Over the past few days I ran into some small but very annoying issues with SharePoint 2007:
The first is with a document library web part. After placing a document library web part on a page and configuring it with a “Full Toolbar”, I wanted to change some fields which are shown in the web part. I opened the “Modify This Web part” menu, clicked “Edit current view”, made some changes and clicked Ok. When the web part page was shown, the Full Toolbar had switched back to the Summary Toolbar. Also the “Modify This Web part” sidebar was closed. It meant I had to open the sidebar again and configure the Full Toolbar again. Very annoying behavior!
The second issue is when you are using Active Directory groups in audiences. In SharePoint 2003, using audiences meant creating special audiences which are compiled according to predefined rules. As of SharePoint 2007 it is possible to use AD groups directly as an audience. When a user is a member of that group, the item or web part is shown to the user.
On a page I had several web part configured with AD group audiences. In the AD I moved the groups to a different OU and after a profile import my web parts weren’t shown to anyone any more. Some troubleshooting revealed that the groups were in the profile list twice, one for the old OU and one for the new OU. Because they had exactly the same name, I could not determine which group was the correct one. I added both groups to the web part audience to get it working again.
Looks like SharePoint is looking at the absolute DN when using AD groups in audiences. Now I am hoping the “old” groups will disappear automatically……not really sure.
Friday, July 13, 2007
Tuesday, July 03, 2007
Add SharePoint sites to "My Network Places"
When browsing SharePoint sites, Windows sometimes adds these sites to the "My Network Places" on your XP box. This enables you to easily save documents right from Word for example into SharePoint. Unfortunatelly I have noticed that Windows XP not always adds SharePoint sites to the My Network Places automatically.
On a forum I found a solution for this issue. A guy named DonQ created a vbs script which I used in my logon script. Depending on group memberships, SharePoint sites are automatically created for the users while logging in.
The script I used as a starting point is:
On a forum I found a solution for this issue. A guy named DonQ created a vbs script which I used in my logon script. Depending on group memberships, SharePoint sites are automatically created for the users while logging in.
The script I used as a starting point is:
'Create Network Folder
'This is a fix to the original, which I found did not handle URLs
'longer than 44 characters.
Option Explicit
Sub CreateNetworkFolder(siteURL, siteName)
Dim iRes, jRes, MT, TT
Dim SH, newPath
Dim objFso, f, fs, g
Dim bString
Dim ltrIndex
Dim nameLength, urlLength, urlCutoff
Dim aFile
'ForWriting (2) is the attribute to be set when writing to a file.
Const ForWriting = 2
nameLength = Len(siteName)
urlLength = Len(siteURL)
'44 seems to be the length where we have to change a 00 to a 01.
urlCutoff = 44
MT = "OK to create a My Network Places " & vbCr & "folder for " & siteURL & vbCr & "named " & siteName & "?"
TT = "My Network Places"
iRes = MsgBox(MT, vbOKCancel + vbInformation, TT )
Set objFso = CreateObject("Scripting.FileSystemObject")
If iRes = vbCancel Then
WScript.Quit
End If
Set SH = WScript.CreateObject("WScript.Shell")
'Create the folder under NetHood that will hold the target.lnk file
newPath = SH.SpecialFolders("NetHood") & "\" & siteName
If (objFso.FolderExists(newPath)) Then
WScript.Echo "A Network Place with that name already exists."
WScript.Quit
End If
objFso.CreateFolder(newPath)
'We ceate a Desktop.ini file
Set fs = CreateObject("Scripting.FileSystemObject")
aFile = newPath & "\Desktop.ini"
Set f = fs.OpenTextFile( aFile, ForWriting, True )
'Write the data lines that will make this a folder shortcut.
f.WriteLine "[.ShellClassInfo]"
f.WriteLine "CLSID2={0AFACED1-E828-11D1-9187-B532F1E9575D}"
f.WriteLine "Flags=2"
f.WriteLine "ConfirmFileOp=0"
f.Close
'We make Desktop.ini a system-hidden file by assigning it attribute of 6
Set fs = CreateObject("Scripting.FileSystemObject")
Set g = fs.GetFile(newPath & "\Desktop.ini")
g.Attributes = 6
'We make the folder read-only by assigning it 1.
Set fs = CreateObject("Scripting.FileSystemObject")
Set g = fs.GetFolder(newPath)
g.Attributes = 1
'This is where we construct the target.lnk file byte by byte. Most of the lines are shown in 16 byte chunks,
'mostly because that is the way I saw it in the Debug utility I was using to inspect shortcut files.
'Line 1, 16 bytes
bString = Chr(&H4C) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H01) & Chr(&H14) & Chr(&H02) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&HC0) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Line 2, 16 bytes
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H46) & Chr(&H81) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Line 3, 16 bytes
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Line 4., 16 bytes. 13th byte is significant.
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H01) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Line 5. 13th byte is significant.
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'When I was analyzing the next byte of shortcuts I created, I found that it is set to various values,
'and I have no idea what they are referring to. In desperation I tried substituting some values.
'00 caused a crash of Explorer. FF seeems to work fine for all.
'If anyone can get back to me on what this byte is or why FF works, please contact me.
bString = bString & Chr(&HFF)
'This byte is 00 if the URL is 44 characters or less, 01 if greater.
If urlLength > urlCutoff Then
bString = bString & Chr(&H01)
Else
bString = bString & Chr(&H00)
End If
bString = bString & Chr(&H14) & Chr(&H00)
'Line 6, 16 bytes
bString = bString & Chr(&H1F) & Chr(&H50) & Chr(&HE0) & Chr(&H4F) & Chr(&HD0) & Chr(&H20) & Chr(&HEA) & Chr(&H3A) & Chr(&H69) & Chr(&H10) & Chr(&HA2) & Chr(&HD8) & Chr(&H08) & Chr(&H00) & Chr(&H2B) & Chr(&H30)
'Line 7, 16 bytes
bString = bString & Chr(&H30) & Chr(&H9D) & Chr(&H14) & Chr(&H00) & Chr(&H2E) & Chr(&H00) & Chr(&H00) & Chr(&HDF) & Chr(&HEA) & Chr(&HBD) & Chr(&H65) & Chr(&HC2) & Chr(&HD0) & Chr(&H11) & Chr(&HBC) & Chr(&HED)
'Line 8, 16 bytes
bString = bString & Chr(&H00) & Chr(&HA0) & Chr(&HC9) & Chr(&H0A) & Chr(&HB5) & Chr(&H0F) & Chr(&HA4)
'This byte is 00 if the URL is 44 characters or less, 01 if greater.
If urlLength > urlCutoff Then
bString = bString & Chr(&H01)
Else
bString = bString & Chr(&H00)
End If
bString = bString & Chr(&H4C) & Chr(&H50) & Chr(&H00) & Chr(&H01) & Chr(&H42) & Chr(&H57) & Chr(&H00) & Chr(&H00)
'Line 9, 16 bytes
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H10) & Chr(&H00)
'Line 10, 2 bytes
bString = bString & Chr(&H00) & Chr(&H00)
'The next byte represents the length of the site name.
bString = bString & Chr(nameLength)
'Take the site name, and write each letter, preceeded by a "00" character.
For ltrIndex = 1 to nameLength
bString = bString & Chr(&H00) & Mid(siteName, ltrIndex, 1)
Next
'Middle line, separates the Folder Name from the URL. 3 bytes.
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00)
'The next byte represents the length of the site URL.
bString = bString & Chr(urlLength)
'Take the site URL, and write each letter, preceeded by a "00" character.
For ltrIndex = 1 to urlLength
bString = bString & Chr(&H00) & Mid(siteURL, ltrIndex, 1)
Next
'Last line, 13 bytes
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Let's create the target.lnk file.
Set fs = CreateObject("Scripting.FileSystemObject")
aFile = newPath & "\target.lnk"
'aFile = newPath & "\vb.sss"
Set f = fs.OpenTextFile(aFile, ForWriting, True)
f.Write bString
f.Close
MT = siteName & " created."
jRes = MsgBox(MT, vbOK, TT )
End Sub
CreateNetworkFolder "http://ReallyReallyLongURL.com/big_long_subfolder/", "Really, Really Long"
'This is a fix to the original, which I found did not handle URLs
'longer than 44 characters.
Option Explicit
Sub CreateNetworkFolder(siteURL, siteName)
Dim iRes, jRes, MT, TT
Dim SH, newPath
Dim objFso, f, fs, g
Dim bString
Dim ltrIndex
Dim nameLength, urlLength, urlCutoff
Dim aFile
'ForWriting (2) is the attribute to be set when writing to a file.
Const ForWriting = 2
nameLength = Len(siteName)
urlLength = Len(siteURL)
'44 seems to be the length where we have to change a 00 to a 01.
urlCutoff = 44
MT = "OK to create a My Network Places " & vbCr & "folder for " & siteURL & vbCr & "named " & siteName & "?"
TT = "My Network Places"
iRes = MsgBox(MT, vbOKCancel + vbInformation, TT )
Set objFso = CreateObject("Scripting.FileSystemObject")
If iRes = vbCancel Then
WScript.Quit
End If
Set SH = WScript.CreateObject("WScript.Shell")
'Create the folder under NetHood that will hold the target.lnk file
newPath = SH.SpecialFolders("NetHood") & "\" & siteName
If (objFso.FolderExists(newPath)) Then
WScript.Echo "A Network Place with that name already exists."
WScript.Quit
End If
objFso.CreateFolder(newPath)
'We ceate a Desktop.ini file
Set fs = CreateObject("Scripting.FileSystemObject")
aFile = newPath & "\Desktop.ini"
Set f = fs.OpenTextFile( aFile, ForWriting, True )
'Write the data lines that will make this a folder shortcut.
f.WriteLine "[.ShellClassInfo]"
f.WriteLine "CLSID2={0AFACED1-E828-11D1-9187-B532F1E9575D}"
f.WriteLine "Flags=2"
f.WriteLine "ConfirmFileOp=0"
f.Close
'We make Desktop.ini a system-hidden file by assigning it attribute of 6
Set fs = CreateObject("Scripting.FileSystemObject")
Set g = fs.GetFile(newPath & "\Desktop.ini")
g.Attributes = 6
'We make the folder read-only by assigning it 1.
Set fs = CreateObject("Scripting.FileSystemObject")
Set g = fs.GetFolder(newPath)
g.Attributes = 1
'This is where we construct the target.lnk file byte by byte. Most of the lines are shown in 16 byte chunks,
'mostly because that is the way I saw it in the Debug utility I was using to inspect shortcut files.
'Line 1, 16 bytes
bString = Chr(&H4C) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H01) & Chr(&H14) & Chr(&H02) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&HC0) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Line 2, 16 bytes
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H46) & Chr(&H81) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Line 3, 16 bytes
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Line 4., 16 bytes. 13th byte is significant.
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H01) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Line 5. 13th byte is significant.
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'When I was analyzing the next byte of shortcuts I created, I found that it is set to various values,
'and I have no idea what they are referring to. In desperation I tried substituting some values.
'00 caused a crash of Explorer. FF seeems to work fine for all.
'If anyone can get back to me on what this byte is or why FF works, please contact me.
bString = bString & Chr(&HFF)
'This byte is 00 if the URL is 44 characters or less, 01 if greater.
If urlLength > urlCutoff Then
bString = bString & Chr(&H01)
Else
bString = bString & Chr(&H00)
End If
bString = bString & Chr(&H14) & Chr(&H00)
'Line 6, 16 bytes
bString = bString & Chr(&H1F) & Chr(&H50) & Chr(&HE0) & Chr(&H4F) & Chr(&HD0) & Chr(&H20) & Chr(&HEA) & Chr(&H3A) & Chr(&H69) & Chr(&H10) & Chr(&HA2) & Chr(&HD8) & Chr(&H08) & Chr(&H00) & Chr(&H2B) & Chr(&H30)
'Line 7, 16 bytes
bString = bString & Chr(&H30) & Chr(&H9D) & Chr(&H14) & Chr(&H00) & Chr(&H2E) & Chr(&H00) & Chr(&H00) & Chr(&HDF) & Chr(&HEA) & Chr(&HBD) & Chr(&H65) & Chr(&HC2) & Chr(&HD0) & Chr(&H11) & Chr(&HBC) & Chr(&HED)
'Line 8, 16 bytes
bString = bString & Chr(&H00) & Chr(&HA0) & Chr(&HC9) & Chr(&H0A) & Chr(&HB5) & Chr(&H0F) & Chr(&HA4)
'This byte is 00 if the URL is 44 characters or less, 01 if greater.
If urlLength > urlCutoff Then
bString = bString & Chr(&H01)
Else
bString = bString & Chr(&H00)
End If
bString = bString & Chr(&H4C) & Chr(&H50) & Chr(&H00) & Chr(&H01) & Chr(&H42) & Chr(&H57) & Chr(&H00) & Chr(&H00)
'Line 9, 16 bytes
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H10) & Chr(&H00)
'Line 10, 2 bytes
bString = bString & Chr(&H00) & Chr(&H00)
'The next byte represents the length of the site name.
bString = bString & Chr(nameLength)
'Take the site name, and write each letter, preceeded by a "00" character.
For ltrIndex = 1 to nameLength
bString = bString & Chr(&H00) & Mid(siteName, ltrIndex, 1)
Next
'Middle line, separates the Folder Name from the URL. 3 bytes.
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00)
'The next byte represents the length of the site URL.
bString = bString & Chr(urlLength)
'Take the site URL, and write each letter, preceeded by a "00" character.
For ltrIndex = 1 to urlLength
bString = bString & Chr(&H00) & Mid(siteURL, ltrIndex, 1)
Next
'Last line, 13 bytes
bString = bString & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)
'Let's create the target.lnk file.
Set fs = CreateObject("Scripting.FileSystemObject")
aFile = newPath & "\target.lnk"
'aFile = newPath & "\vb.sss"
Set f = fs.OpenTextFile(aFile, ForWriting, True)
f.Write bString
f.Close
MT = siteName & " created."
jRes = MsgBox(MT, vbOK, TT )
End Sub
CreateNetworkFolder "http://ReallyReallyLongURL.com/big_long_subfolder/", "Really, Really Long"
Source:
http://totheescrime.org/FolderShortcut/fs.txt
http://www.codecomments.com/archive300-2005-4-452832.html
Monday, July 02, 2007
Deploying MOSS in an DMZ configuration
When planning to deploy MOSS as an Internet solution, the question "can I place the database server in my internal network, instead of the DMZ" is often asked. During some wondering around the Microsoft site I ran into the following article: Plan security hardening for extranet environments:
"This article details the hardening requirements for an extranet environment in which a Microsoft Office SharePoint Server 2007 server farm is placed inside a perimeter network and content is available from the Internet or from the corporate network"
Very usefull information, but the thing I found extremely usefull was the link to the "Extranet hardening planning tool: back-to-back perimeter" This is a Visio drawing which explains which ports need to be opened when deploying components inside or outside firewalls, etc. Take your advantage of it!!!
"This article details the hardening requirements for an extranet environment in which a Microsoft Office SharePoint Server 2007 server farm is placed inside a perimeter network and content is available from the Internet or from the corporate network"
Very usefull information, but the thing I found extremely usefull was the link to the "Extranet hardening planning tool: back-to-back perimeter" This is a Visio drawing which explains which ports need to be opened when deploying components inside or outside firewalls, etc. Take your advantage of it!!!
Thursday, June 28, 2007
Outlook 2007 and SharePoint integration issues
Just the other day I ran into an issue with the integration between Outlook 2007 and SharePoint 2007. This issue is quite anoying from a user perspective:
When connecting a list to Outlook 2007, Outlook creates a PST file in C:\Documents and Settings\%username%\Local Settings\Application Data\Microsoft\Outlook\ called "SharePoint List.pst" or "SharePoint Folders.pst". When you are using Roaming Profiles, the Local Settings directory is not copied along with the profile. This sounds logical, because the PST can become very large and you don't want this data to be copied to the server.
But, and here is the catch, if a user logs onto another workstation Outlook does know it has connected to a PST file before and tries to open it. Because the file has not been copied with the profile, it does not exist.....presenting the user with an error message.
On the blog of Jose Barreto I found a post which explains how to disable the Outlook integration. By entering a key in the registry, connecting Outlook to SharePoint is not possible anymore. This will definately solve the issue, but will also prevent user from using the Outlook integration. Something I do not like.
After some more Googleing I found the Office 2007 System Adminstrative Templates on the Microsoft site. When importing them into a Group Policy, you have the possibility to configure some settings for Outlook 2007. And then especially the two following settings:
User Configuration > Administrative Templates > Microsoft Office Outlook 2007 > Tools Account Settings SharePoint
Links:
When connecting a list to Outlook 2007, Outlook creates a PST file in C:\Documents and Settings\%username%\Local Settings\Application Data\Microsoft\Outlook\ called "SharePoint List.pst" or "SharePoint Folders.pst". When you are using Roaming Profiles, the Local Settings directory is not copied along with the profile. This sounds logical, because the PST can become very large and you don't want this data to be copied to the server.
But, and here is the catch, if a user logs onto another workstation Outlook does know it has connected to a PST file before and tries to open it. Because the file has not been copied with the profile, it does not exist.....presenting the user with an error message.
On the blog of Jose Barreto I found a post which explains how to disable the Outlook integration. By entering a key in the registry, connecting Outlook to SharePoint is not possible anymore. This will definately solve the issue, but will also prevent user from using the Outlook integration. Something I do not like.
After some more Googleing I found the Office 2007 System Adminstrative Templates on the Microsoft site. When importing them into a Group Policy, you have the possibility to configure some settings for Outlook 2007. And then especially the two following settings:
User Configuration > Administrative Templates > Microsoft Office Outlook 2007 > Tools Account Settings SharePoint
- Do not allow Sharepoint-Outlook integration
- Do not roam users' SharePoint lists
Links:
Wednesday, June 06, 2007
DB Maintenance whitepaper to be released
Microsoft will release a database maintance whitepaper for SharePoint databases shortly, which describes which maintenance you should do on a regular basis. For example database defragmentation and updates of statistics and re-index key tables.
So keep an eye on the Microsoft site!!
So keep an eye on the Microsoft site!!
ForeFront Security for SharePoint
Microsoft has just released the Client Security version of ForeFront. But the ForeFront Security for SharePoint (FSSP) has been release for a while now. FSSP supplies the following functionalities:
1.) Anti-virus scanning of documents uploaded and/or downloaded.
2.) File filtering based on file signatures.
3.) Document content keyword filtering
With FSSP is supplied with eight scan engines (Microsoft, Computer Associates, Norman, AhnLab, VirusBuster, Sophos, Kaspersky and Authenticum) and it is possible to check files with up to five scan engines at a time.
How do viruses enter SharePoint:
Viruses can enter SharePoint when infected files are uploaded or when a mapping to a SharePoint document library has been made from an infected computer.
Why an anti-virus solution:
Some people ask “why do you need anti-virus software on your SharePoint environment when your server has a file system anti-virus software installed”. The answer to this question is simple:
Files uploaded to SharePoint do not touch the file system. They come in through the TCP/IP protocol and are saved to the database. Therefore file system AV software is not able to scan the files.
When the SharePoint environment is used on the internal network and all computers on that network are managed, having a AV solution on your SharePoint environment might not be necessary. But with SharePoint being used to collaborate with external users (e.g. partners, customers, suppliers), knowing 100% that all files uploaded are virus free is impossible. Therefore having a AV solution in SharePoint is a must.
How does ForeFront Security for SharePoint work:
FSSP has two types of scanmodes. The first is the Realtime Scan mode. Files uploaded and/or downloaded are scanned by FSSP and blocked if a virus is found.
The second mode is Manual Scan mode, which scans the environment (or a subset) for viruses.
FSSP uses the VSAPI of SharePoint, which is optimized for SQL. This integration means that some basic settings must be made in SharePoint, for example are files scanned during upload and/or download.
These settings can be viewed from the FSSP Management console.
What does ForeFront Security for SharePoint have to do when a virus is found:
Once FSSP detects a virus, administrators have several options what to do with those viruses. In Realtime Scan mode, the options are “Skip, Detect only” and “Clean, Repair document. Delete if unsuccessful”. In both cases the detection is logged in the incident log, but of course the first option is not a very secure setting to use.
In Manual Scan mode, the options are “Skip, Detect only”, “Clean, Repair document. Delete if unsuccessful” and “Delete file”. This last option replaces the content of file with some customizable text, notifying the user that the file contained a virus and has been deleted.
File Filter option:
Besides virus scanning, does FSSP also supply a File Filter option. This functionality can be used for blocking potentially dangerous content, for example exe, com, vbs or scr files, but also block unwanted content like mp3 or avi files.
The difference with the file blocking option of SharePoint is that FSSP does not look at the extension alone, but also checks the file header. So renaming a exe file to txt will fool the “Block file types” option of SharePoint, but not FSSP.
Note:
As you might know, with SharePoint it is possible to block certain extensions. These blocks have precedence over the virus scanning. So if you upload an exe file which contains a virus, this file is block (by default) by the “Blocked file types” option of SharePoint, not by FSSP.
Note 2:
When a file is blocked by the File Filter, the user will receive a “Virus Found” message. Even when the file does not contain a virus. Educating your users is wise to do.
What else:
One thing to know is that once a file is scanned, it will not be scanned again until it has been changed. This will improve performance.
As mentioned before, when FSSP detects a virus during a Manual Scan it will replace the content of the file with customizable text. The name of the file will remain exactly the same. Users will not see any difference, besides the changed file size. This is due to limitations of SharePoint. The FSSP team is working with the SharePoint team to fix this.
FSSP does support the Office 2007 file format, but cannot detect if the file is a Word, Excel or PowerPoint file (besides checking the extension). The File Filter will has just one OpenXML option.
SP1 for FSSP will be release somewhere this month (June 2007). One option that has been added in this Service Pack is that installing FSSP on an Exchange server is not possible. When you have a server which is running both Exchange and SharePoint, FSSP cannot be used. Personally I find this very strange, but Microsoft probably has it reasons.
More info:
ForeFront Security for SharePoint Product Overview
Download trial
1.) Anti-virus scanning of documents uploaded and/or downloaded.
2.) File filtering based on file signatures.
3.) Document content keyword filtering
With FSSP is supplied with eight scan engines (Microsoft, Computer Associates, Norman, AhnLab, VirusBuster, Sophos, Kaspersky and Authenticum) and it is possible to check files with up to five scan engines at a time.
How do viruses enter SharePoint:
Viruses can enter SharePoint when infected files are uploaded or when a mapping to a SharePoint document library has been made from an infected computer.
Why an anti-virus solution:
Some people ask “why do you need anti-virus software on your SharePoint environment when your server has a file system anti-virus software installed”. The answer to this question is simple:
Files uploaded to SharePoint do not touch the file system. They come in through the TCP/IP protocol and are saved to the database. Therefore file system AV software is not able to scan the files.
When the SharePoint environment is used on the internal network and all computers on that network are managed, having a AV solution on your SharePoint environment might not be necessary. But with SharePoint being used to collaborate with external users (e.g. partners, customers, suppliers), knowing 100% that all files uploaded are virus free is impossible. Therefore having a AV solution in SharePoint is a must.
How does ForeFront Security for SharePoint work:
FSSP has two types of scanmodes. The first is the Realtime Scan mode. Files uploaded and/or downloaded are scanned by FSSP and blocked if a virus is found.
The second mode is Manual Scan mode, which scans the environment (or a subset) for viruses.
FSSP uses the VSAPI of SharePoint, which is optimized for SQL. This integration means that some basic settings must be made in SharePoint, for example are files scanned during upload and/or download.
These settings can be viewed from the FSSP Management console.
What does ForeFront Security for SharePoint have to do when a virus is found:
Once FSSP detects a virus, administrators have several options what to do with those viruses. In Realtime Scan mode, the options are “Skip, Detect only” and “Clean, Repair document. Delete if unsuccessful”. In both cases the detection is logged in the incident log, but of course the first option is not a very secure setting to use.
In Manual Scan mode, the options are “Skip, Detect only”, “Clean, Repair document. Delete if unsuccessful” and “Delete file”. This last option replaces the content of file with some customizable text, notifying the user that the file contained a virus and has been deleted.
File Filter option:
Besides virus scanning, does FSSP also supply a File Filter option. This functionality can be used for blocking potentially dangerous content, for example exe, com, vbs or scr files, but also block unwanted content like mp3 or avi files.
The difference with the file blocking option of SharePoint is that FSSP does not look at the extension alone, but also checks the file header. So renaming a exe file to txt will fool the “Block file types” option of SharePoint, but not FSSP.
Note:
As you might know, with SharePoint it is possible to block certain extensions. These blocks have precedence over the virus scanning. So if you upload an exe file which contains a virus, this file is block (by default) by the “Blocked file types” option of SharePoint, not by FSSP.
Note 2:
When a file is blocked by the File Filter, the user will receive a “Virus Found” message. Even when the file does not contain a virus. Educating your users is wise to do.
What else:
One thing to know is that once a file is scanned, it will not be scanned again until it has been changed. This will improve performance.
As mentioned before, when FSSP detects a virus during a Manual Scan it will replace the content of the file with customizable text. The name of the file will remain exactly the same. Users will not see any difference, besides the changed file size. This is due to limitations of SharePoint. The FSSP team is working with the SharePoint team to fix this.
FSSP does support the Office 2007 file format, but cannot detect if the file is a Word, Excel or PowerPoint file (besides checking the extension). The File Filter will has just one OpenXML option.
SP1 for FSSP will be release somewhere this month (June 2007). One option that has been added in this Service Pack is that installing FSSP on an Exchange server is not possible. When you have a server which is running both Exchange and SharePoint, FSSP cannot be used. Personally I find this very strange, but Microsoft probably has it reasons.
More info:
ForeFront Security for SharePoint Product Overview
Download trial
Monday, June 04, 2007
I WON!!!
I won something, I actually won something!!
And I hear you think "what did he win"? I won a copy of Microsoft Office 2007 Ultimate!!
Ok, I already had that via my MSDN subscription, but hey....I never win something and now I did!! Of course I am excited :-)
And I hear you think "what did he win"? I won a copy of Microsoft Office 2007 Ultimate!!
Ok, I already had that via my MSDN subscription, but hey....I never win something and now I did!! Of course I am excited :-)
Sysinternals tools
Recently Microsoft has bought the company Winternals. Winternals also supplied the excellent Sysinternals tools. A lot of people worldwide thought that this would be the end of those tools. Fortunately, this is not the case. They are still available and will be in the future.
During a session, given by Otto Helweg, the current situation and plans for the future passed the scene. The tools still are and will remain free. Available via the site, as a one by one download or by downloading the Sysinternals Suite and getting all tools at the same time. By average, the tools are downloaded 50.000 times a day, with the Process Explorer being the absolute number one.
Some changes to the lold Sysinternals icensing model are:
Since 2007, Microsoft has added a EULA approval to the Sysinternal tools. This caused lots of automated scripts to stop functioning, waiting for an acceptance to the EULA. Microsoft has added an "/accepteula" option to the tools to get around it.
One thing that I did not know is that the Process Monitor is a replacement for the FileMon and RegMon tools. Both tools are still available for download, but why use it if you have one integrated tool.
An issue I ran into in a project where we tried to use PSExec, is that it is not possible to start a remote PowerShell script. Somehow PowerShell does start, but is not running the script. Otto mentioned the new Windows Remote Shell, which is available in Vista, Windows Server 2008 and as seperate download somewhere over the next 6 months for XP and Windows Server 2003 to solve this issue. Too bad that we are running W2K3 at the moment :-)
Anyway, the goal of Microsoft is to expand the number of tools and functionalities in the future. Maybe even create PowerShell commandlet equivalents.
During a session, given by Otto Helweg, the current situation and plans for the future passed the scene. The tools still are and will remain free. Available via the site, as a one by one download or by downloading the Sysinternals Suite and getting all tools at the same time. By average, the tools are downloaded 50.000 times a day, with the Process Explorer being the absolute number one.
Some changes to the lold Sysinternals icensing model are:
- You are not allowed to redistribute the tools yourself
- They are free to use on every pc you own.
Since 2007, Microsoft has added a EULA approval to the Sysinternal tools. This caused lots of automated scripts to stop functioning, waiting for an acceptance to the EULA. Microsoft has added an "/accepteula" option to the tools to get around it.
One thing that I did not know is that the Process Monitor is a replacement for the FileMon and RegMon tools. Both tools are still available for download, but why use it if you have one integrated tool.
An issue I ran into in a project where we tried to use PSExec, is that it is not possible to start a remote PowerShell script. Somehow PowerShell does start, but is not running the script. Otto mentioned the new Windows Remote Shell, which is available in Vista, Windows Server 2008 and as seperate download somewhere over the next 6 months for XP and Windows Server 2003 to solve this issue. Too bad that we are running W2K3 at the moment :-)
Anyway, the goal of Microsoft is to expand the number of tools and functionalities in the future. Maybe even create PowerShell commandlet equivalents.
TechEd 2007 has started!!
This morning Bob Muglia (Senior Vice President Server and Tools Business) opened TechEd 2007 with his keynote. It started with a view backstage of Bob after his keynote. He had been targeted with fruits and vegtables, but then........Doc Brown (you know, the guy from Back To The Future) appeared to the rescue with his very own DeLorean, IT Style. He took Bob "Back to the history" to see what happened with Microsofts visions. After they returned to the current time they drove on stage with the DeLorean.
After some uplifting words from Doc, he started his keynote. This time not about Microsoft visions, but about real world problems and how to fix them. With Infrastructure Optimization, System Center Configuration Manager, System Center Virtual Machine Manager and System Center Operations Manager modeling your IT environment and from there move forward, changing split between the costs for maintaining your environment and implementing new solutions to increase efficiency, becomes easier than ever.
After some uplifting words from Doc, he started his keynote. This time not about Microsoft visions, but about real world problems and how to fix them. With Infrastructure Optimization, System Center Configuration Manager, System Center Virtual Machine Manager and System Center Operations Manager modeling your IT environment and from there move forward, changing split between the costs for maintaining your environment and implementing new solutions to increase efficiency, becomes easier than ever.
We are here!! TechEd 2007!!
I am writing this post from the TechEd 2007 in Orlando, Florida. After getting out of bed at 4am CET to go to Schiphol (Amsterdam) it is now 20 hours later and I have just completed registration. In a couple of minutes I am going to my hotel for a well deserved shower (yes, I need one), some diner and then a good night sleep.
Over the next few days I will post all things that I learn over here. So keep an eye on my blog!!
[Update] Just arrived in my hotel The Caribe Royale and man it is good!! It has a great pool including waterfalls and my room is on the top floor with excellent view!! In other words....I think I will survive this week just barely :-)
Oh and just one other thing: Can anyone tell me why the cabs of the "Yellow Cab Company" are orange?? As a dutchman I don't mind the color, but the name is a little confusing :-p
Over the next few days I will post all things that I learn over here. So keep an eye on my blog!!
[Update] Just arrived in my hotel The Caribe Royale and man it is good!! It has a great pool including waterfalls and my room is on the top floor with excellent view!! In other words....I think I will survive this week just barely :-)
Oh and just one other thing: Can anyone tell me why the cabs of the "Yellow Cab Company" are orange?? As a dutchman I don't mind the color, but the name is a little confusing :-p
Subscribe to:
Posts (Atom)