In an effort to protect our network against the new Gimmiv Worm it was reccomended to block traffic using ports 139 and 445. I went ahead and blocked all traffic, internal and external, to these ports. After completing this we started noticing connection issues to some of the shared folders on some of our servers. The bulk of the issues were coming from computers on one network of our WAN connecting to a server on a different network on our WAN. After some testing I was able to determine that is issue was a result of blocking these ports. It looks like I should have only blocked inbound traffic to these ports. Windows relys on these ports for connectivity to the network.
I found a great posting that explains what these ports do. http://www.petri.co.il/what
Thursday, October 30, 2008
Friday, October 24, 2008
Changing the SID on a Windows 2003 server
I have imaged countless computers over the years. In the past after the computer was imaged I would fire up the comptuer and run SysPrep to reset the SID (Computer Security Identifier). This would work fine but it would require me to go through the initial Windows setup again.
Recently I have been getting more involved with server virtualization using VMWare. I have created a couple of basic Windows 2003 virtual images. I knew when I deployed them I would need to reset the SID on the new virtual server.
After poking around I found NewSID on Microsoft's TechNet site. NewSID is a small executable that will reset your SID. It gives you the option to set a random SID, copy a SID from another comptuer or specify the SID. It will also allow you to change the current computer name.
My inital testing of it appears to be pretty positive. I have it on my basic virtual images. After I power up the virtual server for the first time I run NewSID. The basic virtual image network card is also setup to use DHCP so I wont run into IP conflicts.
I found NewSID by going to: http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
Recently I have been getting more involved with server virtualization using VMWare. I have created a couple of basic Windows 2003 virtual images. I knew when I deployed them I would need to reset the SID on the new virtual server.
After poking around I found NewSID on Microsoft's TechNet site. NewSID is a small executable that will reset your SID. It gives you the option to set a random SID, copy a SID from another comptuer or specify the SID. It will also allow you to change the current computer name.
My inital testing of it appears to be pretty positive. I have it on my basic virtual images. After I power up the virtual server for the first time I run NewSID. The basic virtual image network card is also setup to use DHCP so I wont run into IP conflicts.
I found NewSID by going to: http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
Tuesday, October 21, 2008
STSADM to Backup Sharepoint
I have tried many different ways to backup a Sharepoint site. I have found STSADM to be pretty reliable when backing up an entire site.
Here is the command I use:
stsadm -o backup -url http://sharepoint/site -filename d:\backupfolder\backup.bak -backupmethod full
You can also use the -overwrite switch to overwrite an existing backup file.
Here is the command I use:
stsadm -o backup -url http://sharepoint/site -filename d:\backupfolder\backup.bak -backupmethod full
You can also use the -overwrite switch to overwrite an existing backup file.
Monday, October 20, 2008
Moving Folders From One Server to Another
I am in the processing of replacing a server that is ready for retirement. It is necessary for me to move the information from the old server (server A) to the new server (server B). Traditional Copy and Paste will not work because it will only copy the files, not the creation dates, security etc. Here is how I accomplished the task.
To properly copy all of the information I used Robocopy.
To properly copy all of the information I used Robocopy.
- Robocopy is part of the Windows Server 2003 Resource Kit Tools. The Resource Kit can be downloaded at: http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
- I was also able to find and download Robocopy GUI for Microsoft Technet. As the name implies, it is the GUI version of Robocopy. http://technet.microsoft.com/en-us/magazine/cc160891.aspx
I used Robocopy GUI for this task. I selected the Source and Target Path. In the Copy Options Tab I selected /S /E /SEC. This copied all files and folders from Server A to Server B. It also retained the attributes and Security settings for the files and folders.
Restricting a user to view only his/her docs in a SharePoint Libary
Sometimes it is necesary to setup a document/form libary up in SharePoint to allow a user to only documents created by the end user. Here are the steps I completed to accomplish this:
- Create a View that only displays the documents created by [Me] the end user.
- Create a new view. Select the fields you want the end users to view.
- Select the Box "Make this the default view"
- In the Filter section Select, Created By, is equal to, [Me]
- Click OK
- If an "All Documents" view exists, open it to edit it. Click the Delete button to delete it.
- If an "Explorer View" view exists, open it to edit it. Click the Delete button to delete it.
- Now you will need to adjust security settings so a person can not create a view.
- At the site main page Click People and Groups in the Quick Launch
- Click Site Permissions in the Quick Launch
- Under Setting select Permission Levels
- Click the Contribute Permission level to open it.
- Clck the Copy Permission Level button.
- Name the new Permission level anything you choose, such as Conribute without View Creation.
- UnCheck Manage Personal Views in the Personal Permissions section.
- Disable "Open in Explorer" under Actions.
- Instructions on this can be found on my other post: http://duhralf.blogspot.com/2008/10/remove-open-in-windows-explorer.html
Remove "Open in Windows Explorer"
Sharepoint is designed to be a resource for people to easily access the information they need. End users are given many options on how to access the info on Sharepoint. One powerful way is to use the tool "Open in Windows Explorer". This is found under Actions in the form/document library you are using. The big advantage of using "Open in Windows Explorer" is it enables you to easily view, copy, delete documents in an environment most are familiar with. This can be a big advantage.
Recently I ran into a possible drawback to "Open in Windows Explorer". Here was my issue:
I created a form libary that will be used for Performance Appraisals. The forms are created in InfoPath. Mangers connect to the form library, click New, fill out the Performance Appraisal on the employee. I have created a submit button on the form that automatically saves the form to the form libary and saves it using the "employee name" and "review date" fields in the form. All is well up to this point.
The real issue that I ran into was, Performance Appraisals are very confidential. Management made the decision that the only person that could see the Performance Appraisal in the form library was the person who created it. That sounded easy enough, I would remove the All Documents view and create a single view that would only display documents created by [Me]. I also changed rights on the form library so nobody could create new views after all, if they could create a view, they could create one that could show all fields in the form libary.
Unfortunately, when you select "Open in Windows Explorer" you can see all documents in the form libary. The only way I have found around this issue is to Remove the "Open in Windows Explorer" options under Actions. There is one huge drawback with this. When you remove "Open in Windows" is must be at the Site Collection level. You lose it for all of your sites. On the positive side, you can set it up so a Site Owner can still see "Open in Windows Explorer".
Here is how I disabled "Open in Windows Explorer" for everyone except site Owners.
Recently I ran into a possible drawback to "Open in Windows Explorer". Here was my issue:
I created a form libary that will be used for Performance Appraisals. The forms are created in InfoPath. Mangers connect to the form library, click New, fill out the Performance Appraisal on the employee. I have created a submit button on the form that automatically saves the form to the form libary and saves it using the "employee name" and "review date" fields in the form. All is well up to this point.
The real issue that I ran into was, Performance Appraisals are very confidential. Management made the decision that the only person that could see the Performance Appraisal in the form library was the person who created it. That sounded easy enough, I would remove the All Documents view and create a single view that would only display documents created by [Me]. I also changed rights on the form library so nobody could create new views after all, if they could create a view, they could create one that could show all fields in the form libary.
Unfortunately, when you select "Open in Windows Explorer" you can see all documents in the form libary. The only way I have found around this issue is to Remove the "Open in Windows Explorer" options under Actions. There is one huge drawback with this. When you remove "Open in Windows" is must be at the Site Collection level. You lose it for all of your sites. On the positive side, you can set it up so a Site Owner can still see "Open in Windows Explorer".
Here is how I disabled "Open in Windows Explorer" for everyone except site Owners.
- On your SharePoint server go to the following folder and make a copy of the DefaultTemplates.ascx file. \Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\CONTROLTEMPLATES
- Rename the copy of DefaultTemplates.ascx to CustomDefalutTemplates.ascx
- Open CustomDefaultTemplates.ascx in Notepad and change the following line:
- ID="OpenInExplorer" Change PermissionString="UseClientIntegration" to PermissionString="MangeWeb"
- Save the file
- Reset IIS
I do not take credit for coming up with this solution. After searching many ways of diabling "Open Windows Explorer" this solution was found on the following blog: http://sharepoint-uk.blogspot.com/2008/03/in-order-to-remove-open-in-windows.html This was by far the easiest way I found to perform the task.
Deactivate Features in SharePoint
I am currently working with 2 different Sharepoint servers. One is running MOSS, the other WSS3. I am attempting to export a form libary from MOSS to WSS3. During the import process I ran into the following error: "Could not find Feature DataConectionLibrary" After doing some research I was able to find the following fix:
Before you export the the site using stsadm you must first deactivate the feature. Use this command to deactivate the feature:
stsadm -o deactivatefeature -name DataConnectionLibary -url [the url of your site] -force
After stsadm has completed successfully, export the site using:
stsadm - export -url [url of your site] -versions 4 -includeusersecurity -filename [location of where you want to save the backup file ex. c:\backup\sitebackup.bak]
After your export is complete go ahead and reactivate the feature on the origional site:
stsadm -o activatefeature -name DataConnectionLibary -url [the url of your site] -force
Before you export the the site using stsadm you must first deactivate the feature. Use this command to deactivate the feature:
stsadm -o deactivatefeature -name DataConnectionLibary -url [the url of your site] -force
After stsadm has completed successfully, export the site using:
stsadm - export -url [url of your site] -versions 4 -includeusersecurity -filename [location of where you want to save the backup file ex. c:\backup\sitebackup.bak]
After your export is complete go ahead and reactivate the feature on the origional site:
stsadm -o activatefeature -name DataConnectionLibary -url [the url of your site] -force
Solutions Abound
I have been in the I.T. industry for many years. I feel as if I have a fair amount of knowledge of many different technologies but am a master at few. Most every day I run into one of those "head scratcher" questions. Thank goodness for the Internet and everyone who contribute to it. Because of the time and effort they take to share there knowledge gives me the ability to solve most of the issues I run into on a regular basis.
Because all of the answers I have received I feel it is only fair if I contribute my own 2 bits of knowledge. With any luck, this blog will serve 2 purposes. First it will assist others in answering some of the questions they may run into. Second, it will act as a central location for me to save all of the solutions I have needed to answer the questions I have run into.
Because all of the answers I have received I feel it is only fair if I contribute my own 2 bits of knowledge. With any luck, this blog will serve 2 purposes. First it will assist others in answering some of the questions they may run into. Second, it will act as a central location for me to save all of the solutions I have needed to answer the questions I have run into.
Subscribe to:
Posts (Atom)
Posts
