Thursday, June 28, 2007

Outlook 2007 and SharePoint integration issues

Just the other day I ran into an issue with the integration between Outlook 2007 and SharePoint 2007. This issue is quite anoying from a user perspective:

When connecting a list to Outlook 2007, Outlook creates a PST file in C:\Documents and Settings\%username%\Local Settings\Application Data\Microsoft\Outlook\ called "SharePoint List.pst" or "SharePoint Folders.pst". When you are using Roaming Profiles, the Local Settings directory is not copied along with the profile. This sounds logical, because the PST can become very large and you don't want this data to be copied to the server.

But, and here is the catch, if a user logs onto another workstation Outlook does know it has connected to a PST file before and tries to open it. Because the file has not been copied with the profile, it does not exist.....presenting the user with an error message.

On the blog of Jose Barreto I found a post which explains how to disable the Outlook integration. By entering a key in the registry, connecting Outlook to SharePoint is not possible anymore. This will definately solve the issue, but will also prevent user from using the Outlook integration. Something I do not like.

After some more Googleing I found the Office 2007 System Adminstrative Templates on the Microsoft site. When importing them into a Group Policy, you have the possibility to configure some settings for Outlook 2007. And then especially the two following settings:
User Configuration > Administrative Templates > Microsoft Office Outlook 2007 > Tools Account Settings SharePoint

  • Do not allow Sharepoint-Outlook integration
  • Do not roam users' SharePoint lists
The first setting will do the same as explained in the blog post mentioned earlier. But the second one will just prevent SharePoint lists from roaming along with the user and solving the issue!!

Wednesday, June 06, 2007

DB Maintenance whitepaper to be released

Microsoft will release a database maintance whitepaper for SharePoint databases shortly, which describes which maintenance you should do on a regular basis. For example database defragmentation and updates of statistics and re-index key tables.
So keep an eye on the Microsoft site!!

ForeFront Security for SharePoint

Microsoft has just released the Client Security version of ForeFront. But the ForeFront Security for SharePoint (FSSP) has been release for a while now. FSSP supplies the following functionalities:
1.) Anti-virus scanning of documents uploaded and/or downloaded.
2.) File filtering based on file signatures.
3.) Document content keyword filtering
With FSSP is supplied with eight scan engines (Microsoft, Computer Associates, Norman, AhnLab, VirusBuster, Sophos, Kaspersky and Authenticum) and it is possible to check files with up to five scan engines at a time.

How do viruses enter SharePoint:
Viruses can enter SharePoint when infected files are uploaded or when a mapping to a SharePoint document library has been made from an infected computer.

Why an anti-virus solution:
Some people ask “why do you need anti-virus software on your SharePoint environment when your server has a file system anti-virus software installed”. The answer to this question is simple:
Files uploaded to SharePoint do not touch the file system. They come in through the TCP/IP protocol and are saved to the database. Therefore file system AV software is not able to scan the files.

When the SharePoint environment is used on the internal network and all computers on that network are managed, having a AV solution on your SharePoint environment might not be necessary. But with SharePoint being used to collaborate with external users (e.g. partners, customers, suppliers), knowing 100% that all files uploaded are virus free is impossible. Therefore having a AV solution in SharePoint is a must.

How does ForeFront Security for SharePoint work:
FSSP has two types of scanmodes. The first is the Realtime Scan mode. Files uploaded and/or downloaded are scanned by FSSP and blocked if a virus is found.
The second mode is Manual Scan mode, which scans the environment (or a subset) for viruses.

FSSP uses the VSAPI of SharePoint, which is optimized for SQL. This integration means that some basic settings must be made in SharePoint, for example are files scanned during upload and/or download.
These settings can be viewed from the FSSP Management console.

What does ForeFront Security for SharePoint have to do when a virus is found:
Once FSSP detects a virus, administrators have several options what to do with those viruses. In Realtime Scan mode, the options are “Skip, Detect only” and “Clean, Repair document. Delete if unsuccessful”. In both cases the detection is logged in the incident log, but of course the first option is not a very secure setting to use.

In Manual Scan mode, the options are “Skip, Detect only”, “Clean, Repair document. Delete if unsuccessful” and “Delete file”. This last option replaces the content of file with some customizable text, notifying the user that the file contained a virus and has been deleted.

File Filter option:
Besides virus scanning, does FSSP also supply a File Filter option. This functionality can be used for blocking potentially dangerous content, for example exe, com, vbs or scr files, but also block unwanted content like mp3 or avi files.
The difference with the file blocking option of SharePoint is that FSSP does not look at the extension alone, but also checks the file header. So renaming a exe file to txt will fool the “Block file types” option of SharePoint, but not FSSP.

As you might know, with SharePoint it is possible to block certain extensions. These blocks have precedence over the virus scanning. So if you upload an exe file which contains a virus, this file is block (by default) by the “Blocked file types” option of SharePoint, not by FSSP.

Note 2:
When a file is blocked by the File Filter, the user will receive a “Virus Found” message. Even when the file does not contain a virus. Educating your users is wise to do.

What else:
One thing to know is that once a file is scanned, it will not be scanned again until it has been changed. This will improve performance.

As mentioned before, when FSSP detects a virus during a Manual Scan it will replace the content of the file with customizable text. The name of the file will remain exactly the same. Users will not see any difference, besides the changed file size. This is due to limitations of SharePoint. The FSSP team is working with the SharePoint team to fix this.

FSSP does support the Office 2007 file format, but cannot detect if the file is a Word, Excel or PowerPoint file (besides checking the extension). The File Filter will has just one OpenXML option.

SP1 for FSSP will be release somewhere this month (June 2007). One option that has been added in this Service Pack is that installing FSSP on an Exchange server is not possible. When you have a server which is running both Exchange and SharePoint, FSSP cannot be used. Personally I find this very strange, but Microsoft probably has it reasons.

More info:
ForeFront Security for SharePoint Product Overview
Download trial

Monday, June 04, 2007

I WON!!!

I won something, I actually won something!!

And I hear you think "what did he win"? I won a copy of Microsoft Office 2007 Ultimate!!
Ok, I already had that via my MSDN subscription, but hey....I never win something and now I did!! Of course I am excited :-)

Sysinternals tools

Recently Microsoft has bought the company Winternals. Winternals also supplied the excellent Sysinternals tools. A lot of people worldwide thought that this would be the end of those tools. Fortunately, this is not the case. They are still available and will be in the future.

During a session, given by Otto Helweg, the current situation and plans for the future passed the scene. The tools still are and will remain free. Available via the site, as a one by one download or by downloading the Sysinternals Suite and getting all tools at the same time. By average, the tools are downloaded 50.000 times a day, with the Process Explorer being the absolute number one.
Some changes to the lold Sysinternals icensing model are:
  1. You are not allowed to redistribute the tools yourself
  2. They are free to use on every pc you own.
This last change is very anoying for Service Providers. Fortunately, it is possible for them to contact Microsoft and work out a way to solve this licensing issue.
Since 2007, Microsoft has added a EULA approval to the Sysinternal tools. This caused lots of automated scripts to stop functioning, waiting for an acceptance to the EULA. Microsoft has added an "/accepteula" option to the tools to get around it.
One thing that I did not know is that the Process Monitor is a replacement for the FileMon and RegMon tools. Both tools are still available for download, but why use it if you have one integrated tool.
An issue I ran into in a project where we tried to use PSExec, is that it is not possible to start a remote PowerShell script. Somehow PowerShell does start, but is not running the script. Otto mentioned the new Windows Remote Shell, which is available in Vista, Windows Server 2008 and as seperate download somewhere over the next 6 months for XP and Windows Server 2003 to solve this issue. Too bad that we are running W2K3 at the moment :-)
Anyway, the goal of Microsoft is to expand the number of tools and functionalities in the future. Maybe even create PowerShell commandlet equivalents.

TechEd 2007 has started!!

This morning Bob Muglia (Senior Vice President Server and Tools Business) opened TechEd 2007 with his keynote. It started with a view backstage of Bob after his keynote. He had been targeted with fruits and vegtables, but then........Doc Brown (you know, the guy from Back To The Future) appeared to the rescue with his very own DeLorean, IT Style. He took Bob "Back to the history" to see what happened with Microsofts visions. After they returned to the current time they drove on stage with the DeLorean.

After some uplifting words from Doc, he started his keynote. This time not about Microsoft visions, but about real world problems and how to fix them. With Infrastructure Optimization, System Center Configuration Manager, System Center Virtual Machine Manager and System Center Operations Manager modeling your IT environment and from there move forward, changing split between the costs for maintaining your environment and implementing new solutions to increase efficiency, becomes easier than ever.

We are here!! TechEd 2007!!

I am writing this post from the TechEd 2007 in Orlando, Florida. After getting out of bed at 4am CET to go to Schiphol (Amsterdam) it is now 20 hours later and I have just completed registration. In a couple of minutes I am going to my hotel for a well deserved shower (yes, I need one), some diner and then a good night sleep.

Over the next few days I will post all things that I learn over here. So keep an eye on my blog!!

[Update] Just arrived in my hotel The Caribe Royale and man it is good!! It has a great pool including waterfalls and my room is on the top floor with excellent view!! In other words....I think I will survive this week just barely :-)

Oh and just one other thing: Can anyone tell me why the cabs of the "Yellow Cab Company" are orange?? As a dutchman I don't mind the color, but the name is a little confusing :-p