Wednesday, July 25, 2007
Take a look at the site:
Check out "The Possibilities", that's amazing!
Tuesday, July 24, 2007
Many people may overlook this very important folder. By default, Windows 2003 Server gives "authenticated users" full control of this folder. Patches will automatically adjust the security settings to accommodate for it, but you can easily do it yourself after installation of a new 2003 server machine.
The System Volume (Sysvol) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain. The Sysvol folder on a domain controller contains the following items:
- Net Logon shares. These typically host logon scripts and policy objects for network client computers.
- User logon scripts for domains where the administrator uses Active Directory Users and Computers.
- Windows Group Policy.
- File replication service (FRS) staging folder and files that must be available and synchronized between domain controllers.
- File system junctions.
Best Practices for Sysvol Maintenance
Authenticated Users Group Has Too Many Permissions to the SYSVOL Network Share
Workstations check with Active Directory every 60 to 120 minutes to see if there are any new policies. If there are, then the workstations apply them - both user and machine policies.
If you are using group policies, local policy is always processed before site, domain, or OU group policies
Policies are reapplied every 90 minutes, with a 30-minute "randomization" to keep the domain controller from getting hit by many computers at once
Policies on DCs are refreshed every 5 minutes
Order in which policies are applied: local > site > domain > OU
If multiple GPOs attempt to set a setting to conflicting values, the GPO with the highest precedence sets the setting
GPO-links that are enforced cannot be blocked from the parent container
Managing inheritence of Group Policy:
Referenced from "Mastering Windows Server 2003" by Mark Minasi
Friday, July 13, 2007
The story, the characters, the music, all top notch. By far, the most emotional ending out there to date.
Dictionaries all over there world should change their definition of "patriotism" to:
Boss from Metal Gear Solid 3.
Thursday, July 12, 2007
I have to admit that this is not the same quality as back in E3 2005, but that's because Sony didn't want to say it really was pre-rendered. But now in E3 2007, they show a trailer with live in-game graphics. Quality might not be the same, but it still looks damn good. Definitely made me drool a bit.
For example, I can go into a colleagues site and view everything. Unless specific permissions were set up, it is all open.
The default security setting is "NT AUTHORITY/Authenicated Users".
So word of advice to anyone using My Site, you'll want to change your security settings right away.
When configuring SSO (Single Sign-On) for MOSS 2007, it is best to create a separate account to run this service.
Under Operations > Manage Settings for Single Sign-On > Manage Server Settings you put in all the accounts that will run this service. After all correct information is put in and you are sure all the accounts have been created and setup properly, clicking OK should finish it off. But nope, it keeps giving you an error message saying it cannot use the account or something along those lines. I can't remember exactly. But the key here is when you press OK, you can see the browser tries to connect to http://localhost/something/soemthing/
Unless you set http://localhost as one of your trusted sites in your Internet browser, it will keep giving you that message until you do.
Amazing, how no books or any material online could be found on this.
When configuring an account for SSO, it is best to you a security group when entering it in. This makes things much more flexible. Create an SSO admin account and make that account a member of the SSO Administrators for example.
Something that should only have taken a couple minutes, ended up taking me many hours. The frustration was just irritating. In any case, here is an example of an LDAP filter that works in MOSS 2007 that retrieves all the users in the "SharePoint Users" security group.
(&(objectCategory=Person)(objectClass=user)(memberOf=CN=SharePoint Users,OU=Information Technology,DC=
Get it all done before you roll it out. I used two sources that helped me out a bit on how to properly implement Kerberos into MOSS 2007.
Microsoft SharePoint: Building Office 2007 Solutions in C# 2005
Author: Scot Hillier
This was another annoying thing I didn't know how to get rid of. Had to do some digging and found a solution which Microsoft provides. This fix requires Visual Studio and the creation of a console application.
Use this when you can't get rid of a particular meeting in a Meeting Workspace. For example, you have 3 meetings in a meeting workspace, each with their own dates. There is no simple way to delete one meeting unless using this method. Hopefully this will be rectified some time later. For now, check out the link above for the how-to.
The following applies to MOSS 2007 as well. This error happened to me as well and made me crap in my pants for awhile as I was clueless as to what happened. After some time I was able to fix it.
When you use Microsoft Office SharePoint Portal Server 2003 (this applies to 2007 as well) on a computer that has an antivirus scan engine installed, you may experience the following symptoms:
When you browse through the Default.aspx page, you receive one of the following error codes:
When you try to open a file from a SharePoint document library, you receive the following error message:
- http://ServerName/Sites/Site/FileName contains the following virus: The Antivirus Scanner scan engine is offline. Please try to contact the scan engine later or contact your administrator.
Additionally, you may find messages that are related to the antivirus scan engine in the Windows SharePoint Services log file. The messages resemble the following:
- 0 08/16 00:09:25 6196 #96000a: infected by "The Symantec AntiVirus Scan Engine is offline. Please try to contact the scan engine later or contact your administrator. " - DOMAIN\USER - /sites/somesite/some document.doc
- 0 08/16 00:09:25 6196 #96000a: infected by "The Symantec AntiVirus Scan Engine is offline. Please try to contact the scan engine later or contact your administrator. " - DOMAIN\USER - /sites/somesite/default.aspx
Note: The Windows SharePoint Services log file is located in the following folder: %WINDIR%\TEMP
[SOLUTION] (with my changes):
- Use Query Analyzer to connect to the SharePoint content database.
- Run the following query to list all the files that are affected:
WHERE (VirusStatus > 0) AND (VirusStatus IS NOT NULL)
- Open your SQL Server Management Studio and go to the Content Database where the page giving you the error is located (WSS_Content database for example)
- Create a new query and run:
WHERE (VirusStatus > 0) and (VirusStatus is not null)
- If any records are displayed, these are the files that have been indicated by the Virus Scanner (ForeFront probably - Sigh... Microsoft, come on!) to be infected, thus it will not let you access the file. If you are certain that these files are Virus free (run a manual scan just in case) then run the following query:
SET VirusStatus = null
WHERE (VirusStatus > 0) and (VirusStatus is not null)
- You may also want to remove the VirusInfo as well since it usually contains a message saying the file has been infected or something all those lines (it's not important to remove, but I like to restore everything back to original state), run:
SET VirusInfo = null
WHERE (VirusInfo is not null)
- After this is done, you will be able to access the files again. You MAY have to reboot your MOSS server and SQL Server if it still does not work even though the status has been cleared.