Subsequent Alert Issue when Major and Minor versions are turned on

Consider the following scenario:

- We have a document library with the following settings:
o Name – Major and Minor Version – Alert Issue
o Permission – Unique Permissions. We have broken the permissions and the library no longer inherits the permissions from the top level site collection.

- We now add a user to the top level site with Read Permissions
- The same user is added to the document library with Read permissions
- For a better clarification, following is the versioning settings for the document library:



- Now the user with Read permission logs on to the site and subscribe for an Alert for the document library. The user gets the initial alert email about the alert being created for the Document Library.
- To distinguish, I have the site admin logged in to the document library and create a alert for him. The site admin now uploads a new document to the document library.
- We see that the user with Read only permissions does not get a subsequent alert, but the site admin does.

Conclusion:
If the user has Read permissions over a document library and if the document library has “Major and Minor” versioning turned on, then the user with the read permission will not get an alert.
This is a by-design issue.

Work-Arounds:
- Turn Off Major and Minor versioning and either keep Major versioning on or Minor versioning on, but not both.
- Give the user edit permission over the document library. This can be done either by assigning Contribute permission to the user or by editing the permission levels for the site.

Reason:
The user only has read permission and not edit permission over the library and its items. When a new item is inserted, the document is saved as draft and now published on the site. Thus, the document is not final. Thus, the user will not get an alert. But for the user who has edit permission, can approve the document and thus need to be notified about the document change so that the user can approve/reject the draft version.

Error: New Document Requires a Windows SharePoint Services-compatible application and Microsoft Internet Explorer 6.0 or greater

I started off with installing Microsoft Office SharePoint 2007 in my development environment. Just to be sure that I do have any bugs or issues, I installed MOSS and WSS SP1. When I started this blog, I created a category of “Office Integration”. On that basis, I tried creating a new site and in the document library uploaded a new Word 2007 document. I clicked on the document drop-down menu and tried to open the document in Microsoft Office Word application and got the following error message :

‘New Document’ requires a Windows SharePoint Services-compatible application and Microsoft Internet Explorer 6.0 or greater. To add a document to this document library, click on ‘Upload Document’ button


Error - WSS SharePoint Compatible 893698

Now I have checked the Office Version and the internet Explorer version and both were meeting the SharePoint requirements. IE was 6.0.1 and Office 2007 Enterprise Edition. I was a bit confused and did not know how to go ahead. Because, the basic Office applications were not integrated with SharePoint.

Here is what I did to resolve the issue:

1. Go to Add/Remove Programs and select Microsoft Office 2007 -> Click on the “Change” button



2. On the next screen select “Add or Remove Features” and click on the “Continue” button



3. On the next screen, select “Office tools” drop down. The problem here is that Windows SharePoint Services Support files are not installed with Office application. Thus, we need to select them Windows Sharepoint Services Support tools from the drop down and make sure that select “Run from My Computer” or “Run All from My Computer” options.





4. Allow the setup to complete



This should most probabaly do the trick. Even after doing the above things, you do not resolve the issue or if you are using another version of Office, I would request you to go to the following KB article and then resolve the issue as per the product version.

http://support.microsoft.com/kb/893698/en-us

Admin Jobs failing on the SharePoint Servers

Administration jobs means the timer jobs that are executed on regular basis on the SharePoint Server. They range from Alert processing, Synchronization, etc. To get the complete timer job list for the farm, browse to Central Administration -> Operations -> Timer jobs

If you see any failed job in the timer jobs status, the first thing that you might try is running the following command on all the servers :

stsadm -o execadmsvcjobs

The above command will try and execute the timer jobs that are stuck/scheduled for the specific time when you run that command. There are possibilities like the stsadm command is stuck and shows “Executing….” in the command prompt after you attempt to run the above command.

To run the above command successfully, follow the below troubleshooting steps :

Open Central Administration -> Operations -> Diagnostic Logging
Select “All” under the jobs and set the Error logging to Verbose.
Try to execute the execadmsvcjobs command.

Open the log file under “C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Logs” . This is the default log directory. It might be possible that the logs directory is changed by the administrator who has set up SharePoint. We can check the logs settings from Central Administration -> Operations -> Diagnostic logging.

Open the file in MS Excel -> Apply filters for the columns -> Under the Levels column, select “high” and “verbose”. Under the category column, select “Timer” and “Unified Logging Service”

Check for any errors that you get there.
Based upon errors, we need to further troubleshoot the issue.

The possible errors that you might get are :

1. The previous instance of the timer job ‘Application Server Administration Service Timer Job’, id ‘{12403D5C-D18B-4D06-9E2F-C2855E30385C}’ for service ‘{83A518CA-9139-4A50-999B-6C35E4D42A34}’ is still running, so the current instance will be skipped. Consider increasing the interval between jobs.

2. Error during Encrypting Decrypting.

If you get the above two errors, they probably are related. This issue normally occurs where you have multiple server farm configuration. The first error says that there is an admin jobs that is not getting executed. As the job is stuck, we need to remove that job from the config so that other jobs can be executed. Run the following two commands to check if it is a ssp timer jobs or a admin timer job that is listed :

stsadm -o deletessptimerjob -id “12403D5C-D18B-4D06-9E2F-C2855E30385C”

If the above command says that there is no ssp timer jobs listed with the above ID, run the following command to delete the object with that id :

stsadm -o deleteconfigurationobject -id “12403D5C-D18B-4D06-9E2F-C2855E30385C”

This will remove the timer job that was stuck. Now try and execute stsadm -o execadmsvcjobs on the other servers and you might get the second error that I have listed above. The Encryption/Decryption error states that for some reason, the password used by the timer service on that server is not valid.

Open Services.msc on the server where you are getting the error and re-enter the log on credentials for the “Windows SharePoint Services Timer”. Run the following command to update the username and password for the timer service account :

stsadm -o updatefarmcredentials -userlogin “domain\username” -password “xxxxxxx” -local

NOTE: For the complete list for updating the farm credentials follow this kb :http://support.microsoft.com/kb/934838/en-us

Run the stsadm -o execadmsvcjobs on the server where you were getting the errors and this time it will run succesfully. If you face any further problems, or other error messages, please leave a comment and I should get back to you soon.

Maximum File Size for Crawling

By default, Search Services can crawl and filter a file with a size of up to 16 megabytes (MB). It will always crawl the first 16MB of a file. After this limit is reached, SharePoint Portal Server enters a warning in the gatherer log "The file reached the maximum download limit. Check that the full text of the document can be meaningfully crawled."

To increase the limit of 16 MB, you must add in the registry new entry MaxDownloadSize. To do this, follow these steps:

1. Start Registry Editor (Regedit.exe).

2. Locate the following key in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\12.0\Search\Global\Gathering Manager

3. Open Edit - New - DWORD Value. Name it MaxDownloadSize.

4. Double-click, change the value to Decimal, and type the maximum size (in MB) for files that the gatherer downloads.

5. Restart the server.

6. Start Full Crawl.

NOTE: Increasing the file size may cause a timeout exception because the crawler can timeout if the file takes too long to crawl/index (because of its size). To increase timeout value, follow these steps:

1. In Central Administration, on the Application Management tab, in the Search section, click Manage search service.

2. On the Manage Search Service page, in the Farm-Level Search Settings section, click Farm-level search settings.

3. In the Timeout Settings section change Connection and Request acknowledgement time.

SQL databases used in SharePoint

There are quite a number of databases generated during a Sharepoint install and depending on the "Farm" configuration there might be more or less. A lot of SQL DBA's get quite annoyed when all these databases suddenly appear in their system and they have no idea what each database does or why it is there.

I have therefore decided to explain what databases get created during a MOSS install and what the purpose is behind each. A WSS install generates less databases and therefore I decided to focus on a MOSS install as this generates the most.

Lets start by taking a look at a screen shots of the databases generated and then I will explain the purpose of each.

• Config Database for the Farm - Sharepoint_Config - stores configuration information about the servers deployed in the farm , their individual configurations settings and some security information. Without this database there is no Sharepoint.

• Content database for the Admin Console - Sharepoint_AdminContent_GUID - sharepoint uses its own technology to render the web based admin console for Sharepoint. Therefore it needs it's own content database to stored the configuration settings for the web parts used. The actual data configured using this console is stored in the config database for the farm. The name for this database is system generated and cannot be controlled during the installation process and therefore it ends with a GUID.

• Config database for the SSP (Shared Service Providers) - BPS_SharedServices_DB - during the configuration process a SPP is defined to configure all the Shared Services used by Sharepoint. All the Configuration settings for these services are stored in this database. The name of the database can be controlled during the creation process and should be descriptive of the purpose.

• Content database for the SSP Console - BPS_SSP_Content - just like the admin console the SSP also needs a web site to allow you to configure the shared services and these also use web parts and lists. Therefore the SSP also needs its own content database to store these settings.

• SSP Search database - BPS_SharedServices_Search_DB - this database is used by the Enterprise search service to store metadata about the information crawled including security information. This is typically used for information stored external from Sharepoint.

• WSS search database - WSS_Search_sps-dc1 - this database is used by the WSS core components to store metadata about content stored inside the Sharepoint web application content databases. This is created during the installation process.

• Web Application Content - Office_Content - this is the content database for the first user based web site in Sharepoint. Before the users can actually use Sharepoint a "Web Application", Site Collection and Site must be built. This database stores all the information generated within this web application.

• Additional content databases - Office_Content_2 - new content databases can be created to host additional "Site Collections" and "Web Applications" and there could be hundreds of these.

The other databases that are left over in the snapshot is used by other applications that do not have a direct influence on Sharepoint, but can be used in conjunction with the product.

• SQL Server system databases and sample databases
• Project Server 2007 databases
• Live Communication Server 2005 databases.
• Reporting Services databases.

How to create a ‘Slipstream’ installation for MOSS with SP1 on Windows Server 2008

In order to install MOSS 2007 on Windows Server 2008 you will need to install 'MOSS with Service Pack 1' (this includes WSS with Service Pack 1). This is known as a slipstream installation and it contains the original image for MOSS/WSS RTM and the MOSS/WSS SP1 files. The problem is that this 'all in one' slipstream for MOSS is not available for download just yet, so you have to create your own slipstream image. Fortunately, this is very easy to do, just follow these steps:

1- Download MOSS and WSS Service Pack 1 files
You can download the MOSS and WSS SP1 files from here. You will need both service packs for a MOSS installation:
WSS SP1: http://www.microsoft.com/downloads/details.aspx?FamilyID=4191a531-a2e9-45e4-b71e-5b0b17108bd2&DisplayLang=en
MOSS SP1: http://www.microsoft.com/downloads/details.aspx?FamilyID=ad59175c-ad6a-4027-8c2f-db25322f791b&DisplayLang=en
Once downloaded you will have two executable files: Wssv3sp1-kb936988-x86-fullfile-en-us.exe and Officeserver2007sp1-kb936984-x86-fullfile-en-us.exe

2 - Extract the exe's
You now need to extract the exe's, to do this enter this command (this assumes you've downloaded the exe's to your c:\, change if not)
C:\Wssv3sp1-kb936988-x86-fullfile-en-us.exe /extract:c:\wsssp1extract
C:\Officeserver2007sp1-kb936984-x86-fullfile-en-us.exe /extract:c:\mosssp1extract

3 - Add the extracted files to your RTM MOSS installation
Once you've extracted the service pack exe's you need to copy the extracted contents to the /Updates folder on the MOSS CD. The easiest way to do this is take a copy of your MOSS RTM CD (or extract your ISO image) onto your file system and simply copy the contents of both c:\wsssp1extract and c:\mosssp1extract into the \Updates folder (both the WSS and MOSS service pack files go into the same folder, do not use sub-folders)..

You're done; you will now be able to install MOSS as usual on your Windows Server 2008 machine.

How to Rename a SharePoint 2003 Sub Site Using SMIGRATE

There is no option to right-click and rename a site but the SMIGRATE utility makes the process quite painless.

There are a number of ways to do this, but if we want performing a full rename (making the site identical – same name, same content, etc) we will need to use the SMIGRATE tool.

Steps:

On our front end web server, open a command prompt.
Type cd %systemdrive%\program files\common files\microsoft shared\web server extensions\60\bin
Perform the backup by typing Smigrate –w http://server/sites/site1 -f d:\migrationfolder\Backup.fwp –u vcn\it-got-spdbadmin –pw !m00nb00ts
To remove the original site type stsadm –o deletesite –url http://server/sites/site1
Now we are ready to restore to our new site name, type the following in the command prompt Smigrate –r –w http://server/sites/site2 -f d:\migrationfolder\Backup.fwp –u contoso\Administrator –pw P@ssw0rd1

We have now successfully restored the original site into a new site collection, with a new name

How Rename a SharePoint 2007 Site with STSADM

Unfortunately, there is no option to right-click and rename a site but the STSADM utility makes the process quite painless.

There are a number of ways to do this, but if we want performing a full rename (making the site identical – same name, same content, etc) we will need to use the STSADM tool.

Steps:

On our front end web server, open a command prompt.
Type cd %systemdrive%\program files\common files\microsoft shared\web server extensions\60\bin
Perform the backup by typing stsadm –o backup –url http://server/sites/site1 -overwrite -filename %systemdrive%\backup.dat
If we are planning on restoring the site to the same virtual server (the same content database) we will now need to delete the original site. We need to do this due to the following:


About GUIDs and Restoring Site Collections If we attempt to restore a backup of a site collection more than once to the same content database, we may get the following error message: “No content databases are available for restoring this site collection. Create a new content database and then try the restore operation again.” This is because the globally-unique identifiers (GUID) for lists are preserved in the backup file and reused during restore, but the content database requires list GUIDs to be unique. Therefore, we cannot restore a site collection twice to the same content database, and must instead use a different content database.



Now that we have that sorted out, we can perform this optional step (we would generally want to do this)
To remove the original site type stsadm –o deletesite –url http://server/sites/site1
Now we are ready to restore to our new site name, type the following in the command prompt
stsadm –o restore –url http://server/sites/site2 -filename %systemdrive%\backup.dat
We have now successfully restored the original site into a new site collection, with a new name.

SharePoint 2007: Default.aspx displayed "HTTP 500 Internal Error"

The 500 - Internal Server Error resolve by re-inheriting the permission levels on the broken site after you have broken them. So to reiterate the full steps for resolving both the permissions and 500 - Internal Server Error, are as follows:


Step 1: From your broken sub-site, go to the '/_layouts/role.aspx' page,

Step 2: Select 'Edit Permission Levels'

Step 3: Then from the same page, click the 'Inherit Permission Levels' button.



Close the Internet Explorer and again open the site. Now your site will be working fine.


Example:

http://site/sub-site/broken-site. I inherited permission levels at http://site/sub-site. Now any site under 'sub-site' I get the 500 - Internal Server Error without going directly to the 'default.aspx' and the sites Permission Inheritance on the broken sites can no longer be broken from the parent. You simply get a 'Cannot Complete this Action' Error.

On the broken sub-site, you must first break the 'permission level' inheritance. To do so, you have to know the URL. So for our example broken sub-site, we would have to go to http://site/sub-site/broken-site/_layouts/role.aspx then select 'Edit Permission Levels'. Then from the same page, click the 'Inherit Permission Levels' button.


Close the Internet Explorer and again open the site. Everything will be working fine.

Your site should no longer display the 500 - Internal Server Error nor should you no longer be able to edit permissions.

Recommendations for SharePoint Application Pool Settings

Talking to a buddy on Friday, the post he said he actually read was one I must have posted on 2003. I guess he's not necessarily a frequent reader, but it made me realize it's a topic I haven't touched in a very long time. Shane was also asking me about this. There are some good descriptions of the settings (MSDN IIS Settings Reference), but what I'll give you here is my thoughts on the settings with recommendations. I do recommend reading about the IIS 6 features which list out very well the enhancements and control for your application pools there's some really good info. Let me first talk about 3 app pools for which I have very specific guidance. Then get into the real guidance for the content web application app pool settings. If I don't mention a setting it's because I expect it to be off or set to default. Let me know if I leave anything out or if you have additional guidance.
IIS 6/SharePoint 101
Web Site = IIS Virtual Server = SharePoint Web Application
Web Applications have Application Pools... You can manage your web apps in IIS manager.
Application Pools have Worker processes... You'll see a section in your IIS manager for managing your app pools.
Worker Processes are processes that consume memory and CPU... You'll see them as w3wp.exe (Don't get confused here. By default there is a 1:1 for Application pool to worker processes.
Default Application pool
Just leave it alone, don't use it, and occasionally make sure nothing is using it. Do NOT delete it. Why... Cause IIS doesn't like it when it doesn't exist. You'll find IIS gets mad if this gets deleted. Even if you plan to never use it, just leave it alone. Don't even rename it. You can put something funny in the description field to remind you, but as was the unspoken best practice in the IIS 4 and IIS 5 days with the default web site. Only newbies use it, the more experienced web admins create new web apps and stop or deleted it. Now I'm saying though you may want to delete it. Don't.
If you're sure nothing is using this app pool, there is one setting you can enable to have it shut down if for some reason it ever spins up.
Performance Application Pool Settings
Shudown the application pool after it's been idle for 10 minutes. The first check box is the key to these app pools.
Health Application Pool Settings
Pinging. Turn it off if it's on since this app pool doesn't really need to run except for a short period of time during administration.
Rapid failure. Make sure it's not enabled at all.
Central Admin App Pool, SSP Admin App Pool
Recycling Application Pool Settings
Once per night around 2-4 A.M is typical, but even that shouldn't be necessary if it is getting shut down when not in use (see peformance). Recycling every 120 minutes is not a good idea and is completely unnecessary.
Max Physical and Virtual memory: These app pools typically don't take much memory, and my point with these is to simply let them run when they need to. If you wanted to limit the memory, I'd limit it to 500MB on a typical system. If you need to conserve, you could limit these guys to 200MB. They seriously shouldn't need much memory.
Performance Application Pool Settings
Shudown the application pool after it's been idle for 10 minutes. The first check box is the key to these app pools. You really don't need for these app pools to be running all the time since they are really only used for administration. If you find them cold and slow you could use a warm up script, but on most systems for administration you shouldn't really care since it's only you and your ops folks using it. If you're feeling technical you could shut down this app pool worker process when you're done with it to reclaim memory, but if it's set to shut down when idle as suggested, it's a no brainer to just let it do it's thing.
Don't worry about the CPU. If you do care you can limit it to 5%, but really you're just changing your admin settings... getting in and getting out. Likely if this is a big operations environment you're going to be doing this during a maintenance window anyway.
Web Gardens. Don't even think about using them here. You don't even want the one worker process running very long.
If you're really trying to preserve memory you could really share the central and SSP admin app pools, meaning you go in and configure the SSP to use the Central admin app pool, but only if the SSP & Central administration is done by a common team. For security reasons if you have 2 different groups managing the different interfaces you wouldn't want to do this. Since I'm not listing the steps here, if you don't know how to do this, don't worry about it. Just keep them both shut off when you're not using them and it won't matter.
Health Application Pool Settings
Pinging. Turn it off if it's on.
Rapid failure - uncheck it. Any web applications using this app pool could fail if this gets disabled.
Startup/Shutdown. You don't want these app pools creating unnecessary errors when they start up a bit slow. So I'd recommend increasing the limits for startup and shutdown to 300 each.
Identity Application Pool Settings
This is where your domain account would be for a farm environment. A unique account for these app pools is recommended. You don't need to manage the accounts here since you can either manage it via STSADM or the web UI. If the central admin one goes bad, this might be the first place you'd look if you can't get into anything. Do refer to the KB on resetting your password. In SPS 2003 you would have spent some time on this tab if you ever had to reset your passwords or domain accounts. They've made it easier if you know the commands.
SharePoint App Pool or %Your Content App Pool% (Whatever you call it)
Recycling Application Pool Settings
Worker process in minutes (off) - keep it off
Worker process recycle at a specific time. Once per night around 2-4 A.M is suggested. Recycling every 120 minutes is not a good idea and will cause problems if it happens that often. I do recommend the nightly app pool recycle. If you don't like the time of night you can change it, but I do recommend keeping it different than all other app pool times. So 1:05 is ok on one and 1:25 on another for example. If you turn it off, you're really not taking advantage of reclaiming memory. It's way too common to see people not clean up their objects properly closing, deleting just doesn't happen like it should and many expect .NET to clean up for them. Sad. The nightly recycle is handy to get you back your RAM. I don't recommend doing it more often than once a night. I have heard of 2 like once right at the end of the day and one at the beginning of the day. You know, after the backups, profile imports, crawls, and whatever else went on during the night. I think recycles during the user load (during the day or whenever load is near it's peak) is not recommend is a bit clunky. It is possible to push a warm up to pre cache your most common pages right after a cycle, but not necessary in most environments.
Max Physical and Virtual memory: This setting is a lot of control here. This section is for recycling application pools which consume too much memory. Focusing on physical I typically like to limit app pools around 800MB to 1200 MB max on a 32 bit app with very few app pools depending on the number and amount of memory. On a server with 2 GB RAM I'd set it at around 800MB max. On a 4GB of RAM server around 1GB and more if more with a max around 1200. On a 64 bit web front end with 8-16 GB memory I've heard of settings of 2GB of RAM or even allowing it to let it ride, rather than limiting it. You really need to profile it since these can really grow to process and cache. The greater the amount of memory and the greater the load the higher the worker process will grow. When people ask about configuring the app pool, this is where they are usually asking what the numbers should be. What you are doing here is explicitly limiting the app pool from consuming more memory. Notice this setting is on the recycle tab, there's a reason for that. When an app pool reaches the max it isn't like the max processor setting. It will cycle the worker process which is like a tiny reboot or similar to an iisreset, but not since sometimes we want this to happen so we can release our memory. You really don't want to cycle more than a couple of times per 24 hour period in an ideal world. I've heard of some trying to cycle right before the morning peak occurs so they have the most amount of memory available, then a cycle right at the end of the day before the backups or crawling begins.
Performance Application Pool Settings
Idle timeout - off (unchecked) - Don't shut it down unless you have some web apps that aren't used very often. It will help you reclaim memory if that's the condition. If you have one main web app for example, just leave it off or uncheck it.
Request queue - unchecked
CPU limits - unchecked. You want to allow these main worker processes for the app pool to use the CPU.
Web Gardens. Ok. So this is controversial, more so than the recycling even. It was tough explaining to some that IIS recycles are a feature not a cop out. Web Gardens now feel a bit like that same conversation. Let me start with nearly all environments should NOT need them ever. Even some product and support people would prefer not to see people use these.
From MSDN:
"Because Web gardens enable the use of multiple processes, each process will have its own copy of application state, in-process session state, caches, and static data. Web gardens should not be used for all applications, especially if they need to maintain state. Be sure to benchmark the performance of the application before deciding whether Web garden mode is appropriate.
When using a Web garden, it is important to understand how session state and round robin works. It is also important to consider of how other application pool settings affect the application."
My experience has been that with another worker process I can get more performance out of a single web application. Troubleshooting is more difficult, and process isolation is difficult. Developers don't like em either. So before I say never use em. I say, go with the recommendation listed above. A web garden should always be compared against a baseline. Some may find a web garden gives them better performance. Since this is so controversial, I say, if you are doing your performance tests and trying to squeeze out more perf, start with one, then retest with 2. If you don't see much of an improvement, don't use it. If you find more than 15-20% out of a second worker process then you might find it worth it. It is easy enough to take it back to one. The more CPUs the more likely you will get something here. Feel free to share your comments in the comments section on this one. Man some people are really passionate one way or another about these.
Health Application Pool Settings
Pinging. Keep this enabled. You could ping it every 10-15 minutes this will keep it running and keep it alive if you want it to monitor the app pool to check it to start it if it is found stopped. You don't want to mix the monitor pinging and the stop when idle. If you want it to run turn off stop when idle, and visa versa if you want it to stop, don't ping monitor it.
Rapid failure - uncheck it unless there is only one web application using this app pool and all content is on this app pool. (Joel's recommendation) I'm not a fan of this one. It should help when you're doing isolation to shut down poorly performing or worker process cycling, but doesn't help when you have one main web application with one app pool. You decide if you want to go against this. I'm really not a fan of this setting for SharePoint Applications or in any hosting situation. I've been burned by these default settings. I hate finding a server that's shut down because of some silly startup failure of one worker process that causes everything to go down. I'd rather have a chance to troubleshoot with a warning than finding it all down and finding out that it was this setting that shut everything down.
Startup/Shutdown. You don't want these app pools creating unnecessary errors when they start up a bit slow. So I'd recommend increasing the limits for startup and shutdown to 300-900 each. You should never get close to this. That's a good thing. The more web apps you have, the longer it will take. If you want it to shut down for starting up slow you can reduce these settings. This doesn't dictate how long it will take.
Identity Application Pool Settings
This is where your domain account would be for a farm environment. A unique account for these app pools is recommended. You don't need to manage the accounts here since you can either manage it via STSADM or the web UI. If the central admin one goes bad, this might be the first place you'd look if you can't get into anything. Do refer to the KB on resetting your password. In SPS 2003 you would have spent some time on this tab if you ever had to reset your passwords or domain accounts. They've made it easier if you know the commands. If you ever are on this tab, its to verify that it's not using a local account.
What if I have a bad app pool or web app?
If you have an web application you're trying to isolate, put it in its own app pool, then limit the CPU, limit the memory and cycle often (like every 120 min) and shut it down (using the settings above) when it's not in use. What this will do is limit the exposure of the memory from the other web applications. There are graceful ways of cycling a specific worker process. You can use these same methods for determining for troubleshooting which worker process that's taking up tons of RAM or cycling often what needs to be reconfigured or split out and isolated. Let the developer know his app is in the isolation box and he needs to clean it up before you give it more memory and stop cycling it so much. :)
Can I consolidate Web Application app pools?
Yes you can. If you have a lot of web apps you can use common app pools. You'll be smarter about the memory you consume. If you think one is taking up too much RAM consolidate the good ones and isolate the bad one like I suggest for bad ones.

Web Gardens:

My experience has been that with another worker process I can get more performance out of a single web application.

"This will never be the case, especially in a .NET environment, which SharePoint lives in. The problem here is two fold. 1) Memory and 2) context switching due to inter-process communication of the worker processes. 1) You use more memory with web gardens and it’s especially hurtful in a .NET world because you will load the entire framework in *each* worker process, so you will immediately lose at least 100MB for eash additional worker process you spin up as part of the web garden. 2) Since you have multiple worker processes for a single application pool, you now have extra inter-process communication that must take place and also numerous more context switches that must occur. Both of these, while increasing concurrency, ultimately decreases overall performance as well as requests/sec. the box can fulfill.

The *only* case I have ever run across in which using web gardens was desirable was when the customer’s w3wp.exe’s were consistently reaching the x86 2GB process limit size and would crash. In this case, we turned on web gardens, set the number of flowers (aka worker processes) to 3, which then split the memory load among the three, thus solving the upper limit 2GB process size crash we were experiencing."