SharePoint Tip of the Day – Who is the LocalSystem account used to run the Administration Service (SPAdminV4) ?


Even on least privileges installation of your farm, the SPAdminV4 services will run under the Local System account (be sure to read this reference table : and this – for SP 2007 but still as valid for 2010 / 2013 : but ‘who’ is this built-in account ?

The LocalSystem account has extensive privileges on the local computer, and acts as the computer on the network. Its token includes the NT AUTHORITYSYSTEM and BUILTINAdministrators SIDs; these accounts have access to most system objects. The name of the account in all locales is .LocalSystem. The name, LocalSystem or ComputerNameLocalSystem can also be used. This account does not have a password.

One advantage of running under the LocalSystem account is that the service has complete unrestricted access to local resources. This is also the disadvantage of LocalSystem because a LocalSystem service can do things that would bring down the entire system

( &

SharePoint Tip of the Day : Be careful when working with date & time in SharePoint !

Microsoft SharePoint stores date and time values in Coordinated Universal Time (UTC, but also named GMT or Zulu) format, and almost all date and time values that are returned by members of the object model are … in UTC format.

Unfortunately, there is one big exception and that’s probably the case you’ll be using the most : the list column values that are obtained through the indexer for the SPListItem class are already formatted in the local time for the site so if you’re working on current context list item and fetch a datetime field like so SPContext.Current.ListItem[“Your-DateTime-Field”] you’ll retrieve a DateTime object according the the specified time zone in the regional settings (and taking into account the “lovely” summer / winter time).

Other special case is whenever you want to display a date time value in your page layout, instead of using the generic field value :

<SharePointWebControls:FieldValue FieldName=”Modified” runat=”server” />

You should use the specific date time field value <SharePointWebControls:DateTimeField FieldName=”Modified” runat=”server” /> which will return the value according to the time zone of the current SPWeb.

As a final reminder, whenever you’re doing a CAML query and you’re working with date you can specify the property DatesInUTC to grab them as they are stored and I heavily suggest you to work with Offset (positive or negative) from Today <Today Offset=”10″ />
 or generate your Zulu “TZ date” (eg : 2012-05-24T16:32:00Z) based on a specific UTC time (and not the server current time). So instead of working with a DateTime.Now, rely on DateTime.UtcNow to avoid unexpected behaviour.

Hope it helps.

SharePoint Tip of the day – Reorder fields within your list instance

During your application lifecycle management, you’ll probably have to add new fields or update your content types based on new requirements / needs.
Re-ordering fields within list instances consuming these content types can be handy to give the professional finish touch to your upgrade scenario.

Fortunately, it’s extremely easy once you know how to do it ! Just grap the FieldLinks property on the content type of the list and call the re-order method on it. Don’t forget to update your list afterward !

                SPContentType bannerContentType = rootWeb.Lists[Configuration.Lists.Banners].ContentTypes[ContentTypes.Banner];                SPFieldLinkCollection fieldLinkCollection = bannerContentType.FieldLinks;                fieldLinkCollection.Reorder(new[]{                                                    Fields.Title, Fields.BannerKeyword,                                                     Fields.Language,Fields.Taxonomy, Fields.TargetChannels,                                                     Fields.BannerType, Fields.BannerImage, Fields.BannerAlternateText,                                                    Fields.BannerTargetUrl, Fields.BannerUrlTarget,                                                     Fields.BannerBody, Fields.BannerBodyPosition,                                                    Fields.PublicationStartDate, Fields.PublicationEndDate});                bannerContentType.Update();

SharePoint Tip of the day – Lookup fields defined through xml, WebId and managed paths


Wondering why your lookup field(s) defined through xml are not working anymore when you deploy your solution outside of the root of the web application ? (/sites/whatever or /whatever for the explicit inclusion managed paths) ? Turns out that you need to specify the web id to the tokenized ~sitecollection (and also set overwrite to true if you do have a separate feature for your field and your list schema).

Without this, the lookup field definition which was working flawlessly without any code on the root of the web application was unable to find back its associated list.

That webid attribute, awfully unproperly documented within msdn / sdk, also allows you to define the guid of the target web holding the list instance.

SharePoint Tip of the Day – Add Alternate URL using stsadm (AAM)

If you try to automate as much as possible your solution deployment, you'll likely enjoy having your alternate access mappings deployed in a structured and repeatable way.
Turns out that it's quite easy and manageable by stsadm without doing some custom development.

To add an internal url to your web application :

stsadm -o addalternatedomain -url -urlzone Internet -incomingurl

And to add a public url :

stsadm -o addzoneurl -url http://SP2010:88 -urlzone Internet -zonemappedurl

Quite handy and something we can add to our little batch files that deploy our SharePoint solutions.

SharePoint Tip of the day : AAM, Hosts, Bindings, Search Scopes and Server Name Mappings reminder

As a SharePoint developer, I don't have to play too much with all the administrative tasks when I'm outside of my VMs as our IT service is responsible for ensuring the proper health status of the production facing site. So stuff like Alternate Access Mappings, Bindings and Server Name Mappings were quite new for me.

So, here is a small reminder of the steps that I did to have my site collection accessible through a fake public url (eg : instead of http://sharepoint-dev-01 and ensure the search results are returned properly using the right url.

  • Edit the host file on the server, make point to
  • Edit the IIS binding (inetmgr -> point the relevant website entry -> bindings and add a new one with as the host name on port 80 (all ip addresses unassigned)
  • Add an Internet Alternate Access Mapping for your computer name (in my example : http://sharepoint-dev-01)
  • Fire up your browser and access your website through the new url (you can launch Fiddler and have a look at all requests / responses to ensure everything is properly mapped

The most important part is now what to do (or what to avoid) to ensure that your search is working as you would expect it to do. The general idea is to stick with the server name as the host name instead of already playing with the AAM name. The alternate access mapping created previously will take care of all url rewritting so do not do like me and don't mess your content source or scopes with the fully qualified domain name !

  • Ensure your content source is pointing to the server name instead of the fully qualify domain name (eg : http://sharepoint-dev-01)
  • Ensure all relevant scopes are using the server name instead of the fully qualify domain name on your folder rules (eg Folder = http://sharepoint-dev-01/be-en/products/)
  • Make a full crawl
  • Enjoy your search results being served with the fully qualified domain name when your search page is accessed through

It must be possible to adapt url of the search results through the "server name mappings" configuration screen but I've never been able to make it work as expected. I guess the main culprit was the fact that I mixed fqdn and server name at various place which confused the search service.

I'll never stop learning 🙂


SharePoint tip of the day – what to do when stsadm restore results in ‘Access Denied’ error (E_ACCESSDENIED)

Ensure that your account has enough permissions to do the operation or that you’re list as a site collection administrator for the site collection that you are restoring.
Your site collection might also be locked by a previously failed restore job : stsadm -o setsitelock -url “http://yoururl-lock none

(and don’t worry, even when the backup is on the same disk as the sql server, it’s awfully slow to restore… Don’t kill the process and get a long coffee break !)

SharePoint Tip of the day – Open a Custom Action “EditControlBlock” in an overlayer


People get really used to overlayers in SharePoint 2010. Altough you can turn it off at the list level, it’s a nice addition and you can easily benefit from it in your custom action development.

Here’s a quick snippet to open your custom action in a modal dialog. The trick is to use some inline javascript in the UrlAction (instead of a regular url) to call the dialog and manage the call back function. 

Tweak it to your needs !

SharePoint Tip of the day – Don’t forget to to disable the LoopbackCheck on your SharePoint VM / Server (even more if you use AAM !) (401.1 error)

I'm currently developping a solution that makes extensive use of web services to communicate back and forth between two site collections.
When I added Alternate Access Mapping to both site collections, I wasn't anymore able to call my web service locally (it still worked fine when called from another server). On the relevant server, trying to reach a site collection (and thus anything underneath) using the AAM name was always triggering the credentials prompt and failed regardless of the validity of the credential given…

Turned out the culprit was the LoopbackCheck (and if you need to disable it like me, add this key : [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa] "DisableLoopbackCheck"=dword:00000001

Edit : once the culprit was known, google turned out to be more friendly in helping me !
Looks like there is a more secure way to fix this, and thus avoiding to disable the loopback check : and you should read the excellent harbar post over there : to understand why it's a bad practice to do so on a production server.

SharePoint 2010 Tip Of The Day – Missing Translation Management Library template in your site

If you are missing the Translation Management document library on your site and you don’t see the relevant feature in the site collection features, don’t worry, the feature can still be activated :

stsadm -o activatefeature -name TransMgmtlib -url http://your-site-collection-url

you might then need to activate this feature as well if it was not already done at the farm level

stsadm -o activatefeature -name TransMgmtFunc -url http://your-site-collection-url

SharePoint Tip of the Day – Easily allow your contributors to see what an end user will see

A common requirement in all SharePoint projects that I’ve be working on is to see what an end-user / visitor will see. The publishing console have the option “preview in another window” but you need to have the console activated / displayed and it’s not always obvious for someone who doesn’t know where to look for such an option. Fortunately, it’s really easy to add a simple link in your page layout (or master page in any “toolbox area”), just use the current page url and append
?PagePreview=true, a target=_blank will finish the job to keep the current page being edited opened !

And if you want to add this to a site action button, you can simply reuse this snippet that I just did

      GroupId = “SiteActions”
      Title=”Preview page in a new window”
        <UrlAction Url=” + ‘?PagePreview=true’), ‘Preview’, ”);” />

Hope it helped !



SharePoint Tip of the Day – Users with Full Control permission level are not able to view / manage custom group membership

Even if you give the highest permission level (full control) to specific groups or users, they won’t be able to manage custom group memberships until they are set as the owner of the group. By default it’s the system account that is set as the group owner, and the only one allowed to manage the group, changing that settings will allow your specific group to manage itself.


SharePoint Tip of the Day – Changing the execution timeout value

Edit (for all web servers in your farm) the web.config file in  C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions12TEMPLATELAYOUTS and update the configuration / system.web / httpRuntime executionTimeout to something bigger (value is an amount of seconds)

No more dreaded execution timeouts after 6 minutes for your very long running synchronous operations ! (Thanks Peter !)

SharePoint Tip of the Day – Quick reminder to add the SharePoint 2007 or 2010 BIN path to your environment paths

In a command prompt either type / paste
@set PATH=C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12BIN;%PATH%
for SharePoint 2007

@set PATH=C:Program FilesCommon FilesMicrosoft Sharedweb server extensions14BIN;%PATH%
for SharePoint 2010

Edit : this will be lost when the command prompt will be closed, so you’re better of editing the environment varialble to add the bin path to it by going to

Control Panel > System > Advanced System Settings > Environment Variable > System Variables > Scroll to Path and click the Edit button and add ;C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12BIN (don’t forget the semicolon separator !)

SharePoint Tip of the Day – Ensure that the search crawler account that you are using is not a regular site collection user account !

Quick reminder because it took us a long time to figure it out, if you specify a limited (ie : reader member) account as the search crawler foolishly thinking like me that it would prevent the crawling of unaccessible page (admin page, anything unavailable thanks to the viewformpagelockdown, …) then stop doing so ! Any account specified as the search crawler account will be farm admin privileges (at least on the site collection crawled). That’s definitively not something you want to grant to your end-users 🙂

We never stop learning in SharePoint !

SharePoint Tip of the Day – Provide default value for your list instance with special characters.

Whenever you need to provide default values for your list that contains special characters like "<" "&" and so on, don't forget to encapsulate them in CDATA, neither the html entity name nor the entity number is working…

    Description="Power items list that will store and manage the various power values."

          <Field Name='ID'>1</Field>
          <Field Name='Title'><![CDATA[<10W]]></Field>
          <Field Name='ID'>2</Field>
            <Field Name='Title'>10 – 50W</Field>
          <Field Name='ID'>3</Field>
            <Field Name='Title'>50 – 100W</Field>
            <Field Name='ID'>4</Field>
            <Field Name='Title'>100 – 150W</Field>
            <Field Name='ID'>5</Field>
            <Field Name='Title'>150 – 250W</Field>
            <Field Name='ID'>6</Field>
            <Field Name='Title'>250 – 600W</Field>
            <Field Name='ID'>7</Field>
            <Field Name='Title'><![CDATA[> 600W]]></Field>



SharePoint 2010 Tip of the day : Display your movies in an overlayer using the out of the box SilverLight media player.

Thanks to useful help of  Jomit, I managed to add an overlayer for the video.

Here’s what I did :

First : ensure that you have a reference the mediaplayer.js in your master page (if you want to reuse it in more than one page layout / page)

<script type=”text/javascript” src=”/_layouts/mediaplayer.js”></script>

(and don’t forget to end your script tag with a </script>, I spent several hours trying to understand why a <script … /> was not loading …

Second : once the  dom is loaded / ready (this is required otherwise the getElementById will return null and end the attachToMediaLinks function) trigger this : 

mediaPlayer.attachToMediaLinks((document.getElementById(‘overlay_movies’)),[‘wmv’, ‘avi’]);


‘overlay_movies’ is the temporary div that I gave while testing, in my rendering I have something like :


<div id=”overlay_movies”>
        a sample movie<br/>



There comes a nice overlay player when you click on a media (with one of the extensions specified as parameter) in that div.

SharePoint 2010 Tip of the day – New Profile Picture Storage (and retrieval) mechanism


Unlike the 2007 edition where the picture was stored on each user "my site", they are now hosted in a central library "User Photos" under your mysite url

So in order to access this repository, just point your browser to :
http://sharepoint2010/my/User%20Photos/Forms/AllItems.aspx (adapting the computer name / domain to your needs obviously)

Like all pictures libraries, uploaded images are resized in 3 dimensions (large, medium, small) and you can access a specific picture by using the url above with something like

"http://sharepoint2010/my/User%20Photos/{0}_{1}_{2}Thumb.jpg"  where {0} is the domain name, {1} is the login name and {2} is the requested size (L, M or S).

Now I need to find a way to retrieve the my site application url (from a sandbox solution, that will be … fun !)


SharePoint 2010 Tip of the day : Don’t forget to do a full crawl to be able to search / find the freshly imported profiles (from your AD or other source)


I had a very hard time this morning configuring the profile synchronization in SharePoint 2010 (damn, that thing is really fragile) but now my profiles are imported correctly from Active Directory.
I used a People Core Search Result webpart in my site collection and I was unable to retrieve any profile regarding of the settings that I used … Turned out that a full crawl was needing to harvest all profiles

If someone can explain me what's behind SPS3 and the "site$$$people" stuff that have been found by the crawler, I would be more than glad to know !

SharePoint 2010 Tip of the day : What to do when you are unable to publish PowerPoint to a slide library ?

  • Go to Start->Administrative Tools->Server Manager
  • In Server manager Click on Features and the click Add Features
  • Select the Desktop Experience Feature and install it. Then Restart the Server (Required for installation of the feature)
  • Go to Start->Administrative Tools->Services
  • Select the Web Client Service and Start it.

Many thanks to Anshul who figured this out !