How to ensure your Hyper-V image has a working internet connection

So, every time I create a new hyper-v image, I’m always messing around for far too long to get the internet connection working on said image. So I decided to document it once and for all. Who knows, maybe it’ll help you save some time as well! I always use my Wifi adapter, but a cabled connection will equally work.

    • Prior to creating an image, check in your hyper v manager if you have created a Virtual Switch. Internal will do just fine.


    • Create the image (duh!) and add the switch to your image. This will create both a switch on the host machine as well as one on the guest machine! I always make sure that the gues OS is also available through a Remote Desktop Manager tool, but that is obviously your own choice.
    • Give the Guest ethernet adapter a static IPv4 address ( point the gateway to the host ethernet ip address ( Note that I didn’t select this IP because I think it looks pretty but is the default IP for Windows Hosted Wireless Networks. If for some reason, you have to edit this IP, you have to change it in the registry settings- not the topic of this post. If the static IP is any other than, Windows will warn you before setting this IP for you! So be mindful of that. Preferred DNS server should also be the ip address of the Host ethernet adapter IPv4 address ( Save setting and close the properties.
    • Back on your host, you will need to edit two settings. The virtual Ethernet adapter IPv4 settings (1) on the host must match the settings on your guest OS, in my case Preferred DNS settings should be the ip address of the host machine. I use the universally known loopback for that :).

Host Ethernet

    • Last thing you need to do is enable Sharing on your ethernet adapter that is currently enabling your machine to connect to the internet. In my case, my WIFI adapter (2). Save your settings once this is done.

Shared Wifi adapter

      Reboot your Guest image and once you restart it, you will find that you can now access the internet on your guest OS! If you need to switch from WIFI to cable, make sure you share the Cable Ethernet adapter with the virtual Ethernet adapter. Update away!!

Implement a split back-to-back SharePoint Extranet

So, this is a subject that has been haunting me for some time since I have been struggling quite a bit to get this to work correctly – until now. The SB2B scenario is a valid scenario when you decide to split a perimeter domain from a corporate, internal domain in order for SharePoint to assume the role of an Extranet. Typically, you would have a user hit a SharePoint site (through ISA or TMG for example) without them being able to directly access data in the corporate domain;



SharePoint would normally be installed and configured in the perimeter domain whereas the actual SQL data resides in the corporate domain. This means there needs to be a way for both domains to communicate to each other; either by trusting each other ór by using SQL authentication. I opted to go with SQL authentication although a trust relation between both domains would equally work. This post will explain what I needed to do in order for this scenario to work. In this first part I will show you the steps I took to make this work as well as provide the used batch file.

    1. Mount the SharePoint ISO on the Perimeter server that will host your SharePoint environment. I actually copied all the files to my local D:\_Install folder and went from there. The scripts that I wrote also use this folder as a starting point. I used SharePoint foundation, but it should not matter which edition of SharePoint you use. I assume that SharePoint 2010 and SharePoint 2013 – all editions- will work.
    1. Make sure that you have a user in the Perimeter domain which will be used as a SharePoint farm account. This account needs to be local admin on the server(s) which will host the SharePoint farm. In my scripts, this will be the PERMITER\SP_FARM user. Additionally, if you want  your application pools to run using a different identity than the farm user -which is highly recommended, make sure that this user is also added to the Perimeter domain (PERMITER\SP_WEBAPPS). This account will become promoted to Managed Account later on. Lastly, but most important of all: create a SQL user in the corporate domain with db_creator and securityadmin rights. This user needs to be able to create the Configuration and Admin databases initially and it will also be used subsequently for all communication to and from SQL. Needless to say, make sure that this user has a rock solid password!
  1. I created a batch file (yes…a good old-fashioned bat file!)  which you will need to run as administrator to perform a number of tasks for me so that I could repeat the installation easily in the future. The batch file can run through multiple scenarios if you have already performed tasks which do not need to be redone. What does it do?
    • Install all the prerequisites. This can be achieved in two ways; by downloading the files if the server has a connection to the internet or by installing already downloaded prereqs. I already downloaded all my prereqs since -in my scenario- the server did not have access to the internet. I then install all these prerequisites unattended.
    • Install the SharePoint binaries on my server.
    • Configure the SharePoint Farm using SQL authentication. this means you add two additional commands to the psconfig executable (in addition to the user and password commands!); dbuser and dbpassword. A note on the -server cmd; you can specify a portnumber directly after the database name\instance. This is important because your SQL backend will most likely be security hardened in that the default ports (TCP/IP 1433, UDP 1434) have been altered in order to prevent attacks on these ports. So if you need to communicate with SQL Server using a single port; this is the place to do it. You can test this easily by creating a test.udl on your desktop and connect to your database using SQL credentials. Once this configuration is succesful you will be able to access Central Admin… Hurrah!
    • Run a powershell script which will
      • reconfigure log location for ULS and IIS logs
      • add the Application pool account as a Managed account to SharePoint
      • configure the webapplication including an Alternate Access mapping plus extending the web application for use with KERBEROS authentication
      • configure a root site collection.
SET /P CONTINUE=Warning! You will now attempt to install SharePoint. Continue (Y/N)?
SET install_Location=D:\_Install
SET farm_Environment=_DEV
SET farm_Passphrase=SB2B_SharePoint
SET db_User=SB2B_SQL
SET db_Name=SQLServer\SB2B
SET Prereq_Location=%install_Location%\PrerequisiteInstallerFiles
SET binary_Location="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN"
if /i {%CONTINUE%}=={y} (goto:continue)
if /i {%CONTINUE%}=={Y} (goto:continue)
if /i {%CONTINUE%}=={n} (goto:End)
if /i {%CONTINUE%}=={N} (goto:End)
goto :End

: continue
SET /P INSTALL=Install prerequisites (Y/N)?
if /i {%INSTALL%}=={Y} (goto:install_prereqs)
if /i {%INSTALL%}=={y} (goto:install_prereqs)
if /i {%INSTALL%}=={N} (goto:binaries_installed)
if /i {%INSTALL%}=={n} (goto:binaries_installed)

: install_prereqs
SET /P DOWNLOAD=Download prerequisites (1) or Install from file location (2)?
if /i {%DOWNLOAD%}=={1} (goto:download_prereqs)
if /i {%DOWNLOAD%}=={2} (goto:install_prereqs)

ECHO Attempting Download of required SharePoint 2010 prerequisites...
Set download_Prerequisites=%install_Location%\PrerequisiteInstallerFiles\Download_Prerequisites.ps1
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%download_Prerequisites%""' -Verb RunAs}";
ECHO Download complete!

ECHO Scanning %Prereq_Location% for required files!
%install_Location%\prerequisiteinstaller.exe /unattended /SQLNCli:"%Prereq_Location%\sqlncli.msi" /Sync:"%Prereq_Location%\Synchronization.msi" /ChartControl:"%Prereq_Location%
\MSChart.exe" /NETFX35SP1:"%Prereq_Location%\dotnetfx35.exe" /KB976394:"%Prereq_Location%\Windows6.0-KB976394-x64.msu /KB976462:"%Prereq_Location%\Windows6.1-KB976462-v2-x64.msu"
/IDFX:"%Prereq_Location%\Windows6.0-KB974405-x64.msu" /FilterPack:"%Prereq_Location%\filterpack2010-kb2837594.exe" /ADOMD:"%Prereq_Location%\ASADOMD10.msi"

SET /P BINARIES=Do you want to (re)install the SharePoint 2010 Foundation binaries (Y/N)?
if /i {%BINARIES%}=={Y} (goto:install_binaries)
if /i {%BINARIES%}=={y} (goto:install_binaries)
if /i {%BINARIES%}=={N} (goto:farm_Configured)
if /i {%BINARIES%}=={n} (goto:farm_Configured)

ECHO Preparing to (re)install SharePoint 2010 binaries...
%install_Location%\setup.exe /config %install_Location%\Files\SetupFarm\config.xml
ECHO Installation of SharePoint binaries completed!

SET /P CONFIGURE=Do you want to (re)configure the SharePoint 2010 Foundation Farm (Y/N)?
if /i {%CONFIGURE%}=={Y} (goto:configure_Farm)
if /i {%CONFIGURE%}=={y} (goto:configure_Farm)
if /i {%CONFIGURE%}=={N} (goto:End)
if /i {%CONFIGURE%}=={n} (goto:End)

SET /p farm_Password="What is the password for %farm_User%? "
SET /p db_Password="What is the password for %db_User% ? "
ECHO "Configuring SharePoint Farm using SQL authentication..."
%binary_Location%\psconfig -cmd configdb -create -server %db_Name%,55233 -database Eportal_ConfigDB%farm_Environment% -dbuser %db_User% -dbpassword %db_Password% -user %farm_User% -password
%farm_Password% -passphrase %farm_Passphrase% admincontentdatabase SB2B_AdminDB%farm_Environment%
%binary_Location%\psconfig -cmd helpcollections -installall
%binary_Location%\psconfig -cmd services -install
%binary_Location%\psconfig -cmd installfeatures
%binary_Location%\psconfig -cmd adminvs -provision -port 8080 -windowsauthprovider onlyusentlm
%binary_Location%\psconfig -cmd applicationcontent -install
ECHO "You can now open the Central admin on http://<ServerName>:8080..."

SET /P APPLICATION=Do you want to auto-create a web application (Y/N)?
if /i {%APPLICATION%}=={Y} (goto:create_Webapplication)
if /i {%APPLICATION%}=={y} (goto:create_Webapplication)
if /i {%APPLICATION%}=={N} (goto:End)
if /i {%APPLICATION%}=={n} (goto:End)

ECHO: "Creating Web application..."
SET create_Webapplication=%install_Location%\Scripts\Create_Webapplication_dev.ps1
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%create_Webapplication%""' -Verb RunAs}";
ECHO "Web application configured!"
SET /P COLLECTION=Do you want to auto-create a site collection (Y/N)?
if /i {%COLLECTION%}=={Y} (goto:create_Sitecollection)
if /i {%COLLECTION%}=={y} (goto:create_Sitecollection)
if /i {%COLLECTION%}=={N} (goto:End)
if /i {%COLLECTION%}=={n} (goto:End)
ECHO: "Creating site collection..."

ECHO "Done. Click any button to close this prompt."

This batch file calls a powershell script called create_webapplication which is located in the Scripts folder in location D:\_Install :

Add-PSSnapin Microsoft.SharePoint.Powershell -ErrorAction SilentlyContinue

#Set custom logfile locations and size#
Set-SPDiagnosticConfig -LogLocation D:\Logfiles\ULS_Logs -DaysToKeepLogs 14 -LogMaxDiskSpaceUsageEnabled -LogDiskSpaceUsageGB 5
Set-SPUsageService -UsageLogLocation D:\Logfiles\Usage_Logs -UsageLogMaxSpaceGB 5
Start-Sleep  -Seconds 3

#Set new SPManagedAcount for as Application Pool identity account#
$credentials_webapp= $host.ui.PromptForCredential("PERMITER\SP_WEBAPPS credentials", "Please enter this user's password.", "PERMITER\SP_WEBAPPS", "")
New-SPManagedAccount -Credential $credentials_webapp
Start-Sleep  -Seconds 3

#Create PScredential object for db user; this is used to authenticate the SQL user.#
$sqlpassword = Read-Host -Prompt "Enter password for SQL user SB2B_SQL" -AsSecureString
$WebAppDatabaseCredentials =  New-Object System.Management.Automation.PSCredential($sqluser,$sqlpassword)
$WebAppName = ""
$WebAppHostHeader =""
$WebAppPort = 80
$WebAppAppPool = "SharePointAppPool"
$WebAppAppPoolAccount = "PERMITER\SP_WEBAPPS"
$WebAppDatabaseName = "SharePoint_ContentDB"
#database server variable can contain case only a selected number of ports are opened on the SQL box#
$WebAppDatabaseServer = "SQLServer\SB2B,21433"
$SiteCollectionName = "SharePoint"
$SiteCollectionURL = ("http://" + $WebAppHostHeader)
$SiteCollectionTemplate = "STS#1"
$SiteCollectionLanguage = 1033
$SiteCollectionOwner = "PERMITER\SP_FARM"

# Create a new Sharepoint WebApplication on port 80 and create an alternate access mapping for the webapplication#
New-SPWebApplication -Name $WebAppName -Port $WebAppPort -HostHeader $WebAppHostHeader -URL ("http://" + $WebAppHostHeader) -ApplicationPool $WebAppAppPool -ApplicationPoolAccount ($WebAppAppPoolAccount) -DatabaseCredentials $WebAppDatabaseCredentials -DatabaseName $WebAppDatabaseName -DatabaseServer $WebAppDatabaseServer
New-SPAlternateURL -WebApplication ("http://" + $WebAppHostHeader) -Zone Intranet -Url ""
Start-Sleep  -Seconds 3

#Extend web application to Intranet Zone using Kerberos authentication#
$webapp = get-SPWebApplication ("http://" + $WebAppHostHeader) | New-SPWebApplicationExtension -Name "" -SecureSocketsLayer -Port 443 -Zone Extranet -Url "" -AuthenticationMethod Kerberos
Start-Sleep  -Seconds 3

# Create a new Sharepoint Site Collection based on blank template#
New-SPSite -URL $SiteCollectionURL -OwnerAlias $SiteCollectionOwner -Language $SiteCollectionLanguage -Template $SiteCollectionTemplate
Start-Sleep  -Seconds 3

Congratulations, you have now configured SharePoint 2013 as a split back to back topology using SQL authentication!

Add css and javascript references to SharePoint 2013 page

There are many ways to add css and javascript code to your SharePoint pages. Where you put it, largely depends on the scope of the added code; a single page, a single list or one or more sites.  This short post is just to show you the format of how you should link a reference to a .css or .js file in for example your Style Library;

Add a css reference to a sharepoint page, relative to the sitecollection;

<SharePoint:CSSRegistration Name=”<% $SPUrl:~SiteCollection/Style Library/cssfile.css%>” runat=”server”/>

Add a js reference to a sharepoint page;

<SharePoint:ScriptLink ID=”jsfile” language=”javascript” runat=”server” Defer=”False” Localizable=”false” Name=”~siteCollection/Style Library/jsfile.js”/>

Easy does it!

Jquery: Open summary links in new window SharePoint 2013

Default behaviour in SharePoint 2013 is that a link from the summary link web part opens the link in the current browser window. This is not always what you need (when you have a link referring to a pdf download for example, you might want the pdf to open in a separate browser). this is easily fixed by editing the page and adding a script editor snippet;

	$('.pageLink').attr('target', '_blank');

Please note that I used the (window).load(function){} instead of the (document).ready(function){}. This is because load is called when all assets are done loading, whereas ready is fired when the DOM is ready for interaction. So the Load comes AFTER ready, which might be confusing.

Powershell: Edit Display Names for SharePoint 2010 / 2013 FBA pack

So, let’s start by saying that the FBA pack for SharePoint 2010 and SharePoint 2013 is a great tool. It makes FBA easy to maintain from the SharePoint UI. FBA users are usually added at the root of the webapplication. Here you create users, hand out passwords and give the user a meaningful display name. All good and well. The issues arise when a user logs in for the first time to a subsite of the root; the user account is then added to SharePoint’s hidden user list where only the user login is used. The display name that you added at the root site level however, is not copied to the hidden user list. Annoying because only the user login in itself doesn’t always say a whole lot. On top of that; users will complain that their name is ‘this weird code’. For example; my full user login at root site level would be “i:0#.f|ldapmember|hayeng” and my displayname would be “Gaston Hayen”. The latter is obviously preferred. When I login to a subsite for the first time, my logged in user shows “i:0#.f|ldapmember|hayeng” and not “Gaston Hayen”. So I made a script that fixes this issue for you! The script needs to be edited to meet your specific requirements (replace URL’s and decide whether you need to log to C:/scripts or not) plus I assume that accounts are created at the root of the web application ~that was my scenario at least. Schedule this script and you are good to go!

add-PSSnapin "Microsoft.SharePoint.Powershell"

### Variables ###

$currentDate = Get-Date -UFormat "%Y-%m-%d"

#Be sure that the sp_farm account has write access to the logging folder configured below!
$logPath = "C:\Scripts\SetUsers - $currentDate.log"

### Variable ###

# retrieve all sitecollections excluding root
$allSites = Get-SpWebapplication ""| get-SpSite -limit all | Where-Object {$_.Url -like "*"} | Select-Object -Property Url 

# retrieve all FBA users from root site collection. Only Userlogin and  Displayname properties are selected into new object
$allUsers= Get-SpUser -web -Limit all | Where-object {$_.UserLogin -like "i:0#.f|ldapmember*"} | Select-object -Property UserLogin, DisplayName

# retrieve all FBA groups/roles from root site collection. Only Userlogin and  Displayname properties are selected into new object
# Optional: $allGroups= Get-SpUser -web -Limit all | Where-object {$_.UserLogin -like "c:0#.f|ldaprole*"} | Select-object -Property UserLogin, DisplayName

# loop through the site array variable
for ($i=0;$i -lt $allSites.length; $i++) { 
    # retrieve all local SharePoint users
    $localUsers= Get-SPUser -web $allSites[$i].Url  | Where-object {$_.UserLogin -like "i:0#.f|ldapmember*"} | Select-object -Property UserLogin, DisplayName 
    # Optional: $localGroups= Get-SPUser -web $allSites[$i].Url  | Where-object {$_.UserLogin -like "c:0#.f|ldaprole*"} | Select-object -Property UserLogin, DisplayName       

    #loop through the local user array variable per sitecollection
    for($j=0;$j -lt $localUsers.length; $j++){
            for($k=0;$k -lt $allUsers.length; $k++){
                #Get Userlogin from allusers
                $allUserSubString = $allUsers[$k].UserLogin.Substring(18)                                              

                #check whether the Display name has already been modified.
                if ( $allUserSubString -eq $localUsers[$j].DisplayName){    #and alluser userlog K -eq loca userlog J
                    Set-SPUser -Identity $localUsers[$j].UserLogin -DisplayName $allUsers[$k].DisplayName -Web $allSites[$i].Url
                    $userOutput= "Set-SPUser -Identity """+ $localUsers[$j].UserLogin +""" -web "+ $allSites[$i].Url +" -DisplayName """+ $allUsers[$k].DisplayName+""""
                    $userOutput | Out-File $logPath -Append -Width 300                    

SharePoint 2013: an overview of required service accounts

When you (are about to) install SharePoint 2013, you will need service accounts to do so.
Besides giving you a general overview of required service accounts, this article is also meant as a reference/checklist during installation.

Now, please note that you might not need all accounts; if you aren’t using Excel Services, then you obviously wouldn’t need a corresponding account either. Also; the names that I have given to these accounts are purely optional; you can do as you please although I would suggest you give each account a concise and meaningful name. Before I start with the list, there are two very important things that you need to know:

    1. SharePoint service accounts or Managed Accounts are limited to 20 characters in length! And this is including the domain name! This severely limits your creativity when you are coming up with names. Excluded from this limitation are the SQL service accounts and the Setup user’s account. Still, it makes sense to be concise and exact when naming your accounts!
    2. Two types of service accounts are not supported by SharePoint 2013;
        • Active Directory Domain Services accounts that are a Managed Service account
        • Virtual Service accounts

      Introduced in Windows Server 2008R2 and Windows 7; neither is not supported in SharePoint 2013.

I am aware that the amount of accounts required can be broken up into security tiers so that you can decide for yourself what security option is best suited to your environment (see Vlad Catrinescu’s excellent post on that here). For the sake of being complete, the list below is exhaustive.

Here goes … leave a reply if you find something missing!


  • This is the Setup User Administrator Account
  • Used for:
    • SharePoint installation
    • Running the SharePoint Product Configuration Wizard (although I prefer autospinstaller or powershell)
    • Other Farm configurations
  • Is a Domain account
  • Needs to be Local Admin on APP and WFE servers


  • SharePoint Database Access Account (SharePoint Farm Service Account)
  • Used for:
    • Central Administration application pool identity
    • Microsoft SPF Workflow Timer Service account
  • Is a Domain account
  • During User Profile Synchronization application provisioning needs to be local admin and have Log On Locally rights on the Server that will be hosting the UPS application
    • After UPS application provisioning remove the local admin privilege but keep the Log On Locally rights
    • After giving this account local admin and Log On Locally rights permissions, it is important that you logout and log back into the server (or restart the server)


  • Web Application Pool Account
  • Used for:
    • Application pool identity for the main web application IIS website
  • Is a Domain account


  • SharePoint Web Services Application Pool Account
  • Used for:
    • Application pool identity for the SharePoint Web Services IIS website
  • Is a Domain account


  • Claims to Windows Token Service Account
  • Used as the identity for the Claims to Windows Token Service account
  • Create this dedicate account if you plan to use Excel, Visio, PerformancePoint, or Office Web Apps Excel services.
  • Is a Domain account
  • Needs to be Local Admin on SharePoint Servers that will be running any of the following services:
    • Excel Services
    • Visio Service
    • PerformancePoint Service
    • Office Web Apps Excel Service


  • Portal Super User
  • Used for:
    • Super user cache account
  • Is a Domain account
  • This account requires Full Control access to the web application.


  • Used for:
    • Super reader cache account
  • Is a Domain account
  • This account requires Full Read access to the web application.

SPExcel (optional)

  • Excel Service Unattended Service Account
  • Used for:
    • Connecting to external data sources that require a username and password that are based on OS other than Windows for authentication
  • Is a Domain account

SPVisio (optional)

  • Visio Graphics Service Unattended Service Account
  • Used for:
    • Connecting to external data sources that require a username and password that are based on OS other than Windows for authentication
  • Is a Domain account

SPPerfPoint (optional)

  • PerformancePoint Service Unattended Service Account
  • Used for:
    • Connecting to external data sources that require a username and password that are based on OS other than Windows for authentication
  • Is a Domain account

SPMySite (optional)

  • My Sites Application Pool Account
  • Used for:
    • My Site application pool
  • Is a Domain account
  • If you are hosting My Site site collection under the same web application as other site collections, then you don’t need this account. Create this account only if you are creating a dedicated web application of My Site site collection, in which case you set the web application app pool account to this account.


  • Synchronization Account
  • Used for:
    • Connecting to a directory service
    • User Profile Services to access AD
    • User Profile Services to run profile synchronization
  • Is a Domain account
  • This accounts requires Replicate Directory Changes in AD DS on the domain node
    • The Grant Replicate Directory Changes permission does not enable an account to create, change or delete AD DS object. It enables the account to read AD DS objects and to discover AD DS object that were changed in the domain.


  • Search Service Account
  • Used for:
    • Windows user credentials for the SharePoint Search service
  • Is a Domain account


  • Default Content Access Account
  • Used for:
    • For Search service application to crawl content.
  • Is a Domain account
  • This account must have read access to external or secure content sources that SharePoint will be crawling.
  • For SharePoint sites that are not part of the server farm, this account must explicitly be granted full read permissions to the web applications that host the sites

So much for the SharePoint accounts! There is one more I don’t want to withhold. On SQL server, you need to have the following account in place;


  • Default Content Access Account
  • Used as a service account for the following SQL server Services:
  • Is a Domain account
  • Local Administrator on the SQL server machine.


Optional SQL Server Accounts (for additional security) are a SQL_Agent and an SQL_Engine accouunt. Both should be domain account. THe former runs the SQL SERVER AGENT windows service and the latter runs the Database Engine windows service.

So there you have it! I believe this list is pretty complete! If it isn’t, let me know in the comments!