 70-331, Channel 9’s Exam Prep: 70-331 and 70-332 – MCSE: SharePoint (Microsoft SharePoint Server 2013) and TechNet’s SharePoint 2013 training for IT pros.

Another valuable resource you should be aware of is the Microsoft Virtual Academy site. I did find a page for Core Solutions of Microsoft SharePoint Server 2013: exame 70-331 however it is in another language so perhaps not so useful for those of us that only speak English! Plus it wouldn’t actually let me access the content. Regardless – I think this is going to be an ever improving and valuable site to keep an eye on for future certification efforts.

So that about covers everything. I enjoyed the content of this exam and the process of studying for it which is always a plus when setting off on the path to gain the overall SharePoint certifications. Next on the list will be 70-332 so I’m hoping that one is similarly well created content wise.

As always, best of luck for passing this exam!

Content Security in SharePoint

Security is a polarising topic in the SharePoint community. It seems that everyone has a slight variation to what would be considered a best practice approach to implementing security across a site. There are so many conditions that determine which approach would be the best to use that it’s difficult to outline a best practice approach in the first place. This article, while filed under the Best Practices category, should only be considered my personal best practice approach to implementing a security model across a SharePoint 2007 or 2010 site.

If you have the time, there is a tonne of background reading to get through on the subject. Technet includes pages dedicated to both versions of SharePoint including Security and protection for Office SharePoint Server 2007  and Security and protection for SharePoint Server 2010. In this article i’m focussing on securing site content which is more specifically targeted in the Downloadable book: Security for Office SharePoint Server 2007 and Security planning for sites and content (SharePoint Server 2010).

I’ve always favoured a simplistic approach to site security. I used to advocate maintaining security groups in active directory, assigning those security groups to SharePoint groups and then assigning the relevant permissions to those groups across the site where necessary. The premise behind this methodology was to have one source of truth (AD) which was often maintained more religiously when staff joined or left the organisation. It was to allow a ‘set and forget’ approach to security within SharePoint – the security across the site would ideally never change, only the staff members assigned to the security groups. In reality, this approach is far too idealistic.

I’ve since realised that a lot of the time the security methodology will be largely influenced by the context of the organisation. Security groups may make a lot of sense throughout the organisation, but they may not map ideally to the SharePoint site. Some organisations may not and will not assign email addresses to security groups which renders them a tad ineffectual when it comes to workflow notifications. Some will refuse to create SharePoint-specific security groups in AD altogether. AD maintenance may be carried out solely by an over-worked IT department at a low priority, so getting a particular user added to a group may take longer than necessary. Or you may want to display the members of a given site using the Site Users web part and notice you end up with the security group listed rather than the individuals (there is a way around this in SP2010 however, check out Robi Voncina’s Display members of AD group in SharePoint 2010  solution on CodePlex). You get the idea – there’s not necessarily a one size fits all approach that will work in every scenario.

There are however a few golden rules which can be followed with a few potential caveats to implement a solid security methodology across a site.

1. Plan your security

One of the biggest issues with security in SharePoint is it seems to be done ad-hoc initially and grows wildly once the site is live. Security is granted on an as-needed basis with little fore-thought which generally results in a sprawling mess which is hard to track and maintain. Initially the security implementation should be well thought out and planned – identify the levels of access required, the users which will need those levels of access and identify the logical groupings of those users. When security needs to be modified, assess how the change fits in to the initial model and implement the most logical option to affect the change.

2. Document your security

This is particularly important in terms of tracking the customisations to security – preferably everything should be documented. It allows you to have an over-arching view of what is in place – determine what users have access to which portions of the site – something which is otherwise difficult to ascertain. At the very least where ever inheritance has been broken should be clearly identified, especially at more granular levels such as list or item level security (which preferably should be avoided).

3. Inherit permissions where ever possible

Aside from making the job far easier for point 2, it really keeps the security structure a lot more clear and clean to identify which users have certain levels of access across the site. Breaking inheritance at the sub-site level is not too much of a concern but at the list and item level should be avoided if possible. SharePoint helps out in this regard seeing inheriting permissions is the default.

4. Always use SharePoint groups when applying security across a site

You may not be able to only use AD security groups as identified above, but you should always use the SharePoint groups. Permissions should only be assigned to these groups rather than individuals – you are able to add both AD users and security groups to the SharePoint groups. It keeps everything a bit neater and consistent across the site rather than having some SharePoint groups, some security groups and some individuals. It’s worth preventing group-sprawl if possible – maintaining as few logically seperated groups as possible will ensure ease of maintenance.

5. Use AD security groups where appropriate

I still prefer using security groups to keep the SharePoint security structure clean and concise – but only when it makes sense to do so. Leverage the Domain Users group to provide global read access across a site for instance.

6. Use the principle of least-privilege

This is just good practice in all forms of IT. No user should ever have access to functionality that they don’t need. I’ve seen plenty of implementations which give site ownership to a wide range of users so they can edit a particular page of a sub-site, then wonder where a certain list item disappeared to.

The goal for any security implementation should be simplicity, understandability, maintenance efficiency and most importantly effectiveness in securing the content. The best way to get there is to plan and document the approach, for the time invested in the beginning will save a lot of headaches moving forward.