Manipulating Security Trimmers in MOSS

When working with search security trimmers, you will have to use stsadm tool to install the trimmer and to pair it an existing CrawlRule. Following examples show how to enlist existing security trimmers, how to register the new one and how to unregister the existing one respectively:

How to enlist installed security trimmers?

C:\>stsadm -o listregisteredsecuritytrimmers -ssp sharedservices2

        Id: 1
        TypeName: InsideMOSS.Samples.CustomTrimmer, CustomSecurityTrimmerDemo,
        Version=1.0.0.0, Culture=neutral, PublicKeyToken=4c04f619a71116ef
        ConfigProps:
        RulePath: file://europe/c$/temp/customtrimmershare/*

        Id: 0
        TypeName: InsideMOSS.Samples.CustomTrimmer, CustomSecurityTrimmerDemo,
        Version=1.0.0.0, Culture=neutral, PublicKeyToken=4c04f619a71116ef
        ConfigProps:
        RulePath: file://europe/c$/temp/customtrimmershare2/*

How to register installed security trimmers?

C:>stsadm -o registersecuritytrimmer -ssp sharedservices2 -id 0
-typename "InsideMOSS.Samples.CustomTrimmer, CustomSecurityTrimmerDemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ede0cf8eefc9ca50"
-rulePath "file://europe/c$/temp/customtrimmershare2/*"

Registered ISecurityTrimmer Implementation 'InsideMOSS.Samples.CustomTrimmer, Cu
stomSecurityTrimmerDemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ede0cf
8eefc9ca50' with Id '0' for CrawlRule with Path 'file://europe/c$/temp/customtri
mmershare2/*' and the following configuration properties:

How to unregister installed security trimmers?

C:>stsadm -o unregistersecuritytrimmer -id 1

When registering the new trimmer it is important to know that there has to be already registered rule with the same path. For example, while registering of new trimmer the rule path has to be specified like:

stsadm -o registersecuritytrimmer -ssp sharedservices2 -id 0
-typename "InsideMOSS.Samples.CustomTrimmer, CustomSecurityTrimmerDemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ede0cf8eefc9ca50"
-rulePath "file://europe/c$/temp/customtrimmershare2/*"

This means "register the trimmer CustomTrimmer imlemented in assembly CustomSecurityTrimmerDemo and associate it with the rule with path file://europe/c$/temp/customtrimmershare2/. On the other side, when the rule is registered in Shared Services Administration: SharedServices2 > Search Settings > Content Sources the path has to be specified, wich identifies the rule and which is used to collect search matches from Content Sources.

During development of security trimmers I have done lot of experimenting. It is a bit frustrating each time to go to SPS admin site to delete the rule and to create it over and over again and then to use stsadm to install the trimmer etc. To make my life more productive I implemented the extension for stsadm tool, which is able to:

1. Create the CralwRule and to install related security trimmer in one step,
2. Delete existing CrawlRule and related security trimmer,
3. To check whether some specific rule is assotiated with some security trimmer. This is an important option, because I noticed that installing of the trimmer by using of stsadm sometimes does not associate the trimmer properly with the rule. In such cases the trimmer will not be invoked and this could be and mostly IS an security issue.

The extension can be downloaded here and following examples show how to use the extension:

How to install it?

1. Download the ZIP file at the location specified above.

2. Extract files. There are two files: Daenet.StsAdmSearchSecurityExt.dll and stsadmcommands.daenetstsadmsearchsecurityext.xml

2. Deploy the assembly Daenet.StsAdmSearchSecurityExt.dll to the global assembly cache

3. Copy the stsadmcommands.daenetstsadmsearchsecurityext.xmlfile to
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\CONFIG.