SharePoint People Picker gives you and your clients away

Separated SharePoint site collections aren’t secure enough – People Picker gives you and your clients away. Now let’s change all that. Scenario: You and your clients are using the extranet site, with separated site collections for security reasons, isolating the People and groups only to the people inside the collection, and not the whole application. This is good, but not good enough. Creative minds and people with SharePoint insight could use the out-of-the-box People Picker inside a SharePoint site, to actually browse your whole Active Directory (depending on how much the SharePoint profile system scrapes when synchronizing information). That is why the People Picker would give you, your clients or your projects away, if someone stumbles upon some secrecy-giveaway-named user accounts, only intentioned for internal use. Now if you are working on a project, with a non-disclosure agreement, you better make sure that this isn’t possible, because the default settings in SharePoint aren’t the secure approach, or you could get into a heap of trouble. Now to the fix: It’s actually quite simple. The SharePoint stsadm tool, allows for changes inside the configuration database, that isn’t possible from the normal web administration interface. The property we will be looking into is the “peoplepicker-onlysearchwithinsitecollection”. You can check your current property flag by typing this in a command prompt: (-o for Operation, -pn for PropertyName and –pv for PropertyValue) stsadm -o getproperty -pn peoplepicker-onlysearchwithinsitecollection -url http://external.mycompany.com/mysecretproject The default feedback would be: Property Exist="Yes" Value="no" To change this, we execute the following command: stsadm -o setproperty –url http://external.mycompany.com/mysecretproject –pn peoplepicker-onlysearchwithinsitecollection –pv no If successful, run the getproperty operation again, and you should now see that the value has changed to “yes”, and by browsing the site, the People Picker, should only look into the people and groups within the Site Collection. If you are running extranet- or site collections like this, you should change this globally by not defining an URL in the operation, like this: stsadm -o setproperty –pn peoplepicker-onlysearchwithinsitecollection –pv no You have now fixed, what should have been default from the beginning.

New e-commerce and integration blog has been born

A new blog has been established, were colleges of mine at Vertica A/S will be posting a lot of interesting stuff about the technical aspects of e-commerce, integration and portals. You should check it out and might even subscribe to their RSS-feed.

Check it their thoughts on e-commerce and integration here


Oh – and by the way, since most of my colleges are Danes, the blog is in Danish



Restoring content database to a new SharePoint installation with a new SQL instance

As the SharePoint configuration-go-to-guy at Vertica (the company where I work) had a customer today who experienced some trouble with SharePoint Services 3.0 after they ballooned their SQL volume, to achieve more space.

I’m not sure how it happened, but for some reason the embedded SQL broke during this transition and along the way, their systems administrator somehow managed to delete the VirtualDirectories for all the SharePoint sites located in the C:\Inetpub\wwwroot\wss-folder.

Yaiks!...

Well, since the customer earlier had a request to move from the embedded SQL to a somewhat real SQL version (though still the Express-version), I started deploying SQL 2008 R2 Express to their server.

I pulled the database files from their backup, and attached them to my new SQL 2008 R2 database instance, but prefixed both the files and databasenames with “old_”.

Afterwards since the SharePoint installation was smashed up, I decided redo the setup progress, and ordering SharePoint to use the new database instance:

Source:
http://technet.microsoft.com/en-us/library/cc263093(office.12).aspx

psconfig.exe –cmd –create –server  “sharepoint-srv” –database “sharepoint30” –admincontentdatabase “SharePoint_AdminContent”

Followed by a the “SharePoint Products and Technologies Configuration Wizard”, which sets up the necessary IIS sites, which I had deleted earlier, since they broke when the underlying files was deleted.

Next up, entered the SharePoint Administration site and created a new Application, but didn’t create a Site Collection, since I just needed to attach the content database from the backup.

Selected the “Content databases” in Application Management, selected the Web application, and clicked the “Add a content database”.
Typed in the server and name for my attached backup content database, in this case “WSS_Content_portal”. Finished off by clicking OK.

Visited the site from my browser, and the site was back in its glory. Yeay!

 

 

Bonus tip: 
Uninstalling the SQL Embedded instance, isn't as easy as Add/Remove programs, but following this tip, makes it possible:
Credit to: http://jemm.wordpress.com/2007/08/06/how-to-uninstall-sql-server-2005-embedded-edition/

To uninstall SSEE:
Start Registry Editor, and then locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

In the left pane, click each GUID.
For each GUID that you click, look for a display name in the right pane that matches
“Microsoft SQL 2005 Embedded Edition…”.

When you see a display name that matches the name,
copy the value of the Key named “UninstallString”

Open a Command-Window (Start->run->cmd)
Paste the Copied string.

Append “CALLERID=OCSETUP.EXE"

Example: “MsiExec.exe /X{BDD79957-5801-4A2D-B09E-852E7FA64D01} CALLERID=OCSETUP.EXE”


Tiered of people bugging you


Tiered of people bugging you, for the simplest questions they could figure out in seconds using google.com ?
This is the solution to stop that.

So for answering the person bugging you, you just pass out the following URL like the following, just replace with his or her question instead.

Here is an example:
http://lmgtfy.com/?q=Peter+Loft+Jensen+blog

Or the company (Vertica) where I work:

http://lmgtfy.com/?q=vertica+commerce+integration+sharepoint

Setting up you own Let Me Google That For You (LMGTFY) go visit www.lmgtfy.com

It's genius.


Sharepoint Discussion Board, not triggering workflow on new items added via e-mail

If you have a Discussion Board in SharePoint 2007, and have successfully deployed a workflow which triggers when new items is added or created in the list, and decides to switch on "E-mail enabled list", you normally (unfortunate) see that the workflow isn't firing.

To make this work, you have to apply what must be somewhat of a long operationcommand via stsadm-tool:

"stsadm -o setproperty -pn declarativeworkflowautostartonemailenabled -pv true"

Note that I've only tested this on WSS 3.0 with SP2 installed, and didn't need to install the kb953749 fix.

If you have WSS 3.0 or WSS 3.0 SP1 you might need to install this fixes before the above command works.

Battle plan:
   Install Windows SharePoint Services 3.0 Infrastructure Update:
   http://support.microsoft.com/kb/953749/

   Run the very-long-command as described above and in this Microsoft Knowledge Base article:
   http://support.microsoft.com/kb/953289/


Happy e-mail-enabled-discussion-board-workflow'ing, and my you have a lovely summer =)


Windows 7 RC and Windows Server 2008 R2 RC

While everyone is falling on their bum now that Windows  7 has been released in a Release Candidate version, it's worth mentioning that the Client and Server editions for now goes hand in hand, meaning that the Windows Server R2 Release Candidate is also available for MSDN and TechNet subscribers.

Windows 7 will be available for public May 5.

For those of you who fancy servers above clients, here is a kick on to what the Windows Server 2008 R2 will bring.

Interview with Wald Ralston:
http://edge.technet.com/Media/Windows-Server-2008-R2-RC-Interview/

More resources about Windows 2008 R2 here:
http://edge.technet.com/Media/Announcing-Windows-Server-2008-R2-Release-Candidate-RC/

Some of the notable key elements in the R2 edition:
- Hyper-V 2.0
- PowerShell 2.0
- Branch Office
- Power Management

 


Microsoft Hyper-V Server 2008 R2

Next version of Microsoft Hyper-V Server 2008 is "surprisingly" enough called R2, just like it's big brother Windows Server 2008 R2

One of the major news it that the smaller and simpler standalone Hyper-V Server is going to support:
Failover Clustering and Live migration

Making this product a lot more interesting for the majority of small and midsized companies, making it possible for high availability and flexible migration of VM guest's across VM hosts.

Along with this, I should also mention that the Hyper-V configuration command-prompt utility has been updated accordingly allowing administrator to setup following items:
- Remote Management Configuration
- Failover Clustering Configuration
- Additional options for updates

Some tech updates too:
More CPU and memory support. Supporting up to 32 cores and 1 TB of physical memory on the host system.

Tryout the R2 beta, download here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=e464e255-cdd5-44b2-84e6-3233eae3f356


Experiencing backup problems with DPM 2007 and Microsoft Virtual Server 2005 R2?

Admitted, this is not my favorite solution to this problem, but if the alternative is no backup at all, this is without doubt a workable resolution.

In our setup I've experienced backup problems when using DPM 2007 to backup some of my VM's running on our Microsoft Virtual Server 2005 host. More specific these the errors appearing:

DPM 2007 reported:
The replica of vm-client-001 on vm-host-xxx.local is inconsistent with the protected data source. All protection activities for this data source will fail until the replica is synchronized with consistency check.
DPM encountered a retryable VSS error.

Microsoft Virtual Server 2005 host reported:
(Both visible in Event log and Virtual Server 2005 R2 master status webpage)
The VSS writer for Virtual Server failed during the PostBackup phase, during the mounting of disk \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy290\Virtual Servers\vm-client-001.vhd for virtual machine vm-client-001. The disk did not come online within 5 minutes. Confirm that the vhd mount driver in installed correctly and is able to mount virtual hard disks.

It's worth mentioning the VM, DPM has been failing to backup of the type: Online backups. I have several other VM's setup on the VM-host, without backup problems, both Online and Offline backups.

My way of fixing the issue with DPM continuing to fail when backup is initiated is solved by changing the backup-mode from Online backup to Offline backup. This is done by the registry on the physical/host machine running the VMs.

1. Open Registry Editor/regedit
2. Navigate to "HKEY_LOCAL_MACHINE\Software\Microsoft\Virtual Server\1.0\Backup\BackupType"
3. Either change the existing REG_DWORD-record if your VM is located here, or create a new REG_DWORD with the same name as your VM appears in Virtual Server 2005 R2 web-interface.
4. Set the value of appropriate record to: 1 This would changes the Backup mode to Offline backups.

Just for the kicks, here is the value definitions:
0/1: Offline backup
2: Online backup

Beware that DPM still reports it's as a Online Backup, but underneath the bonnet, it is Offline backup, and your DPM should no longer experience the mentioned problem. It's by the way not necessary to reboot any of the machines involved for the changes to take effect.


Data Protection Manager 2007 (DPM) is slow in Windows 2008

I've been running with Windows 2008 for quite some time now, and at the time where DPM 2007 was released I guess Windows 2008 still was kind' a new to people, so no resolution or scenario of this issue was right at hand at the time.

System:
HP ProLiant ML 110 powered by Intel Xeon CPU with 8 Gb memory running 64-bit version of Windows Server 2008 Enterprise (Hyper-V role enabled) with SP1 and all latest updates.

Used quite some time searching the web for a resolution to this problem, and most people a who I "ran into" suggested that I should wait for the SP1 for DPM 2007. Doing some more digging it turns out that the Virtual Disk Service (VDS) on the older 2000 and 2003 system had some memory leaks, and kb-articles referring to these scenarios looked a lot like the problems I have on my Windows 2008 system. Chances for an error reoccurring could therefore be somewhat expected. Not key on manually overwriting important system files on a semi-working system which handles backup, I first of all turn to my patience willing to give the SP1 a chance to might fix this issue since Microsoft at this time doesn't have any fixes ready yet.

SP1 came and a lot of improvement in speed generally, but I still see the VDS service consume way to much memory most of the time, but the applications is more responsive and therefore gives a better user experience speed-wise.

In the lack of better suggestions I turn to the physical hardware and installs further 4 Gb memory, maxing out the total memory possible for this machine 8 Gb. Once again it helps - but only for some time. Hence the amount of backup jobs and data being stored, the system slowly grinds back to the same sluggish state that it had in the beginning.

Getting more and more errors and failed backup messages, and I'm guessing the VDS memory leak is affecting the DPM and its ability to successfully backup things.

Today I stumbled over this kb-article:
http://support.microsoft.com/kb/958387

"On a computer that is running Windows Vista or Windows Server 2008, a memory leak may occur in the Virtual Disk Service. This problem may occur in the following scenarios.
A memory leak occurs in the Virtual Disk Service when an application uses the Virtual Disk Service to enumerate disk resources. In this scenario, you notice that the memory consumption of the Virtual Disk Service (Vds.exe) increases continually."

Once again - sounds exactly like what I'm experiencing, and this time it's for Windows 2008 - yes baby!

Installed the fix (kb958387) and have been running with this update for a week now, backup jobs are hitting a much higher successful rate than before, and whereas the machine often was slow after just one day in companionship with memory-leaking-VDS. VDS and DPM seems to be better friends now and I don't see any huge unexpected memory usage anymore.

I've been running a couple of weeks with this fix, and yes no more memory slaughtering from the VDS service. Thought I'd just share this with you, so none of you should experience the same annoying scenario with a sluggish DPM server or other backup products using Volume Shadow Service (VSS).


Setting up Google Calendar for your Iphone, Nokia phones and Outlook

Lately a couple of my friends has asked into how my Google Calendar setup works, since I'm driving this as a central element in my daily planning. It's evolved a bit since I first started to use Google Calendar to be used across multiple devices and systems.
My girlfriend is also a happy user of this setup, allowing here to control her working schedule, since she's working with changing work hours. This has been an issue for a quite some time, since I never knew when she was home because my memory often gets flushed or reset every time I sleep.

My current setup:
4 main calendars:
- My own
- My girlfriend
- Our shared calendar (my girlfriend and me, for stuff where we both attends)
- Building/estate (this is used for registering worktasks, and/or different numbers for stat on electric and water usage)

3 special calendar, for some features that the Google Calendar sadly doesn't have embedded yet:
- Weather (Feature added from calendar settings)
- Holydays (in this case the Danish holydays, feature added from Google calendar "inventory")
- Week numbers (http://recover89.googlepages.com/googlecalendarweeknumbers)

The 4 main calendars are synced with:
- My Apple Iphone 3G (all four, changes are pushed)
- My personal pc, main Outlook calendar (all four, syncs every 15 min)
- My workstation pc, secondary/shared Outlook calendar (only my personal and shared calendar, syncs every 15 min)
- My workstation pc, as a Vista Gadget (my own  and shared calendar)
- Girlfriends Nokia 6500 (her own and shared calendar, syncs once every day)

Now you might think that would build up events every day, and displays on some devices is almost impossible to get a good overview of your appointments, but luckily the different calendars are color coded.

The Google Calendar is the primary calendar, and to keep this simple we decided it would be the best (and easiest) that additions and changes has to be made though the Google Calendar webpage.

For syncing the Nokia phone with Google Calendar I use, I would guess Ericsson could use this as well:
www.goosync.com

Iphone setup for Google Calendar:
I'm currently using www.nuevasync.com,  but I've heard that Google now supports push technology and thereby allowing you to skip nuevasync as a gateway/pass-through service, and connect directly to your data in Google Calendar, but haven't tried it yet.

Vista Gadget, Google Calendar:
http://www.eelkespaak.nl/2008/08/windows-vista-sidebar-gadget-for-google-calendar/