Posts Tagged ‘Tips’

heartbleed

Heartbleed – You MUST take action!

Written by Cornelius J. van Dyk on . Posted in Blog

What is Heartbleed?

If you haven’t heard of the Heartbleed (CVE-2014-0160) bug in the OpenSSL library, it’s time to pay attention!  I’m not going to regurgitate already available information here, but I’ll provide some pointers for you to get more of said information.  There’s a good explanation of the bug located here.  If you think it isn’t serious, consider the fact that services such as Google, Facebook and YouTube were affected while at the same time, hardware manufacturers did not escape scott free either.  Cisco published a security advisory here noting affected equipment as well as equipment being investigated for the vulnerability.

What do I need to do?

Here’s a non exhaustive list of things to do in order to address this:

  1. Make a list of services you use.  CNet maintains a page with a list of the top 100 US sites which should give you a good starting point.  If you are not using a password manager such as RoboForm, now might be a good time to consider starting to use one.  I personally use RoboForm and because I do, all my services are within easy reach.  It makes the creation of this list automatic and more importantly, it will have services on your list that you may forget about because you don’t use them on a daily basis.  Remember, this bug has been around for 2 years!!!  Any vulnerable service you accessed over the past two years could have resulted in your security passwords being stolen.
  2. Once you have the list, check each of the services for the vulnerability.  There are several checkers out there like this one from LastPass.  Personally, I like this one published by Filippo Valsorta.
  3. Once your service site clears the check, change your password.  It’s important NOT to change your password until the service provider has both patched their software AND updated their SSL certificates.  Changing your password before both of these are done, would still leave you vulnerable.
  4. DO NOT access any vulnerable services until they’ve been patched and are secure again.  The very first login to a previously vulnerable service should be to change your password.  Once changed, logoff completely and then log back onto the service using the new password.  For an extra measure of security I would recommend doing it in Incognito or InPrivate mode in your browser, closing the browser between logons.
  5. If you’re responsible for hardware, be it at home or at work, do research to see if your hardware such as routers are affected.  If your hardware is affected, patch it!  If no patch is available, pull the hardware and replace it with something that isn’t vulnerable.

It’s important to realize that it’s going to take time to patch all the services, especially smaller sites, and that continued use of these services will remain risky unless they’ve been properly secured.

Well what are you waiting for???!!!  Get started!!!  (And you thought you’re going to be doing this and that over the weekend… 😕  )



Cheers
C




image

How do I – Add a User Account to the Local Administrators security group of a Domain Controller

Written by Cornelius J. van Dyk on . Posted in How Do I...

Once you have done a DCPROMO (promoting your server to a domain controller) on your server, Windows removes the ability to manage local administrators from the server, at least via the GUI interface.  As you can see here in the following two screen shots, the “Local Users and Groups” GUI option which is normally available on a non domain controller server thus:

image

Is removed once the server is promoted to a domain controller thus:

image

How do we work around this issue then?

Bring out the good old administrative command line…

  1. Click through your Start menu and navigate to locate the “Command Prompt”.
  2. Right click the “Command Prompt” icon.
  3. On the popup menu, click “Run as administrator”.
  4. image
  5. In the admin window that opens, use the following syntax to add the target account to the local administrators group of the server:
  6. net localgroup administrators /add <domain>\<user>
  7. Where the <domain> value is the target domain and the <user> value is the target user e.g.
  8. image
  9. In the example above we added the DEV\SPADM account to the server’s local administrators group.


Cheers
C




image

You do NOT need to install the SPF CU before installing the SharePoint Server CU as of 2011-08-31

Written by Cornelius J. van Dyk on . Posted in Blog

Yes, yes, I know.  I’m only about 4 months behind on this revelation, but it came and went without too much fan fare.  Something that so radically changes the way we apply Cumulative Updates for SharePoint, deserves a special footnote.  Consider this post as such.

We bid farewell to Long drawn out explanations to clients as to why they have to install the Foundation CU before installing the Server CU when they have the Server product installed.  I can’t tell you how many times I’ve had to explain and then re-explain this to admins.  The concept is confusing and I’m glad it’s finally been rectified.  Per the Updates for SharePoint 2010 Products site:

As a result of the new packaging, it is no longer necessary to install the SharePoint Foundation cumulative update and then install the SharePoint Server cumulative update.” – SharePoint Product Team

This is indeed great news.  To be clear, it’s only for 2010 products.  Of course, Microsoft has discontinued the release of 2007 product CUs last year and that is probably what helped springboard the new approach to bundling the updates.

Whatever triggered it, I just want to say THANK YOU to the SharePoint Product Team for making life just a little easier… now if we can work on that CU rollback plan



Cheers
C




image

SharePoint 2010 – Boundaries and Limits

Written by Cornelius J. van Dyk on . Posted in Blog

Discovered this one with one of my clients today.

Error Message:  This view cannot be displayed because the number of lookup and workflow status columns it contains exceeds the threshold (8) enforced by the administrator.

Cause:  SharePoint 2010 lists limit the number of fields that can be displayed in a list view.  In this case, it was a 2007 list that was upgraded to 2010.  The list worked just fine in 2007, but failed to render with this error in 2010.  It turned out the list view contained 100+ fields.  The 2010 limit is 80.

Fix:  None

Workaround:  Split the view into two views, the first view containing the core data and the first half of the extra fields and the second view containing the core data and the rest of the extra fields.



Cheers
C




image