Alexander’s Blog

AVG AntiVirus is a free and popular antivirus application that people have been using on their desktop computers for years to protect their desktop operating system, such as Windows XP or Windows 7. Did you know that AVG also has an Anti-Theft Service for Android devices? Here’s how it works.

1. Download and install the AVG AntiVirus software from the Play Store on your Android device.
2. Once you have configured the software for protection, performance and privacy, click on the Anti-Theft icon to activate the service.
3. You will receive an e-mail from AVG that your service is activated, along with the instructions on how to use this service.
4. Go to any computer and visit AVG’s Anti-Theft Web page at http://www.avgmobilation.com/anti-theft.
5. Login with your Google account. Select the appropriate option, such as Shout, Locate, Lock, Unlock, Wipe, or Scan.
6. You can use the Shout option to make the device sound an alarm. Essentially, this will play a ringtone on the device. This can come handy if you can’t find your smart phone in your house and there is no other phone in the house to dial your number.
7. When you use the Locate option, it can take several minutes to locate the phone and will give you its proximity in a Google map.
8. The Lock option can be used to lock the device remotely so others can’t use it. This will require someone to enter the password that you will enter. This password is a temporary password and has nothing to do with any other password on your device or Gmail account.
9. You can use the Unlock option to send the unlock command to the device but it can’t actually unlock your device remotely. You must enter the password you provided when you used the Lock option to unlock the device
10. Using the Wipe option will wipe your Android device remotely. Needless to say, I didn’t try this feature and will have to trust AVG that it works.
11. If you select the Scan option from a desktop computer, within seconds your Android device will start scanning your computer for security threats. This is the same action that you can take from the AVG mobile application on your Android device.

Does the Service Work?

So what about security and does this Anti-Theft service really work? In my tests, I found that the application works for the most part and can be useful to lock a stolen device remotely (and potentially wipe out the device, which I didn’t try). The features work, except that the first time I used the Locate feature, it didn’t even come close to the actual location of the device. While my smart phone was in my had, it showed that my device was located in a different zip code about 10 miles away from me. After a while it did show the exact location, so decide for yourself if this is good, bad, or ugly.

Another weak point that I discovered is that the application itself doesn’t use Secure Socket Layer (SSL) to encrypt the pages on the Web site. This surprised me. A company that makes AntiVirus software should be securing pages where customers are entering passwords and working on Anti-Theft software. In other words, you are using AVG’s unsecure page to secure your Android device. Really? This makes no sense.

Not only the Web site is unsecure, the password that you provide to lock the device can only be 4-6 characters. In other words, the password you provide is going to be very weak. While this may be good enough to keep an average “Joe” out, it won’t be good enough to keep a serious hacker out.

Hopefully, over time AVG will improve this application. It’s a good start but in my opinion the application appears to be more for fun and games than to offer a serious anti-theft service……mainly due to the quality of service and the fact that AVG doesn’t offer encryption to use a security software on their Web site. As I mentioned already, it does seem to get the job done for the most part so I am not ruling it out as a totally useless application. I believe it needs work to offer better reliability for locating the device and also needs some security improvements. After all it is a security application.

---

Copyright ©2013 Zubair Alexander. All rights reserved.

Today I decided to compare Google Maps to Bing Maps to see if there is a major difference. I wasn’t looking to compare the street views, I wanted to compare the bird-eye views. Unfortunately, Google only offers the aerial view, while Bing offers both an aerial view and a bird-eye view. So this is what you see when you use Google and Bing. This is the same aerial view of downtown Seattle location with the best Google and Bing have to offer.

Click on the images to see the finer details.

Google

Bing

I recently discovered a nice little utility that locks your PC (especially useful for laptops). It’s called PREDATOR and it’s FREE. This utility can lock your PC, while you are running your Window session. It uses a USB flash drive as an access control device. You simply insert your USB flash drive, run PREDATOR, and work in Windows as you normally do. When you want to walk away from your PC, remove the USB flash drive. Your screen will darken in 30 seconds (you can change this default interval) and your mouse and keyboard will be disabled. No one will be able to use CTRL-ALT-DEL or anything else. When you get back, you simply insert your USB flash drive and your display, mouse and keyboard will be unlocked.

There are a few differences between using “Windows + L” to lock your PC or logging out from your PC and using PREDATOR. With PREDATOR you don’t even need to enter your password, just insert the USB flash drive.

You can configure PREDATOR to autostart with Windows. If your laptop is locked with PREDATOR and someone steals your laptop, when the laptop is rebooted it will remain locked. I know what you are thinking. What if I lose my USB flash drive? Well, when you setup PREDATOR you can configure a password. You can use the password to unlock the PC anytime, even if you don’t have the USB flash drive with you.

According to the manufacturer, here are some advanced security features.

Advanced Security Features:

• PREDATOR records all security-related events in a log file: start, alarms, stop. By reading this log, you will know if intruders have tried to use your computer while you have been away.
• PREDATOR frequently changes the security codes recorded on your USB drive. If an intruder manages to copy your stick, this copy will not work because the codes on your own stick will have changed in the meantime.
• PREDATOR disables the Windows task manager when you unplug the USB drive. Nobody can stop it with Ctrl-Alt-Del.
• PREDATOR lets you regain control of your computer if you lose your stick: when you start the software for the first time, you set a password that will unlock your session if your USB drive is not available.
• PREDATOR can sound an audible alarm if somebody enters an invalid password.
• And finally, PREDATOR can protect several PCs with the same USB flash drive, e.g. your home and office computers.

You can download this utility here.

I wrote the blog The Challenging Task of Managing SharePoint Permissions about one of the weaknesses in SharePoint that has to do with managing secure access and permissions. I decided to look for some third-party answers and found several products that offer the type of solutions that enterprises running SharePoint really need. Although there are sevearl vendors that offer SharePoint administration and security tools, there are some that seem to stand out: AvePoint, Barracuda, and Quest to name a few. I will obtain a copy of these products to find out how they’ve addressed the gap created by the lack of better management of permissions in MOSS 2007.

My first article in this series of reviews is about a product from Barracuda called DeliverPoint.

DeliverPoint

When I went to the DeliverPoint Web site I noticed that the product is referred to as DeliverPoint: Permissions. When I installed the product it added a console that says DeliverPoint. On the Site Actions menu it is referred to as DeliverPoint 2007. I will refer to it as DeliverPoint in this article.

Before you consider installing the product, you should check out the hardware and software requirements. I would also advise you to read the DeliverPoint Reference Guidein the installation folder because it mentions several DOs andDON’Ts that are worth reading.

Notice that Windows Server 2008 is not listed as a supported operating system. However, I was able to install and operate it on my Windows Server 2008 just fine.

Product Highlights

With DeliverPoint, Barracuda addresses several of the permission management issues that SharePoint did not address out-of-the-box. According to Barracuda, here are some of the highlights of their product.

- Built for administrators of all levels: central administrators, site collection administrators, and end-user administrators
- Central Administrators maintain control
- Discover, copy, transfer, and delete account and object permissions quickly and easily
- Keep the farm clean when employees leave the company or transfer divisions
- Empower non-IT administrators to manage permissions within their respective site collections, sites and workspaces
- Seamless integration with Microsoft Office SharePoint Server 2007 and Windows SharePoint Server 3.0.

Installation

DeliverPoint is offered only as a 32-bit product. Officially it is supported on Windows Server 2003 and not on Windows Server 2008. However, I installed it on my Windows Server 2008 server running MOSS 2007. The installation is simple. At the end of the installation you are prompted to run the Configuration Wizard.

Make sure you check for any critical updates for .NET Framework after you have finished installing the product. To run the Configuration Wizard you must have administrative privileges to the local computer. When I installed the product, I was logged on as a domain account that was a member of the local administrative group. I went to Start, All Programs, DeliverPoint, DeliverPoint Configuration Wizard but it crashed with the following error on my Windows Server 2008.

Now here’s the confusing part. Once you’ve installed the product the Configuration Wizard cannot be possibly run again. What’s confusing is that in the Start menu the wizard is available even though it has absolutely no use. It would be nice if the wizard would tell you that you have already installed and configured the product and that there is no need to run this wizard again. Instead, it gives you the impression that it crashed (well, it does crash) and you may be wasting time trying to troubleshoot a problem that is not really a problem.

I contact Barracuda’s tech support. I was able to get to them right away and the person who assisted me was very helpful. He suggested that on my Windows Server 2008 server I start the wizard from a command prompt (make sure you use Run As Administrator to open the command prompt). I went to the folder where DeliverPoint was installed and issued the following command to start the wizard.

C:\Apps (x86)\DeliverPoint>barracuda.deliverpoint.configuration.exe “c:\Apps (x86)\DeliverPoint”

Remember to use the quotes if you have spaces in the path.

Using the Product

Once the product is installed successfully you manage it from SharePoint. There is no console in Windows to use the program. Everything is managed from within SharePoint. You will notice two menu items on Site Actions menu in SharePoint: DeliverPoint 2007 and Discover Site Permissions.

DeliverPoint 2007 is the primary areato manage permissions. Using the View Menu allows you to search for account permissions (Account Centric View) and view your SharePoint site hierarchy (Farm Centric View). The Farm Centric View is the default view. You will appreciate the intuitiveness of the Account Centric View. You can copy, move, delete permissions or you can view the unique permissions for an individual. Here’s what a screen looks like when you view unique permissions for a user.

The Treeview Legend uses clean icons that clearly identify the sites that inherit permissions, sites that have unique permissions or sites that have no access. These little things make DeliverPoint design very intuitive.

DeliverPoint also adds another item on the context menu for individual items. For example, you can right-click a document in a Document Library and select Discover item Permissions using DeliverPoint to view all the permissions for that item. This capability is sorely missing in SharePoint.

In addition to the Site Actions and context menu items, DeliverPoint also appears as a third tab in the Central Administration site next to the Operations and Application Management tab. Here you will find two sections: DeliverPoint Configuration and Module Management, as shown below.

A lot of businesses have a top-level site collection that is controlled by IT. All the departments have their own sites under the top-level site. The Site Owners are responsible for managing their own sites. They need a better solution to manage security and permissions than what’s available out-of-the-box. DeliverPoint is great for these Site Owners. They can easily discover which users have access to a specific site, list, folder, or list item.

One of my favorite features in DeliverPoint is the ability to copy permissions. You can copy an account’s permissions to one or more accounts so when you hire a new employee you can copy the permissions from another employee in the department who performs similar tasks. If that’s not enough, you can even “cut & paste” to move or transfer permissions from one account to one or more accounts.

This product is even designed to conform to Microsoft’s licensing requirements. Of course, every level in DeliverPoint is security trimmed, which means you can only view, copy, delete, transfer or manage permissions where you have authorized access in SharePoint.

Conclusion

If you work with SharePoint, you desperately need a third-party product to get a better grip on your security. SharePoint administrators, network administrators, and especially the Site Owners will appreciate the simplicity, flexibility and intuitiveness of DeliverPoint. DeliverPoint is not a comprehensive solution to administer SharePoint. It’s purpose is to only manage permissions. My Internet Explorer crashed a few times while I was using the Discover Site Permissions feature but I am not ready to blame DeliverPoint for the crashes at this time because I have used this product for a very short time. If you are interested in trying out this product, you can download a free 15-day trial version here.

Next time I will review another SharePoint product that offers similar solutions to administer SharePoint permissions so stay tuned.

The Access Checker Web Part is a Windows SharePoint Services Web part from Codeplex, for use within Windows SharePoint Services v3 and Microsoft Office SharePoint Server 2007. The Web Part displays a tree view showing permissions on objects for a user scoped to a Site hierarchy. There is a second mode that is useful to see the permission inheritance of objects in a Site hierarchy.

You can download the Web part from Codeplex and extract the zip files in a folder. Run the setup.exe as a farm administrator account. When I ran the setup.exe file I got the following Timer job error:

The Windows SharePoint Services Timer service is NOT started!

Check out my blog post Error: The Windows SharePoint Services Timer service is NOT started! for more details and a possible solution.

Once you’ve install the Access Checker Web Part on your server, you can enable it in the following locations.

1. To use the Site Settings feature go to SharePoint Central Administration site and navigate to
Application Management, Manage Web Application Features. There you can activate the Access Checker Feature to enable the Site Settings Pages.

2. To use the Web part simply navigate to the Site Settings page of a Site Collection, and activate the
Access Checker Web Part feature under Site Collection Features.

At this point you should be able to go to a Web part page and add this new Web part. The Web part is located in the Site Administration area.

Once you’ve added the Web part to your site, you can view a user’s permission on each List and Site. It will also show you the permission inheritance hierarchy so you know how your permissions are setup. Here’s how you can check a user’s access.

1. Type a user’s login name either by using the People Picker or the Browse functionality.

2. From the Access drop-down button, select the type of permissions you would like to view. The options are:

-Full Control

-Design

-Manage Hierarchy

-Approve

-Contribute

-Read

-Restricted Read

-Limited Access

3. Select a filter option to either show all items, show item where user does not have access, or show items where user have access. These options are great for troubleshooting access issues.

4. Click on the Check Access button to see the results. The results are color coded. Green means the user has Read or greater access. Red means the user does not have Read or greater access.

There are two new menu items that are available under Site Actions, Site Settings after you install the Web part.

The Check User Access page contains the Access Checker Web part that is pre-configured for user access mode, while the View Permission Inheritance page contains the Access Checker Web part that is pre-configured for Permission Inheritance Mode. The color coded report makes it very easy to glance at the results and get a good idea of how the inheritance is configured, as shown in the graphic below.

The green items show you which items are inheriting permissions from the parent, while the red items are items that have unique permissions.

Conclusion

According to Codeplex there are a couple of limitations even with this latest version 1.3.0 of Access Checker Web Part. You cannot display list items in the report and the Web part currently does not work with Forms-Based Authentication. I am hoping that the next version will allow the administrators to view the permissions at the item level.

In the current version, SharePoint groups are not supported. You can only use Active Directory users (not Active Directory groups). However, even with these limitations it is great to have the ability to check access on all the sites as well as all the sites and lists within the sites. You really see the beauty of this Web part when you are working with hundreds of sites. I am currently working on a very large SharePoint site collection and this Web part is exactly what I needed to view permissions.