Alexander’s Blog

As you may know, SharePoint deployments are managed at the farm level. Therefore, users can install additional SharePoint farms in your environment without your permission. Obviously, you don’t want SharePoint farms popping up on your network without your knowledge and approval. You want to make sure that new deployments conform to your company’s standards. So how do you stop unauthorized SharePoint deployments? Use the following methods to block or track SharePoint installations.

How to Block SharePoint Installations

To disable the installation of SharePoint Server and related products, configure the following registry key using Group Policy in Active Directory directory services:
HKLM\Software\Policies\Microsoft\Shared Tools\Web Server Extensions\14.0\ SharePoint\DWORD DisableInstall

Setting the DWORD value DisableInstall=00000001 will block the installation. Once you have configured this setting, when a user tries to install SharePoint Server, he/she will get the following error message:

SharePoint installation is blocked in your organization. Please contact your network administrator for more details.

How to Track SharePoint Installations

You can also track SharePoint installations in your organization by using the Active Directory Domain Services (AD DS) marker. Here’s a description from Microsoft TechNet on how the AD DS marker works.

“An Active Directory Domain Services (AD DS) Marker called Service Connection Point identifies the SharePoint 2010 Products servers in an organization. To use this marker, create a container in AD DS and set the permissions for the container before you install any SharePoint 2010 Products in the environment. Then, when you or another user in your domain runs the SharePoint Products Configuration Wizard as part of installing SharePoint Server 2010, this marker is set, and can be tracked by using AD DS. You must set this marker for each domain that you have in your organization if you want to track installations in all domains. This marker is removed from AD DS when the last server is removed from a farm. You can also set the marker by using Windows PowerShell. The marker contains the URL for the Application Discovery and Load Balancer Service (also known as the topology service application) for the server farm.

You have to grant permission to write to this container to any user accounts or domain accounts that could run the SharePoint Products Configuration Wizard. If the account does not have permission to write to this container, the following warning will appear in the log file for the SharePoint Products Configuration Wizard:

Failed to add the service connection point for this farm

Unable to create a Service Connection Point in the current Active Directory domain. Verify that the SharePoint container exists in the current domain and that you have rights to write to it.”

For more information on how to create the container in Active Directory and set the permissions using Active Directory Service Interfaces (ADSI) Edit, check out this article.

SharePoint Server 2010 uses several regional settings, such as Locale, Sort order, Time zone, Calendar, Time format and Currency. Here’s a description of these settings.

Locale: The Locale setting controls numbering, sorting, calendar, and date and time formatting for the Web site.

Sort order: This option controls the sort order for lists and libraries.

Time zone: The Time zone setting lets you select the time zone that is appropriate for your location, such as Eastern Time zone.

Calendar: This option lets you select the type of calendar you want to use. For example, in United States we use the Gregorian calendar. In Japan you may use Japanese Emperor Era calendar.

Work Week: You can define the work week for your calendar, such as Monday through Friday.

Time Format: You can select from 12 Hour or 24 Hour format. For example, the military uses 24 Hour format.

Currency: You can also set your currency settings, which are configured on the Create Column page when you are working with lists. Technically, Currency is not a regional setting but because it is tied with the regional settings it is often considered a regional setting. The default value of the currency depends on the locale that you specify in your regional settings.

There are three places where you can configure the regional settings in SharePoint Server 2010. Let’s take a closer look at these settings.

1. Web Application level (requires access to Central Administration).
2. Site level (requires Site Administrator permissions).
3. User level.

Web Application Level

1. Go to Central Administration -> Application Management -> Manage web applications.
2. Select the Web application and then on the ribbon click General Settings and from the drop-down menu select General Settings again.
3. Select the appropriate time zone for your Web sites and then click OK. These settings will apply to any new sites that you create within this Web application. Existing sites are not affected.

   

Site Level

You can override the Web application level regional settings with the site level settings. You need to be a site owner to perform this action.

1. Go to the site for which you want to change the regional settings.
2. Go to Site Actions -> Site Settings -> Site Administration -> Regional settings.

   

3. Select the appropriate regional settings for your region, such as Locale, Sort order, Time zone, Calendar, Alternate Calendar, and Time format and then click OK.

   

User Level

If the Web application and site level regional settings are not appropriate for users at different locations, such as different time zones, they can set their own regional settings.

1. Login to the SharePoint site with your user account.
2. Click on the Open Menu in the upper right-hand side and select My Settings.

   

3. Click My Regional Settings.

   

4. Uncheck the box Follow web settings and then select the appropriate setting, such as Locale, Time zone, Calendar, Alternate Calendar, and Time format and then click OK.

   

5. You should now notice your new regional settings applied to your content. For example, if you upload a file it will display your local time and not the time set at the site or Web application level.

AVG AntiVirus is a free and popular antivirus application that people have been using on their desktop computers for years to protect their desktop operating system, such as Windows XP or Windows 7. Did you know that AVG also has an Anti-Theft Service for Android devices? Here’s how it works.

1. Download and install the AVG AntiVirus software from the Play Store on your Android device.
2. Once you have configured the software for protection, performance and privacy, click on the Anti-Theft icon to activate the service.
3. You will receive an e-mail from AVG that your service is activated, along with the instructions on how to use this service.
4. Go to any computer and visit AVG’s Anti-Theft Web page at http://www.avgmobilation.com/anti-theft.
5. Login with your Google account. Select the appropriate option, such as Shout, Locate, Lock, Unlock, Wipe, or Scan.
6. You can use the Shout option to make the device sound an alarm. Essentially, this will play a ringtone on the device. This can come handy if you can’t find your smart phone in your house and there is no other phone in the house to dial your number.
7. When you use the Locate option, it can take several minutes to locate the phone and will give you its proximity in a Google map.
8. The Lock option can be used to lock the device remotely so others can’t use it. This will require someone to enter the password that you will enter. This password is a temporary password and has nothing to do with any other password on your device or Gmail account.
9. You can use the Unlock option to send the unlock command to the device but it can’t actually unlock your device remotely. You must enter the password you provided when you used the Lock option to unlock the device
10. Using the Wipe option will wipe your Android device remotely. Needless to say, I didn’t try this feature and will have to trust AVG that it works.
11. If you select the Scan option from a desktop computer, within seconds your Android device will start scanning your computer for security threats. This is the same action that you can take from the AVG mobile application on your Android device.

Does the Service Work?

So what about security and does this Anti-Theft service really work? In my tests, I found that the application works for the most part and can be useful to lock a stolen device remotely (and potentially wipe out the device, which I didn’t try). The features work, except that the first time I used the Locate feature, it didn’t even come close to the actual location of the device. While my smart phone was in my had, it showed that my device was located in a different zip code about 10 miles away from me. After a while it did show the exact location, so decide for yourself if this is good, bad, or ugly.

Another weak point that I discovered is that the application itself doesn’t use Secure Socket Layer (SSL) to encrypt the pages on the Web site. This surprised me. A company that makes AntiVirus software should be securing pages where customers are entering passwords and working on Anti-Theft software. In other words, you are using AVG’s unsecure page to secure your Android device. Really? This makes no sense.

Not only the Web site is unsecure, the password that you provide to lock the device can only be 4-6 characters. In other words, the password you provide is going to be very weak. While this may be good enough to keep an average “Joe” out, it won’t be good enough to keep a serious hacker out.

Hopefully, over time AVG will improve this application. It’s a good start but in my opinion the application appears to be more for fun and games than to offer a serious anti-theft service……mainly due to the quality of service and the fact that AVG doesn’t offer encryption to use a security software on their Web site. As I mentioned already, it does seem to get the job done for the most part so I am not ruling it out as a totally useless application. I believe it needs work to offer better reliability for locating the device and also needs some security improvements. After all it is a security application.

---

Copyright ©2013 Zubair Alexander. All rights reserved.

Here’s a scenario that several people have run into, both on Windows 7 and Windows 8. Hopefully the following solution will help.

PROBLEM

On your Windows 7 or Windows 8 computer you go to Control -> Network and Internet -> Network and Sharing Center -> Change advanced sharing settings. You expand the private section by clicking on the down arrow. You check the box “Turn on network discovery” and then save the changes. You assume the changes are saved but if you go back to verify, the settings are reverted back and the network discovery is turned off.

SOLUTION

1. Ensure the following services are running and are configured to start automatically in the services Console (services.msc):

• - Computer Browser
• - DHCP Client
• - DNS Client
• - Network Connections
• - Network Location Awareness
• - Remote Procedure Call (RPC)
• - Server
• - TCP/IP NetBIOS Helper
• - Workstation

2. If you are still having problems, repeat the above steps for SSDP Discovery and UPnP Device Host services to ensure they are running and configured to start automatically.

You should now be able to turn on network discovery for your Private network. For security reasons, do not turn on network discovery for Public networks. After you save the changes, go back and verify that it stays turned on. There is no need to reboot your computer after you start the above services but in some cases you may have to turn your firewall on first, make the above changes and then start the firewall if necessary.

By now you may have heard of all the warnings and bad things that can happen if you have Java installed on your computer, like having your credit card or other personal data stolen, identity theft, and spyware installed on your computer after you are redirected to certain sites. Even Department of Homeland Security (DHS) issued a warning in January to disable Java. This is rather unusual because DHS doesn’t usually go around telling people what they should remove from their computers.

Before I tell you how to disable Java, I want to make it clear that Java is not the same thing as JavaScript. They may sound similar but they are two different things.

Difference Between Java & JavaScript

Oracle’s Java is a programming language while JavaScript is a scripting language developed by Netscape and is not part of the Java platform. JavaScript is used inside HTML pages to enhance its functionality and can make your Web pages do things that HTML code won’t let you do by itself.

According to Java.com here are the key differences between Java and JavaScript.

Java is an OOP programming language while Java Script is an OOP scripting language.

Java creates applications that run in a virtual machine or browser while JavaScript code is run on a browser only.

Java code needs to be compiled while JavaScript code are all in text.

They require different plug-ins.

Disabling Java

So now you know that we are concerned about Java, and not JavaScript.You can disable Java on individual browsers, or you can disable Java for all the browsers. I personally prefer to disable them on all the browsers. I use Firefox, Internet Explorer and Chrome on a daily basis on the same computer. If you want to disable Java on an individual browser, for example, Chrome, you can type chrome://plugins, click Disable and then restart the browser. In Firefox go to Add-ons, locate Java platform, disable it and restart the browser. In Internet Explorer it is not easy to disable Java. In fact, even if you go to Java Web site and check if you have Java installed in Internet Explorer, don’t believe it as gospel truth. You can read this InfoWorld article for more information: Disabling Java in Internet Explorer: No easy task. Frankly, besides Internet Explorer, other browsers can also lie and tell you that Java is not installed, when it is.

The security warning issued by DHS was related to all versions of Java 7 through Update 10. Java 7 Update 11 sets the default Java security settings to “High” so that users will be prompted before running unsigned or self-signed Java applets. The latest version is of today is Java 7 Update 13. With all the issues with Java I believe it is best to disable Java altogether on all the browsers. Period!

NOTE: Even after Oracle claimed that they have fixed the problem that prompted DHS to issue a security warning, DHS still insisted that we should disable Java.

Disabling Java in Internet Explorer

1. If you don’t already have Java installed, install the latest version of Java. I know, I am asking you to install Java but you can’t kill the beast if it doesn’t exist. So first you need to install it and then disable it. This will be good for you in the long run. As of today, the latest version of Java is Java 7, Update 13.
2. Windows 8/7/Vista: Go to Control Panel and search for Java. Double-click to open the Java Control Panel.

   NOTE: On 64-bit Windows computers you can also get to the Java Control Panel by using this command at Start, Run: c:\Program Files (x86)\Java\jre7\bin\javacpl.exe. On 32-bit Windows computers, use the following command: c:\Program Files\Java\jre7\bin\javacpl.exe.

   Windows XP: Go to Control Panel and double-click to open the Java Control Panel.

3. On the Security tab, uncheck the box Enable Java content in the browser. This should disable Java on ALL your browsers, even though it doesn’t say that on the screen. This will provide the highest level of security and none of the Java apps (singed or unsigned) will run in your browser. This is the method I prefer.

   

4. Restart your browser, or as a best practice I recommend you restart your computer.
5. To verify that Java is disabled, go to the Java verification site in each browser and verify that you don’t have Java running.

Disabling Java on Macs

For instructions on how to disable Java on Macs, visit JavaTester.org. You will find some very useful information on this site. Among other things, you can also check whether JavaScripting is working in your browser. Remember, you want to disable Java, not JavaScript.

Possible Consequences of Disabling Java

The potential drawback of disabling Java can be that some Web sites won’t display menus properly, or you may not be able to see the stock prices, weather updates or some ads. Frankly, most of us don’t care about this stuff. Even if you do, in my opinion disabling Java far outweighs the benefits of seeing ads or weather updates on different sites.

TIP: If you must use Java because you feel your life is completely miserable without Java and you had some great luck skiing in the avalanche season and skating on thin ice then enable Java in the latest version of Chrome or Firefox, rather than Internet Explorer, because they give you more control on when to run Java on specific pages.

Have I experienced any negative consequences by disabling Java in all three of my browsers (Firefox, Internet Explorer, and Chrome)?

No.