SharePoint search rankings
WCM tip #10: Use XRANK to boost content with Managed Properties matching the search query
“nb” (meaning neutral boost) rather than “cb” (meaning constant boost).
With neutral boost, the ranking which I specifies is integrated with the SharePoint OOTB ranking rules (exact match, number of occurrences, popularity etc).
Understanding item ranking in SharePoint 2013 Search

SharePoint search rankings

SP.Web Users \ AllUsers | SiteCollection Users

Users is Site users and SiteUsers is Site collection users

Users – Gets the collection of user objects that are explicitly assigned permissions in the Web site.
SiteUsers – Gets the collection of all users that belong to the site collection.

Gets the collection of user objects that represents all users who are either members of the site or who have browsed to the site as authenticated members of a domain group in the site.
Yeah Jerry is right. here is the detail explanation:

SPWeb.Users will get all the users who are added explicitly at the following location:
Site Actions -> Site Settings -> People and Groups -> Site Permissions.

Note: This will not get the Site Collection Admins, Other group members.

2. SPWeb.SiteUsers will get all the users who are added to the site.
– This includes the Site Collection Admins, All the group users and the Site Permissions users.

SPWeb.Users : Gets the collection of users that are explicilty added.. These users are not parts of any group they are explicitly added..

SPWeb.SiteUsers: Gets the collection of users that belong to the site collection or a group

SPWeb.AllUsers: Gets the collection of All the users. Basically, AllUsers = SiteUsers + Users

SP.Web Users \ AllUsers | SiteCollection Users

Sorry, only tenant administrators can add or give access to this app

add App to SharePoint 2013: Sorry, only tenant administrators can add or give access to this  app

Navigate to C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\CONFIG. There you will see a bunch of AppPermissionProvider.*.xml files. Depending on your installation (Foundation, Server, PS) you will probably have different files. Open AppPermissionProvider.Search.xml and you will see the following settings:

<Alias Name=”Search” Value=”http://sharepoint/search” RequiredRight=”TenantAdmin” />

Replace TenantAdmin with SiteCollectionAdmin (Closest permission to TenantAdmin). I would also ensure the account used for deployment be a farm administrator to simulate the TenantAdmin permission. Save the files and bounce IIS. Repeat on each SP Server. Deploy your application and you should be able to use the tenant admin permissions again.

Search is not the only app permission that is mangled with this update. Just open all of the AppPermissionProvider.*.xml files and anything with the TenantAdmin permission is affected.


There is another workaround for this issue. If you navigate to Site Contents and select ‘Permissions’ from the App context menu it shows a page with a link that will allow the user to trust the app without being explicitly added to the local Administrators group. Additionally Microsoft support have mentioned this will be fixed in the SharePoint 2013 Feb 2014 CU.—sorry-only-tenant-administrators-can-add-or.aspx

Sorry, only tenant administrators can add or give access to this app

Service Principal Name


Kerberos authentication (Negotiate will fall back to NTLM if no SPN is present)


setspn -D ServiceClass / Host : Port AccountName

detect the duplicate SPN




Service Principal Name

SharePoint session cookies

By default, Sharepoint caches user session in persistent cookies. So when the browser restarts with a Sharepoint site, it automatically logs in the previously authenticated user. This presents an inconvenience in development scenarios where user authentication testing needs to be done by closing and reopening the browser in quick successions. For this, we can disable the persistent session cookie by running the following powershell command from Sharepoint server.
$serviceConfig = Get-SPSecurityTokenServiceConfig
$serviceConfig.UseSessionCookies = $true

SharePoint session cookies