- Posted by ploft on July 14, 2011
Separated SharePoint site collections aren’t secure enough – People Picker gives you and your clients away.
Now let’s change all that.
Scenario:
You and your clients are using the extranet site, with separated site collections for security reasons, isolating the People and groups only to the people inside the collection, and not the whole application. This is good, but not good enough.
Creative minds and people with SharePoint insight could use the out-of-the-box People Picker inside a SharePoint site, to actually browse your whole Active Directory (depending on how much the SharePoint profile system scrapes when synchronizing information). That is why the People Picker would give you, your clients or your projects away, if someone stumbles upon some secrecy-giveaway-named user accounts, only intentioned for internal use.
Now if you are working on a project, with a non-disclosure agreement, you better make sure that this isn’t possible, because the default settings in SharePoint aren’t the secure approach, or you could get into a heap of trouble.
Now to the fix:
It’s actually quite simple.
The SharePoint stsadm tool, allows for changes inside the configuration database, that isn’t possible from the normal web administration interface. The property we will be looking into is the “peoplepicker-onlysearchwithinsitecollection”.
You can check your current property flag by typing this in a command prompt:
(-o for Operation, -pn for PropertyName and –pv for PropertyValue)
stsadm -o getproperty -pn peoplepicker-onlysearchwithinsitecollection -url http://external.mycompany.com/mysecretproject
The default feedback would be:
Property Exist="Yes" Value="no"
To change this, we execute the following command:
stsadm -o setproperty –url http://external.mycompany.com/mysecretproject –pn peoplepicker-onlysearchwithinsitecollection –pv no
If successful, run the getproperty operation again, and you should now see that the value has changed to “yes”, and by browsing the site, the People Picker, should only look into the people and groups within the Site Collection.
If you are running extranet- or site collections like this, you should change this globally by not defining an URL in the operation, like this:
stsadm -o setproperty –pn peoplepicker-onlysearchwithinsitecollection –pv no
You have now fixed, what should have been default from the beginning.
- Posted by ploft on September 8, 2010
As the SharePoint configuration-go-to-guy at Vertica (the company where I work) had a customer today who experienced some trouble with SharePoint Services 3.0 after they ballooned their SQL volume, to achieve more space.
I’m not sure how it happened, but for some reason the embedded SQL broke during this transition and along the way, their systems administrator somehow managed to delete the VirtualDirectories for all the SharePoint sites located in the C:\Inetpub\wwwroot\wss-folder.
Yaiks!...
Well, since the customer earlier had a request to move from the embedded SQL to a somewhat real SQL version (though still the Express-version), I started deploying SQL 2008 R2 Express to their server.
I pulled the database files from their backup, and attached them to my new SQL 2008 R2 database instance, but prefixed both the files and databasenames with “old_”.
Afterwards since the SharePoint installation was smashed up, I decided redo the setup progress, and ordering SharePoint to use the new database instance:
Source:
http://technet.microsoft.com/en-us/library/cc263093(office.12).aspx
psconfig.exe –cmd –create –server “sharepoint-srv” –database “sharepoint30” –admincontentdatabase “SharePoint_AdminContent”
Followed by a the “SharePoint Products and Technologies Configuration Wizard”, which sets up the necessary IIS sites, which I had deleted earlier, since they broke when the underlying files was deleted.
Next up, entered the SharePoint Administration site and created a new Application, but didn’t create a Site Collection, since I just needed to attach the content database from the backup.
Selected the “Content databases” in Application Management, selected the Web application, and clicked the “Add a content database”.
Typed in the server and name for my attached backup content database, in this case “WSS_Content_portal”. Finished off by clicking OK.
Visited the site from my browser, and the site was back in its glory. Yeay!
Bonus tip:
Uninstalling the SQL Embedded instance, isn't as easy as Add/Remove programs, but following this tip, makes it possible:
Credit to: http://jemm.wordpress.com/2007/08/06/how-to-uninstall-sql-server-2005-embedded-edition/
To uninstall SSEE:
Start Registry Editor, and then locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
In the left pane, click each GUID.
For each GUID that you click, look for a display name in the right pane that matches
“Microsoft SQL 2005 Embedded Edition…”.
When you see a display name that matches the name,
copy the value of the Key named “UninstallString”
Open a Command-Window (Start->run->cmd)
Paste the Copied string.
Append “CALLERID=OCSETUP.EXE"
Example: “MsiExec.exe /X{BDD79957-5801-4A2D-B09E-852E7FA64D01} CALLERID=OCSETUP.EXE”
- Posted by ploft on July 21, 2009
Tiered of people bugging you, for the simplest questions they could figure out in seconds using google.com ?
This is the solution to stop that.
So for answering the person bugging you, you just pass out the following URL like the following, just replace with his or her question instead.
Here is an example:
http://lmgtfy.com/?q=Peter+Loft+Jensen+blog
Or the company (Vertica) where I work:
http://lmgtfy.com/?q=vertica+commerce+integration+sharepoint
Setting up you own Let Me Google That For You (LMGTFY) go visit www.lmgtfy.com
It's genius.
- Posted by ploft on May 1, 2009
While everyone is falling on their bum now that Windows 7 has been released in a Release Candidate version, it's worth mentioning that the Client and Server editions for now goes hand in hand, meaning that the Windows Server R2 Release Candidate is also available for MSDN and TechNet subscribers.
Windows 7 will be available for public May 5.
For those of you who fancy servers above clients, here is a kick on to what the Windows Server 2008 R2 will bring.
Interview with Wald Ralston:
http://edge.technet.com/Media/Windows-Server-2008-R2-RC-Interview/
More resources about Windows 2008 R2 here:
http://edge.technet.com/Media/Announcing-Windows-Server-2008-R2-Release-Candidate-RC/
Some of the notable key elements in the R2 edition:
- Hyper-V 2.0
- PowerShell 2.0
- Branch Office
- Power Management
- Posted by ploft on March 20, 2009
I've been running with Windows 2008 for quite some time now, and at the time where DPM 2007 was released I guess Windows 2008 still was kind' a new to people, so no resolution or scenario of this issue was right at hand at the time.
System:
HP ProLiant ML 110 powered by Intel Xeon CPU with 8 Gb memory running 64-bit version of Windows Server 2008 Enterprise (Hyper-V role enabled) with SP1 and all latest updates.
Used quite some time searching the web for a resolution to this problem, and most people a who I "ran into" suggested that I should wait for the SP1 for DPM 2007. Doing some more digging it turns out that the Virtual Disk Service (VDS) on the older 2000 and 2003 system had some memory leaks, and kb-articles referring to these scenarios looked a lot like the problems I have on my Windows 2008 system. Chances for an error reoccurring could therefore be somewhat expected. Not key on manually overwriting important system files on a semi-working system which handles backup, I first of all turn to my patience willing to give the SP1 a chance to might fix this issue since Microsoft at this time doesn't have any fixes ready yet.
SP1 came and a lot of improvement in speed generally, but I still see the VDS service consume way to much memory most of the time, but the applications is more responsive and therefore gives a better user experience speed-wise.
In the lack of better suggestions I turn to the physical hardware and installs further 4 Gb memory, maxing out the total memory possible for this machine 8 Gb. Once again it helps - but only for some time. Hence the amount of backup jobs and data being stored, the system slowly grinds back to the same sluggish state that it had in the beginning.
Getting more and more errors and failed backup messages, and I'm guessing the VDS memory leak is affecting the DPM and its ability to successfully backup things.
Today I stumbled over this kb-article:
http://support.microsoft.com/kb/958387
"On a computer that is running Windows Vista or Windows Server 2008, a memory leak may occur in the Virtual Disk Service. This problem may occur in the following scenarios.
A memory leak occurs in the Virtual Disk Service when an application uses the Virtual Disk Service to enumerate disk resources. In this scenario, you notice that the memory consumption of the Virtual Disk Service (Vds.exe) increases continually."
Once again - sounds exactly like what I'm experiencing, and this time it's for Windows 2008 - yes baby!
Installed the fix (kb958387) and have been running with this update for a week now, backup jobs are hitting a much higher successful rate than before, and whereas the machine often was slow after just one day in companionship with memory-leaking-VDS. VDS and DPM seems to be better friends now and I don't see any huge unexpected memory usage anymore.
I've been running a couple of weeks with this fix, and yes no more memory slaughtering from the VDS service. Thought I'd just share this with you, so none of you should experience the same annoying scenario with a sluggish DPM server or other backup products using Volume Shadow Service (VSS).
- Posted by ploft on November 4, 2008
Windows Server 2008 R2 Overview
The next version of Windows Server is the R2 of Windows 2008, internally called Windows 7 Server. For now Microsoft expect shipping R2 Q1 of 2010. Some of the new features worth mentioning:
- New active directory level (a lot of changes and improvement since the 2003 that didn’t bring that much to the table – the 2008 R2 does, with Recycle Bin functionality a much richer interface for administrating active directories in larger enterprises.)
- PowerShell v2.0
- Second release of the Hyper-V engine, now real supporting multimonitor RDP’s, and live migration from server to server without any downtime or impact on the guest system.
- Along with Hyper-V, Microsoft had made a lot of effort into making RemoteApp better at supporting video/audio, 2D/3D graphics, and the overall view of software running remotely, making the remote experience a lot more transparent for the users.
- Branch Office caching feature, lowering the traffic between office branches by providing a usage-aware kind-of-proxy.
- Core editions now support the .NET framework (apparently not the complete framework, but the most of it)
- Easier administrating web-application leveraging most of the administration to the IIS-manager, and also allowing you to control SQL databases directly from the manager.
- Support for 64 physical cores (that’s 256 logical cores for a single operating system instance)
Windows 2008 Server R2 offers a lot on the connectivity part, aiming at trouble-free connectivity nevertheless our location, by using Direct Access without the usage of VPN’s.
It’s also worth mentioning the 2008 Server was the last server system from Microsoft shipped with 32bit support. The Windows 2008 R2 Server is only shipped in a 64 bit version.
- Posted by ploft on July 3, 2008
As some of you may know the final release of Microsoft Windows Server 2008 Hyper-V technology has been released. I’ve used the last few weeks reading up on some of the changes and other people’s experiences with Hyper-V. I tried the Hyper-V then it was still in beta and at this time it was clear that Microsoft had made a great product – and I’m saying this, with a slight chance of being called a Microsoft-fan boy, but the specs I’ve seen with Hyper-V should really kick ass.
We’d talked about the possibility of running all our virtual machines and pc’s of a dedicated host-server rather than using them locally on the development workstations where I work. No further detail should be needed, and to make a long story short we decided to take it up for a test, so a HP ProLiant DL 185 was ordered for this purpose.
More...