Dev Team Assemble » Security

Windows 2008 Server GPO – Force Allow Remote Desktop Connections

Calvin — Wed, 29 Sep 2010 18:00:07 +0000

Neat thing I figured out today...which I am 100% certain I will forget...to force allow remote desktop connections on a windows 2008 domain you need to set the following

Set windows Firewall to have a exception for the remote connection : computer >> admin templates >> network >> network connections >> windows firewall >> domain profile >> windows firewall: allow inbound remote desktop exceptions
Set the remote desktop services to allow connections: : computer >> admin templates >> windows components >> remote desktop services >> remote desktop session host >> connections >> Allow users to connect remotely using remote desktop services

Technorati Tags: Configuration, GPO, group policy, remote desktop, Security, Windows, windows 2008 r2

SPException: SharePoint cannot find the user – SharePoint SPWeb.EnsureUser() and a Custom MembershipProvider

Calvin — Wed, 05 Aug 2009 22:22:28 +0000

Its seems that SharePoint has a knack for surprising me with seriously strange errors sometimes. Usually at the core of the error there is a sound explanation as to why this is happening but nonetheless I am not pleased with the obscurity of them sometimes. Case in point, while working on a Console application that would load FBA (Forms Based Authentication) users into a sharepoint sie collection and then create a site for each one (granting permissions and so on) I came across a very strange error - SPException: SharePoint cannot find the user.

This kind of surprised me at first and I was wondering if somehow my CustomMembershipProvider setup stopped working on my portal site, but that was fine. So after hammering away at it for a while I came across a great article written by Waldek Mastykarz on this exact problem. After reading through his investigation it makes sense why it doesn't work in a console application but it works under the context of a SharePoint website. Essentially the web application has access to a context object and this has access to the providers node in your web.config file, BUT the console application does not have this information available. So when the SharePoint assemblies attempt to access this information they cannot because it does not exist.

The way around this is to create an HttpContext in your application before attempting to run SPWeb.EnsureUser("blah") like so:


if (HttpContext.Current == null)
{
     HttpRequest request = new HttpRequest("", web.Url, "");
     HttpContext.Current = new HttpContext(request,
     new HttpResponse(new StringWriter()));
     HttpContext.Current.Items["HttpHandlerSPWeb"] = web;
}

Then add the system.web/membership/providers node to your app.config file (which you may have to create in the project).. Mine looks like so:

After adding this information and running a few tests it started to work. In fact it worked really well on my dev box...the only problem was it was a little intermittent on my production machine. Which is funny because the provider on the site itself works just fine all the time but in order to get my console application working (the EnsureUser() portion) the site would require an IIS reset. This is the one MAJOR stumbling block that I have yet to overcome...the only saving grace I have is that I can import the users manually into the system first using the UI and then run my console application that will load the sites and grant permissions to sites based on an external configuration file.

Many thanks to Waldek Mastykarz for all his help on this one so far...I know I will be coming back to this one in the near future but my head hurts a little and I need a beer.

Canadian SharePint event anyone?

Technorati Tags: Development, IIS, MembershipProvider, Security, SharePoint

Connecting to a SharePoint Standalone instance DB

Calvin — Sun, 26 Jul 2009 19:30:02 +0000

Kudos to Scott Elliott a colleague of mine for putting this together...

Here is how I got my SQL Express to remotely respond to SQL Management Studio.

In SQL Server Configuration Manager:
Under SQL Server 2005 Network Configuration:
Protocols for

Enable Shared Memory
Enable Name Pipes
Enable TCP/IP

Under SQL Server 2005 Servers

SQL Server (ServerInstance) Properties

Log on as: Local System (have to restart)
SQL Server Browser

Log on as: Local System (may have to enable this service first in the Services MMC applet)

And with that, you should be able to remotely connect! Hazzah!

Technorati Tags: Security, SharePoint, SQL Server, sql server 2005

403 Access Denied on SharePoint SSP Search setting access attempt

Calvin — Sun, 26 Jul 2009 19:10:17 +0000

http://[your sspname here]/ssp/admin/_layouts/searchsspsettings.aspx

This problem has to do with an issue that comes up after you apply a hotfix to your servers. Essentially it enforces new security rules. To resolve it add the Sharepoint service account to the Box Administrators, WSS_ADMIN_WPG and WSS_RESTRICTED_WPG. Once this is done reset your IIS and you should be good to go.

Props to Søren Nielsen for the following post:
http://soerennielsen.wordpress.com/2008/02/08/make-the-search-work-for-you/

Technorati Tags: Configuration, search, Security, SharePoint

Access Denied – Enabling Publishing Features in SharePoint

Calvin — Sun, 26 Jul 2009 18:53:26 +0000

This is kind of of a weird error and it didn't make sense to me at first (still doesn't really). The best workaround I could find on the net was to temporarily change the application to run in the application pool of the central admin site.

Steps:

Change the AppPool for the app to be the same as the Central Admin site (Home Directory tab in IIS website properties).
Reset IIS or at the very least do an %systemroot%\system32\iisapp.vbs /a "apppoolname" /r (not sure if the iisapp.vbs method will work but cant see why not).
Activate the publishing infrastructure.
Set the app pool back to normal.
repeat step 2.

Enjoy!

Technorati Tags: error, IIS, Security, SharePoint