none
Can anyone tell me why: "As a best practice, do not make any changes to the default Project Server templates." RRS feed

  • Question

  • I have found this guidance from Gary & Dale, and from Microsoft, but nobody says why changing or deleting Project Server Templates is against Best Practices.  I have searched and searched.  Even in the SDK, I didn't see anything.

    Basically, I am starting to mess around with deploying Project Servers in very large organizations, so my understanding of the MOPS Security Structure is taking me in really interesting directions.  How about the fun little best practice of Not Turning off "Manage Site Services"...  Don't do it...  See, I warned you, and now you have to run a SQL script against the Pub DB... D'Oh

    Anyway, If anyone has already learned this lesson, I would love to know what will happen if I chose the gift behind door number 2 (changing Security Template permissions) or door number 3 (deleting Security Templates).

    Cheers,

    T

    Thursday, August 8, 2013 8:45 PM

Answers

  • Paul,

    Truly appreciate your answer and taking the time to respond.  I just find it hard to swallow that as the answer, since I have seen most Administrators take the time to set their permissions just right, and then use the Security Template to mess them up...  (Present company included...  I foolishly assumed that the Security Template would use the settings from the Group & Category associated even when changes were made.)

    Yet, isn't a catastrophic loss of access just the sort of thing that TechNet is for?  To help you  get your settings back in place?  I can't think of a single instance where security could send a farm into such disarray that it would be labeled a best practice to not make changes to a very commonly used setting...

    Yet, if that is the only answer, I will live with it and teach others the way!

    Thanks again Paul,


    T

    • Marked as answer by trpy2k Friday, August 9, 2013 12:13 AM
    Thursday, August 8, 2013 9:49 PM
  • trpy2k --

    I am the Dale to which you refer in your original post.  Yes, Gary and I have made that recommendation for years, and PW Mather has correctly told you the reason.  Security templates are your backup for restoring default permissions to a default or custom Group, just in case you as the Project Server administrator totally mess up the Group when trying to customize it.

    And no, this forum is not the way to get permissions back to normal if you mess them up.  I doubt that any of us have the time to write the detailed kind of answer you would need to get the permissions back to their defaults.  In fact, if you asked the users in this forum how to get the permissions for a security Group back to their default settings, most of us would tell you to use one of the security templates to reset the permissions!  :)

    Hope this helps.


    Dale A. Howard [MVP]

    • Marked as answer by trpy2k Friday, August 9, 2013 12:13 AM
    Thursday, August 8, 2013 11:26 PM
    Moderator

All replies

  • The only reason is so you can easily revert back to a known working out of the box permission model should you get in a mess! Paul

    Paul Mather | Twitter | http://pwmather.wordpress.com | CPS

    Thursday, August 8, 2013 9:32 PM
    Moderator
  • Paul,

    Truly appreciate your answer and taking the time to respond.  I just find it hard to swallow that as the answer, since I have seen most Administrators take the time to set their permissions just right, and then use the Security Template to mess them up...  (Present company included...  I foolishly assumed that the Security Template would use the settings from the Group & Category associated even when changes were made.)

    Yet, isn't a catastrophic loss of access just the sort of thing that TechNet is for?  To help you  get your settings back in place?  I can't think of a single instance where security could send a farm into such disarray that it would be labeled a best practice to not make changes to a very commonly used setting...

    Yet, if that is the only answer, I will live with it and teach others the way!

    Thanks again Paul,


    T

    • Marked as answer by trpy2k Friday, August 9, 2013 12:13 AM
    Thursday, August 8, 2013 9:49 PM
  • trpy2k --

    I am the Dale to which you refer in your original post.  Yes, Gary and I have made that recommendation for years, and PW Mather has correctly told you the reason.  Security templates are your backup for restoring default permissions to a default or custom Group, just in case you as the Project Server administrator totally mess up the Group when trying to customize it.

    And no, this forum is not the way to get permissions back to normal if you mess them up.  I doubt that any of us have the time to write the detailed kind of answer you would need to get the permissions back to their defaults.  In fact, if you asked the users in this forum how to get the permissions for a security Group back to their default settings, most of us would tell you to use one of the security templates to reset the permissions!  :)

    Hope this helps.


    Dale A. Howard [MVP]

    • Marked as answer by trpy2k Friday, August 9, 2013 12:13 AM
    Thursday, August 8, 2013 11:26 PM
    Moderator
  • Dale,

    Thank you as well for responding.  I have been an avid purchaser of your books since the 2003 versions (Edit: since 2007), and have passed on that recommendation to many more.  You probably hear this a lot, but those books are single handedly the best resource for the lineup of MS Project products, and I wouldn't be where I am today without them!  In fact, I recently passed the 70-177 just from the knowledge I have obtained from them over the years.

    Now, as to Security Templates, I think that I misspoke about TechNet forums being the solution to the problem.  I have many times found and used those OOTB settings via TechNet search, not so much the forums. 

    I will post the link to the TechNet article in case someone was in need:  http://technet.microsoft.com/en-us/library/gg663916(v=office.14).aspx  Appendix A or B gives those OOTB Settings.

    So, I guess my question was answered, but I really didn't want it to be the case.  My thought (as a user) would be to have the Security Template act as a speedy way to set Groups & Categories based on the Client's needs instead of what is OOTB, and configure the Daily Backup Schedule to allow for "Groups & Categories" to be stored in the Archive.  Save the backup once before configurations change, and again after the configuration.  That way, you can quickly restore with your previous setting (given you turned off the automated backup after baseline). 

    Just a point in case any of the developers were looking at this post.

    Cheers,

    T


    • Edited by trpy2k Friday, August 9, 2013 12:24 PM
    Friday, August 9, 2013 12:13 AM