Alexander’s Blog

By now you may have heard of all the warnings and bad things that can happen if you have Java installed on your computer, like having your credit card or other personal data stolen, identity theft, and spyware installed on your computer after you are redirected to certain sites. Even Department of Homeland Security (DHS) issued a warning in January to disable Java. This is rather unusual because DHS doesn’t usually go around telling people what they should remove from their computers.

Before I tell you how to disable Java, I want to make it clear that Java is not the same thing as JavaScript. They may sound similar but they are two different things.

Difference Between Java & JavaScript

Oracle’s Java is a programming language while JavaScript is a scripting language developed by Netscape and is not part of the Java platform. JavaScript is used inside HTML pages to enhance its functionality and can make your Web pages do things that HTML code won’t let you do by itself.

According to Java.com here are the key differences between Java and JavaScript.

Java is an OOP programming language while Java Script is an OOP scripting language.

Java creates applications that run in a virtual machine or browser while JavaScript code is run on a browser only.

Java code needs to be compiled while JavaScript code are all in text.

They require different plug-ins.

Disabling Java

So now you know that we are concerned about Java, and not JavaScript.You can disable Java on individual browsers, or you can disable Java for all the browsers. I personally prefer to disable them on all the browsers. I use Firefox, Internet Explorer and Chrome on a daily basis on the same computer. If you want to disable Java on an individual browser, for example, Chrome, you can type chrome://plugins, click Disable and then restart the browser. In Firefox go to Add-ons, locate Java platform, disable it and restart the browser. In Internet Explorer it is not easy to disable Java. In fact, even if you go to Java Web site and check if you have Java installed in Internet Explorer, don’t believe it as gospel truth. You can read this InfoWorld article for more information: Disabling Java in Internet Explorer: No easy task. Frankly, besides Internet Explorer, other browsers can also lie and tell you that Java is not installed, when it is.

The security warning issued by DHS was related to all versions of Java 7 through Update 10. Java 7 Update 11 sets the default Java security settings to “High” so that users will be prompted before running unsigned or self-signed Java applets. The latest version is of today is Java 7 Update 13. With all the issues with Java I believe it is best to disable Java altogether on all the browsers. Period!

NOTE: Even after Oracle claimed that they have fixed the problem that prompted DHS to issue a security warning, DHS still insisted that we should disable Java.

Disabling Java in Internet Explorer

1. If you don’t already have Java installed, install the latest version of Java. I know, I am asking you to install Java but you can’t kill the beast if it doesn’t exist. So first you need to install it and then disable it. This will be good for you in the long run. As of today, the latest version of Java is Java 7, Update 13.
2. Windows 8/7/Vista: Go to Control Panel and search for Java. Double-click to open the Java Control Panel.

   NOTE: On 64-bit Windows computers you can also get to the Java Control Panel by using this command at Start, Run: c:\Program Files (x86)\Java\jre7\bin\javacpl.exe. On 32-bit Windows computers, use the following command: c:\Program Files\Java\jre7\bin\javacpl.exe.

   Windows XP: Go to Control Panel and double-click to open the Java Control Panel.

3. On the Security tab, uncheck the box Enable Java content in the browser. This should disable Java on ALL your browsers, even though it doesn’t say that on the screen. This will provide the highest level of security and none of the Java apps (singed or unsigned) will run in your browser. This is the method I prefer.

   

4. Restart your browser, or as a best practice I recommend you restart your computer.
5. To verify that Java is disabled, go to the Java verification site in each browser and verify that you don’t have Java running.

Disabling Java on Macs

For instructions on how to disable Java on Macs, visit JavaTester.org. You will find some very useful information on this site. Among other things, you can also check whether JavaScripting is working in your browser. Remember, you want to disable Java, not JavaScript.

Possible Consequences of Disabling Java

The potential drawback of disabling Java can be that some Web sites won’t display menus properly, or you may not be able to see the stock prices, weather updates or some ads. Frankly, most of us don’t care about this stuff. Even if you do, in my opinion disabling Java far outweighs the benefits of seeing ads or weather updates on different sites.

TIP: If you must use Java because you feel your life is completely miserable without Java and you had some great luck skiing in the avalanche season and skating on thin ice then enable Java in the latest version of Chrome or Firefox, rather than Internet Explorer, because they give you more control on when to run Java on specific pages.

Have I experienced any negative consequences by disabling Java in all three of my browsers (Firefox, Internet Explorer, and Chrome)?

No.

When working with Windows computers, especially Windows servers, I often run into situations where the hard drive is running out of disk space. In fact, I have often seen drives literally have no available space on a SharePoint or SQL server. There are too many reasons why a drive can run out of space, or continue to run out of space even if you keep freeing more disk space. In this article I won’t be going into the details of the reasons why drives run out of space but I can tell you that trace logs, SharePoint_Config_log.ldf file on SharePoint 2010, and cache files in %windir%\winsxs\ManifestCache folder on the server and PST files, temporary files, and thumbnails, eating up the disk on the workstation are a few common reasons. I have also blogged about other reasons in the past. The purpose of this article is to show you how to find out the size of some of the largest files on your computer so you can take action and delete them if they are not needed.

Not all large files are needed. If they are not needed then there is no sense in keeping them on your computer. Obviously, you can delete a lot of small junk files but The question is how to find out which are the largest files. A simple way to find out the size of the largest files is to write a PowerShell script. You can then pipe the results of the script to a file and look at them one by one. Here’s a sample script that will display in GB the 5 largest files on your server or workstation. You can change the number 5 at the end of the script to display more or fewer large files.

@echo off
Powershell -noexit “Get-PSdrive  | where { $_.Used -gt 0 } | foreach { Get-ChildItem $_.Root -recurse -force -ErrorAction SilentlyContinue | Select Name,DirectoryName, @{Label=’Size’;Expression={($_.Length/1GB).ToString(‘F04′)}} | Sort Size -descending | select -first 5}”

1. Paste the above script in Notepad.
2. Save the file as a batch file (File, Save As, change “Save as type” to All files, click Save). Give it a name like Top5largestFiles.bat. Make sure you use the .bat extension, otherwise it will not execute as batch file.
3. Start the Command Prompt as an Administrator.
4. Go to the folder where you saved the batch file.
5. Type the name of the batch file (e.g. Top5largestFiles). It’s optional to type the .bat at the end of a batch file because the system automatically knows that it’s an executable file.
6. Wait a while because the batch file needs to go through every file on your computer. The results will be displayed in GB.
7. You can also pipe the results into a text file if for some reason you want to save the results as a reference for future use. For example, type
   5ToplargestFiles > largefiles.txt
   This will send the results into a text file called largestfiles.txt.
8. Once you know which files are the largest files you can go through them and see if some of them can be deleted. Obviously, you have to have certain level of knowledge to understand which files are safe to delete.

As an example, on a SQL Server 2008 R2 if you run out of disk space, you can delete the file that ends with _blobs.bin (e.g. a368b368b28d9265_blobs.bin) in the %windir%\winsxs\ManifestCache folder. According to Microsoft, this file is used by Windows Update mechanism and it is safe to delete this file. However, do not delete or mess with any other files in the WinSxS foder. Even if you delete all the files in the ManifestCache folder, they may appear later after a Windows Update or a reboot but will likely be not as large. Just keep an eye on these files and deleted them when necessary. Here a post from Joseph Conway on TechNet that describes in detail what the WinSxS folder is all about. Unfortunately, there is no known solution to this problem of Windows servers and workstations running out of disk space. Until Microsoft comes up with a solution, here’s a workaround.

Here’s how you can delete files in the Windows\WinSxS\ManifestCache folder.

1. Run the above batch file to find out the top 5 largest files.
2. If the files in the ManifestCache folder are among the largest files then use the following commands.
3. Run Command Prompt as an Administrator.
4. Run the command “net stop trustedinstaller” without the quotes to stop the Windows Modules Installer service. If your OS is running this service then make sure you wait for it to stop, if it’s not running and you get the message “The Windows Modules Installer service is not started” then go to the next step.
5. Type EXIT to get out of the PowerShell command and run the command “takeown /f %windir%\winsxs\ManifestCache\*” without the quotes at the Command Prompt to take the ownership of the folder. This step is necessary because you must take ownership of the folder before giving the Administrators proper permission.
6. If you get an error it’s likely because you ignored the first part of the previous step and ran the command inside PowerShell (if your prompt starts with PS then you are in the PowerShell command). If you run the command in PowerShell you will get the message “ERROR: The system cannot find the path specified.”
7. Run the command “Icacls %windir%\winsxs\ManifestCache\* /grant Administrators:f” without the quotes to grant Administrators Full Access permissions to the folder.
8. The last step is to delete the files in the ManifestCache folder. Run the command “del /q %windir%\winsxs\ManifestCache\*” without the quotes.
9. Restart the Windows Modules Installer service by typing “net start trustedinstaller” without the quotes.

Scheduling Cleanup of ManifestCache folder

The ManifestCache folder will continue to grow in the future but you can create a batch file to cleanup the content occasionally. I would recommend that you clean up the folder only if you need disk space because the cache files will improve performance. This solution is for people who are in desperate need of additional disk space. Here’ a batch file that I use on my SharePoint 2010 server and my SQL Server 2008 R2 server. I saved the content of this batch file in Notepad and named the file CleanManifestFolder.bat. I run this file at the elevated Command Prompt.

@echo off
cls
net stop trustedinstaller
takeown /f %windir%\winsxs\ManifestCache\*
Icacls %windir%\winsxs\ManifestCache\* /grant Administrators:f
del /q %windir%\winsxs\ManifestCache\*
net start trustedinstaller

You can also schedule to run this file with Task Scheduler if necessary.

Disk Cleanup Tool

At this point you may want to go through additional files and delete them if they are safer to delete. On some operating systems, such as Windows 7, you also have the option Disk Cleanup on the drive properties. However, this tool is designed to delete only certain types of files that are safe to delete, such as downloaded program files, temporary Internet files, setup log files, temporary files, thumbnails, etc. It won’t find other files that can be very large and often useless. I still encourage you to go through these and delete them. Especially, the temporary files and thumbnails. I noticed that on my PC, the thumbnails were 79MB but the temporary files were a whopping 13.7GB. Your mileage may vary but the results may surprise you.

I often create a new site collection based on Microsoft Office SharePoint Server (MOSS) 2007 Collaboration Portal template for my clients’ intranet site. Just so you know, the Collaboration Portal template is hidden in SharePoint Server 2010. I use a PowerShell script to create the top-level site collection using the site template ID (SPSPORTAL#0) for the Collaboration Portal, as documented in my post Installing Collaboration Portal in SharePoint 2010.

Sometimes you may want to create a site based on your own custom site template that you have previously saved. Of course, if the site is a subsite then you can use the GUI to create the site, unless it’s a hidden template. However, if you want to use a script, and there are several situations where you may want to do that, the following script will come handy to create a new site based on a custom site template. Thanks to SharePoint MVP Alex Pierce for this script.

Step 1

Get the site template ID using the following method.

1. Enter the following text in Notepad.
   $url = “http://www.contoso.com/”
   $site= new-Object Microsoft.SharePoint.SPSite($url )
   $loc= [System.Int32]::Parse(1033)
   $templates= $site.GetWebTemplates($loc)
   foreach ($child in $templates){ write-host $child.Name “  ” $child.Title}

   Replace “http://www.contoso.com/” with your site URL.

2. Save the file with .ps1 extension, e.g. GetSiteID.ps1.
3. Run the file in PowerShell.
4. You will see all the sites and their IDs displayed.
5. Make a note of your custom site’s ID.

Step 2

Use the method documented in my post Installing Collaboration Portal in SharePoint 2010 to create a new site based on your custom site ID.

I prefer to use PowerShell ISE over the standard Windows PowerShell console. Here are some keyboard shortcuts that you may find helpful. Just make sure that you use the 64-bit version of PowerShell ISE and not the 32-bit. If you use Windows PowerShell ISE in Windows Server 2008 R2 or Windows 7 then you are using the 64-bit version. If you use Windows PowerShell ISE (x86) then you are using the 32-bit version.

For more information on this topic check out this Microsoft TechNet article.

Microsoft Office SharePoint Server (MOSS) 2007 has a feature called ViewFormPagesLockdown, or some people simply refer to it as the SharePoint lockdown feature. Fortunately, the feature also works with SharePoint Server 2010.

The lockdown feature is useful if you have a site collection that is configured for Anonymous access on a Publishing site and you want to lock it down so Anonymous users don’t have access to the Forms page (e.g. http://ServerName/Pages/Forms/AllItems.aspx). You might also be able to take advantage of this feature in another way. For example, if you ever run into an issue on a Publishing Portal configured for Anonymous access where users are unable to post comments (which are stored in a List) on a blog site then the lockdown feature can be disabled, which will result in allowing Anonymous users to post comments. Normally, people won’t have problem posting comments on a blog site unless it is a Publishing site, in which case they will get a prompt to enter user credentials. In such a scenario you can disable the lockdown feature.

NOTE: By default, all publishing sites have the ViewFormPagesLockdown feature enabled.

You can either use stsadm.exe or PowerShell to enable this feature. I prefer to use PowerShell. If you want more detailed information on how to use stsadm.exe, Microsoft’s Tyler Butler has documented it here for MOSS 2007.

With PowerShell, you can easily enable to disable this feature. Here are the instructions.

1. If you are unsure whether the lockdown is enabled, use the following PowerShell command to find out the answer.
   get-spfeature -site SiteCollectionURL
   e.g. get-spfeature -site http://www.winnetusergroup.com

   

2. Look at all the features listed and see if ViewFormPagesLockdown is enabled. If you see it listed then it is enabled, otherwise ViewFormPagesLockdown is disabled.
3. The lockdown feature can be enabled or disabled. To enable it first run the following command.
   $lockdown = get-spfeature viewformpageslockdown
4. Now execute the following command to enable it.
   enable-spfeature $lockdown -url SiteCollectionURL
   e.g. enable-spfeature $lockdown -url http://www.winnetusergroup.com

   
   
   NOTE: To disable the lockdown feature replace the word enable with disable. For example:
   disable-spfeature $lockdown -url SiteCollectionURL

5. At this point you can verify that the feature is enabled by running the following command. Look for the ViewFormPagesLockdown entry in the list. If it exists, the lockdown feature is enabled.

   
   
   

6. According to Microsoft, if Anonymous Access is configured for the site then you need to first disable it and then re-enable it. To enable/disable Anonymous Access in SharePoint Server 2010 go to Site Actions, Site Permissions and click Anonymous Access icon on the ribbon.