As you may know, SharePoint deployments are managed at the farm level. Therefore, users can install additional SharePoint farms in your environment without your permission. Obviously, you don’t want SharePoint farms popping up on your network without your knowledge and approval. You want to make sure that new deployments conform to your company’s standards. So how do you stop unauthorized SharePoint deployments? Use the following methods to block or track SharePoint installations.
To disable the installation of SharePoint Server and related products, configure the following registry key using Group Policy in Active Directory directory services:
HKLM\Software\Policies\Microsoft\Shared Tools\Web Server Extensions\14.0\ SharePoint\DWORD DisableInstall
Setting the DWORD value DisableInstall=00000001 will block the installation. Once you have configured this setting, when a user tries to install SharePoint Server, he/she will get the following error message:
SharePoint installation is blocked in your organization. Please contact your network administrator for more details.
You can also track SharePoint installations in your organization by using the Active Directory Domain Services (AD DS) marker. Here’s a description from Microsoft TechNet on how the AD DS marker works.
“An Active Directory Domain Services (AD DS) Marker called Service Connection Point identifies the SharePoint 2010 Products servers in an organization. To use this marker, create a container in AD DS and set the permissions for the container before you install any SharePoint 2010 Products in the environment. Then, when you or another user in your domain runs the SharePoint Products Configuration Wizard as part of installing SharePoint Server 2010, this marker is set, and can be tracked by using AD DS. You must set this marker for each domain that you have in your organization if you want to track installations in all domains. This marker is removed from AD DS when the last server is removed from a farm. You can also set the marker by using Windows PowerShell. The marker contains the URL for the Application Discovery and Load Balancer Service (also known as the topology service application) for the server farm.
You have to grant permission to write to this container to any user accounts or domain accounts that could run the SharePoint Products Configuration Wizard. If the account does not have permission to write to this container, the following warning will appear in the log file for the SharePoint Products Configuration Wizard:
Failed to add the service connection point for this farm
Unable to create a Service Connection Point in the current Active Directory domain. Verify that the SharePoint container exists in the current domain and that you have rights to write to it.”
For more information on how to create the container in Active Directory and set the permissions using Active Directory Service Interfaces (ADSI) Edit, check out this article.
SharePoint Server 2010 uses several regional settings, such as Locale, Sort order, Time zone, Calendar, Time format and Currency. Here’s a description of these settings.
Locale: The Locale setting controls numbering, sorting, calendar, and date and time formatting for the Web site.
Sort order: This option controls the sort order for lists and libraries.
Time zone: The Time zone setting lets you select the time zone that is appropriate for your location, such as Eastern Time zone.
Calendar: This option lets you select the type of calendar you want to use. For example, in United States we use the Gregorian calendar. In Japan you may use Japanese Emperor Era calendar.
Work Week: You can define the work week for your calendar, such as Monday through Friday.
Time Format: You can select from 12 Hour or 24 Hour format. For example, the military uses 24 Hour format.
Currency: You can also set your currency settings, which are configured on the Create Column page when you are working with lists. Technically, Currency is not a regional setting but because it is tied with the regional settings it is often considered a regional setting. The default value of the currency depends on the locale that you specify in your regional settings.
There are three places where you can configure the regional settings in SharePoint Server 2010. Let’s take a closer look at these settings.
Web Application Level
You can override the Web application level regional settings with the site level settings. You need to be a site owner to perform this action.
If the Web application and site level regional settings are not appropriate for users at different locations, such as different time zones, they can set their own regional settings.
AVG AntiVirus is a free and popular antivirus application that people have been using on their desktop computers for years to protect their desktop operating system, such as Windows XP or Windows 7. Did you know that AVG also has an Anti-Theft Service for Android devices? Here’s how it works.
So what about security and does this Anti-Theft service really work? In my tests, I found that the application works for the most part and can be useful to lock a stolen device remotely (and potentially wipe out the device, which I didn’t try). The features work, except that the first time I used the Locate feature, it didn’t even come close to the actual location of the device. While my smart phone was in my had, it showed that my device was located in a different zip code about 10 miles away from me. After a while it did show the exact location, so decide for yourself if this is good, bad, or ugly.
Another weak point that I discovered is that the application itself doesn’t use Secure Socket Layer (SSL) to encrypt the pages on the Web site. This surprised me. A company that makes AntiVirus software should be securing pages where customers are entering passwords and working on Anti-Theft software. In other words, you are using AVG’s unsecure page to secure your Android device. Really? This makes no sense.
Not only the Web site is unsecure, the password that you provide to lock the device can only be 4-6 characters. In other words, the password you provide is going to be very weak. While this may be good enough to keep an average “Joe” out, it won’t be good enough to keep a serious hacker out.
Hopefully, over time AVG will improve this application. It’s a good start but in my opinion the application appears to be more for fun and games than to offer a serious anti-theft service……mainly due to the quality of service and the fact that AVG doesn’t offer encryption to use a security software on their Web site. As I mentioned already, it does seem to get the job done for the most part so I am not ruling it out as a totally useless application. I believe it needs work to offer better reliability for locating the device and also needs some security improvements. After all it is a security application.
Here’s a scenario that several people have run into, both on Windows 7 and Windows 8. Hopefully the following solution will help.
On your Windows 7 or Windows 8 computer you go to Control -> Network and Internet -> Network and Sharing Center -> Change advanced sharing settings. You expand the private section by clicking on the down arrow. You check the box “Turn on network discovery” and then save the changes. You assume the changes are saved but if you go back to verify, the settings are reverted back and the network discovery is turned off.
1. Ensure the following services are running and are configured to start automatically in the services Console (services.msc):
2. If you are still having problems, repeat the above steps for SSDP Discovery and UPnP Device Host services to ensure they are running and configured to start automatically.
You should now be able to turn on network discovery for your Private network. For security reasons, do not turn on network discovery for Public networks. After you save the changes, go back and verify that it stays turned on. There is no need to reboot your computer after you start the above services but in some cases you may have to turn your firewall on first, make the above changes and then start the firewall if necessary.
By now you may have heard of all the warnings and bad things that can happen if you have Java installed on your computer, like having your credit card or other personal data stolen, identity theft, and spyware installed on your computer after you are redirected to certain sites. Even Department of Homeland Security (DHS) issued a warning in January to disable Java. This is rather unusual because DHS doesn’t usually go around telling people what they should remove from their computers.
- Java is an OOP programming language while Java Script is an OOP scripting language.
- They require different plug-ins.
chrome://plugins, click Disable and then restart the browser. In Firefox go to Add-ons, locate Java platform, disable it and restart the browser. In Internet Explorer it is not easy to disable Java. In fact, even if you go to Java Web site and check if you have Java installed in Internet Explorer, don’t believe it as gospel truth. You can read this InfoWorld article for more information: Disabling Java in Internet Explorer: No easy task. Frankly, besides Internet Explorer, other browsers can also lie and tell you that Java is not installed, when it is.
The security warning issued by DHS was related to all versions of Java 7 through Update 10. Java 7 Update 11 sets the default Java security settings to “High” so that users will be prompted before running unsigned or self-signed Java applets. The latest version is of today is Java 7 Update 13. With all the issues with Java I believe it is best to disable Java altogether on all the browsers. Period!
NOTE: Even after Oracle claimed that they have fixed the problem that prompted DHS to issue a security warning, DHS still insisted that we should disable Java.
Disabling Java in Internet Explorer
NOTE: On 64-bit Windows computers you can also get to the Java Control Panel by using this command at Start, Run: c:\Program Files (x86)\Java\jre7\bin\javacpl.exe. On 32-bit Windows computers, use the following command: c:\Program Files\Java\jre7\bin\javacpl.exe.
Windows XP: Go to Control Panel and double-click to open the Java Control Panel.
Disabling Java on Macs
Possible Consequences of Disabling Java
The potential drawback of disabling Java can be that some Web sites won’t display menus properly, or you may not be able to see the stock prices, weather updates or some ads. Frankly, most of us don’t care about this stuff. Even if you do, in my opinion disabling Java far outweighs the benefits of seeing ads or weather updates on different sites.
TIP: If you must use Java because you feel your life is completely miserable without Java and you had some great luck skiing in the avalanche season and skating on thin ice then enable Java in the latest version of Chrome or Firefox, rather than Internet Explorer, because they give you more control on when to run Java on specific pages.
Have I experienced any negative consequences by disabling Java in all three of my browsers (Firefox, Internet Explorer, and Chrome)?
Copyright © 2013 Zubair Alexander. All rights reserved.
25 queries. 0.506 seconds