Wednesday, July 25, 2007

Microsoft Surface

I have to admit when I saw this I was impressed. Although this is something you've seen in movies and what not, to actually see this coming to home use very soon is exciting. Technology is just great (when it works that is). The possibilities for this type of technology are endless, a computable surface table, awesome.

Take a look at the site:
http://www.microsoft.com/surface/

Check out "The Possibilities", that's amazing!

Metal Gear Solid 4 Gameplay Revealed!

The only thing I can say about after watching this is I wish I didn't watch it. It is so sick that I can't wait now. Damn it! Thanks a lot Kojima-san! >.<


Tuesday, July 24, 2007

Sysvol

Many people may overlook this very important folder. By default, Windows 2003 Server gives "authenticated users" full control of this folder. Patches will automatically adjust the security settings to accommodate for it, but you can easily do it yourself after installation of a new 2003 server machine.

The System Volume (Sysvol) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain. The Sysvol folder on a domain controller contains the following items:

  • Net Logon shares. These typically host logon scripts and policy objects for network client computers.
  • User logon scripts for domains where the administrator uses Active Directory Users and Computers.
  • Windows Group Policy.
  • File replication service (FRS) staging folder and files that must be available and synchronized between domain controllers.
  • File system junctions.

Best Practices for Sysvol Maintenance
http://support.microsoft.com/kb/324175

Authenticated Users Group Has Too Many Permissions to the SYSVOL Network Share
http://support.microsoft.com/kb/812538

Group Policy - Notes

Workstations check with Active Directory every 60 to 120 minutes to see if there are any new policies. If there are, then the workstations apply them - both user and machine policies.

If you are using group policies, local policy is always processed before site, domain, or OU group policies

Policies are reapplied every 90 minutes, with a 30-minute "randomization" to keep the domain controller from getting hit by many computers at once

Policies on DCs are refreshed every 5 minutes

Order in which policies are applied: local > site > domain > OU
If multiple GPOs attempt to set a setting to conflicting values, the GPO with the highest precedence sets the setting

GPO-links that are enforced cannot be blocked from the parent container

---------------------------------------------------

Managing inheritence of Group Policy:
http://technet2.microsoft.com/windowsserver/en/library/212eb1fd-11f4-465f-b243-73e542d06b2c1033.mspx?mfr=true

Referenced from "Mastering Windows Server 2003" by Mark Minasi

Friday, July 13, 2007

Best Ending in Gaming History

I thought I'd post this clip to give tribute to the best videogame ending in history (IMO of course).
The story, the characters, the music, all top notch. By far, the most emotional ending out there to date.

Dictionaries all over there world should change their definition of "patriotism" to:
Boss from Metal Gear Solid 3.

Great game.


Thursday, July 12, 2007

MGS4 - The End of a Masterpiece

After 20 years, it finally looks like the Metal Gear Saga will be coming to an end. I can't wait to see how everything unfolds.

Props and hats off to Kojima for being one of the few out there to show a sense of honour in a money driven world.


Killzone 2 - OMFG!

I have to admit that this is not the same quality as back in E3 2005, but that's because Sony didn't want to say it really was pre-rendered. But now in E3 2007, they show a trailer with live in-game graphics. Quality might not be the same, but it still looks damn good. Definitely made me drool a bit.


My Site in MOSS 2007 Open to All!

I'm not sure what the developers were thinking over at MS when they programmed this, but the fact that anyone (in the same domain or access to the SharePoint Server) can view everything in any user's My Site website is quite sad.

For example, I can go into a colleagues site and view everything. Unless specific permissions were set up, it is all open.

The default security setting is "NT AUTHORITY/Authenicated Users".

So word of advice to anyone using My Site, you'll want to change your security settings right away.

Configuring SSO in MOSS 2007

Here is another thing that took me a long time to figure out. This was never mentionned in any books or was there any information available online.

When configuring SSO (Single Sign-On) for MOSS 2007, it is best to create a separate account to run this service.

Under Operations > Manage Settings for Single Sign-On > Manage Server Settings you put in all the accounts that will run this service. After all correct information is put in and you are sure all the accounts have been created and setup properly, clicking OK should finish it off. But nope, it keeps giving you an error message saying it cannot use the account or something along those lines. I can't remember exactly. But the key here is when you press OK, you can see the browser tries to connect to http://localhost/something/soemthing/

Unless you set http://localhost as one of your trusted sites in your Internet browser, it will keep giving you that message until you do.

Amazing, how no books or any material online could be found on this.

Tip:
When configuring an account for SSO, it is best to you a security group when entering it in. This makes things much more flexible. Create an SSO admin account and make that account a member of the SSO Administrators for example.

Using LDAP to Import User Profiles into MOSS 2007

This simple task turned out to be extremely annoying. Apparently LDAP (Lightweight Directory Access Protocol) is not universal. There are multiple languages for LDAP. For example, I create a simple query using LDAP in Active Directory to retrieve all the users from a particular group in a particular OU. Works in the Active Directory test, so thinking it works fine there and the fact it is Microsoft, that copy and paste would do just fine.

Nope.

Something that should only have taken a couple minutes, ended up taking me many hours. The frustration was just irritating. In any case, here is an example of an LDAP filter that works in MOSS 2007 that retrieves all the users in the "SharePoint Users" security group.

Search Base:
DC=,DC=com

User Filter:
(&(objectCategory=Person)(objectClass=user)(memberOf=CN=SharePoint Users,OU=Information Technology,DC=,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Kerberos Implementation for MOSS 2007

This is something that took me quite awhile to figure out and implement. I decided to do this right from the start as I was building and implementing MOSS 2007. It is better to deal with this at the start then later on as you may encounter more headaches, and also you don't pose the risk of running into problems where there will be downtime for users.

Get it all done before you roll it out. I used two sources that helped me out a bit on how to properly implement Kerberos into MOSS 2007.

Source 1:
http://blogs.msdn.com/martinkearn/archive/2007/04/23/configuring-kerberos-for-sharepoint-2007-part-1-base-configuration-for-sharepoint.aspx
http://blogs.msdn.com/martinkearn/archive/2007/04/27/configuring-kerberos-for-sharepoint-2007-part-2-excel-services-and-sql-analysis-services.aspx

Source 2:
Microsoft SharePoint: Building Office 2007 Solutions in C# 2005
Author: Scot Hillier

Remove a Meeting from a Meeting Workspace in MOSS 2007

Link: http://msdn2.microsoft.com/en-us/library/ms465611.aspx

This was another annoying thing I didn't know how to get rid of. Had to do some digging and found a solution which Microsoft provides. This fix requires Visual Studio and the creation of a console application.

Use this when you can't get rid of a particular meeting in a Meeting Workspace. For example, you have 3 meetings in a meeting workspace, each with their own dates. There is no simple way to delete one meeting unless using this method. Hopefully this will be rectified some time later. For now, check out the link above for the how-to.

Virus Scanners when they screw up MOSS

Link: http://support.microsoft.com/kb/928169

The following applies to MOSS 2007 as well. This error happened to me as well and made me crap in my pants for awhile as I was clueless as to what happened. After some time I was able to fix it.

[SYMPTOMS]

When you use Microsoft Office SharePoint Portal Server 2003 (this applies to 2007 as well) on a computer that has an antivirus scan engine installed, you may experience the following symptoms:

When you browse through the Default.aspx page, you receive one of the following error codes:

  • HRESULT:0x80041050
  • HRESULT:0x80041051
  • HRESULT:0x80041052
  • HRESULT:0x80041054

When you try to open a file from a SharePoint document library, you receive the following error message:

  • http://ServerName/Sites/Site/FileName contains the following virus: The Antivirus Scanner scan engine is offline. Please try to contact the scan engine later or contact your administrator.

Additionally, you may find messages that are related to the antivirus scan engine in the Windows SharePoint Services log file. The messages resemble the following:

  • 0 08/16 00:09:25 6196 #96000a: infected by "The Symantec AntiVirus Scan Engine is offline. Please try to contact the scan engine later or contact your administrator. " - DOMAIN\USER - /sites/somesite/some document.doc
  • 0 08/16 00:09:25 6196 #96000a: infected by "The Symantec AntiVirus Scan Engine is offline. Please try to contact the scan engine later or contact your administrator. " - DOMAIN\USER - /sites/somesite/default.aspx

Note: The Windows SharePoint Services log file is located in the following folder: %WINDIR%\TEMP

[SOLUTION] (with my changes):

  1. Use Query Analyzer to connect to the SharePoint content database.
  2. Run the following query to list all the files that are affected:

    SELECT *
    FROM Docs
    WHERE (VirusStatus > 0) AND (VirusStatus IS NOT NULL)


  3. Open your SQL Server Management Studio and go to the Content Database where the page giving you the error is located (WSS_Content database for example)
  4. Create a new query and run:

    SELECT *
    FROM AllDocs
    WHERE (VirusStatus > 0) and (VirusStatus is not null)


  5. If any records are displayed, these are the files that have been indicated by the Virus Scanner (ForeFront probably - Sigh... Microsoft, come on!) to be infected, thus it will not let you access the file. If you are certain that these files are Virus free (run a manual scan just in case) then run the following query:

    UPDATE AllDocs
    SET VirusStatus = null
    WHERE (VirusStatus > 0) and (VirusStatus is not null)


  6. You may also want to remove the VirusInfo as well since it usually contains a message saying the file has been infected or something all those lines (it's not important to remove, but I like to restore everything back to original state), run:

    UPDATE AllDocs
    SET VirusInfo = null
    WHERE (VirusInfo is not null)


  7. After this is done, you will be able to access the files again. You MAY have to reboot your MOSS server and SQL Server if it still does not work even though the status has been cleared.