Filing this one away for future reference.  I noticed my SharePoint application search functionality wasn’t working properly when running a full crawl.  Naturally the solution was an obscure registry entry.  http://sharepoint-live-authentication.shetabtech.com/documents/windows-server/how-to-enable-sharepoint-2010-search-in-sharepoint-web-application-with-claims-based-authentication

logo

For the uninitiated, the duck race is an annual event where supporters of The Center adopt rubber ducks that will race along the Peoria Riverfront on August 24th.  If you’re one of the lucky ones, you may even win a pretty cool prize (see this link).  This year the goal is to have 30,000 ducks adopted, so we’re REALLY putting ourselves out there and hoping the community helps us reach that number.  In a few months, it will mark 4 years since I started working for The Center, which has been an absolute honor.  Most of the community recognizes The Center for their work in domestic violence by providing shelter to battered women, and that’s certainly true, however The Center does so much more than most realize.  We are the ONLY agency in Illinois that provides the breadth of services that includes support for victims of elder abuse, sexual assault, and domestic violence.  We also have a presence in the courthouses by providing orders of protection as well as programs for perpetrators of abuse.  Finally, we have a growing prevention education department which includes anti-bullying programs that reach schools in Tazewell, Woodford and Peoria counties.

I was recently reminded how far we still have to go when it comes to issues like bullying.  A guy I was having a casual conversation with said he thought bullying was just a part of growing up…sort of a rite of passage and the media is just making a bigger deal out of it now.  However, the world we live in with technology, social media, etc has taken bullying to new levels where victims feel like threats are inescapable.  They face a barrage of physical and verbal abuse at school which is only continued once they leave school through text messages, Facebook, Twitter.  So no, it’s not OK for this to continue.  We need to change the culture of bullying being a part of growing up.  I know when I look back at my childhood I remember plenty of opportunities where I wish I would have stood up to bullying or was bullying others through action or inaction.  Let’s help gives kids the tools necessary to stand up to bullying and sway the tide, where standing up to bullies is the more attractive option for kids.  Think how powerful a moment it could be if just a few kids saw a kid being bullied and had the courage to stand up for them.  That act can impact a person’s complete outlook on life!

Here are some ways you can help
================================

Adopt a duck for the annual duck race.  Here’s a link to adopt under my “team”

adopt

Share this post with your friends on Facebook or Twitter.  If you do this, please tag me in the post and I’ll adopt a duck in your name

Keep up to date with various events posted on our Facebook page

Want to help, but short on cash? You can volunteer and donate gently used items.

Do you like to run? Cool, come run the first ever 5k duck dash with me on August 17th along the Peoria Riverfront.  Oh, and if you do run, let me know and I’ll adopt a duck in your name too.

When I first setup my standard desktop image, I struggled with weather or not to include Java by default.  Ultimately, I included Java with my standard image, but with the continual battery of security flaws and mid-week patch deployments I’ve decided to take a more aggressive approach to limiting threats.  With the latest exploit announced a few days ago, I created a security group (DisableJavaPlugIn) which included all computers except those I knew needed the Java plug-in.  I then created a group policy under Computer Configuration –> Preferences –> Windows Settings –> Registry.  The policy is rather straightforward in that I just create a new Registry Item that deletes HKEY_LOCAL_MACHINE\Software\JavaSoft\Java Plug-in.  If you are working with a 64-bit version of Windows the path is HKEY_LOCAL_MACHINE\Software\Wow6432Node\JavaSoft\Java Plug-in.  I also have a separate entry that disables automatic updates because I push those out via SCCM.

In the group policy management console (gpmc), I linked this group policy to my various computer OU’s **as well as my OU which contains the security group**.  I then specify my security group (DisableJavaPlugIn) under security filtering in the gpmc so that this policy does not disable the plug-in for computers that need it.

Now if a user hits a website that tries to fire up Java it will display the following error:

If you later discover someone needs Java, you can easily re-enable the plug in by going to the control panel –> click the java icon –> security tab.  It will likely show “Enable Java content in the browser” checked.  If you un-check, click apply, then re-check the checkbox Java will have the appropriate registry keys restored and plug-ins will work without needing to reinstall Java.  You’ll also need to remove that computer from the security group that determines which computers have the plug-in disabled.

Hopefully, this little test will give me further insight into who actually uses Java.  At a later date I can then deploy a batch script to uninstall Java completely for those who truly have no need for Java.  You’ll need to double check your environment, but for me it will look like this:

@echo off
MsiExec.exe /x{26A24AE4-039D-4CA4-87B4-2F83217004FF} /quiet /norestart
exit

I was busy today setting up a scheduled tasks to reboot all computers before deploying a security patch for Java, see http://www.zdnet.com/oracle-patches-multiple-java-zero-day-holes-increases-default-security-7000009736/.  Luckily I decided to verify my scheduled task was setup properly on a client computer before assuming all will go to plan.  Turns out scheduled tasks through group policy preferences is rather unreliable so you have to do some tweaking to make it actually run at the correct time…especially when running the task near midnight where you can be off a whole day versus just one hour.  There is a hotfix for this type of issue on Vista / Windows Server 2008, but I’m on Windows 7 / Server 2008 R2 and evidently this issue was never fixed.  Also, I double checked and my server and clients were in the same time zone.

As an example, today is January 15th and I wanted to reboot all computers at 11:30 PM tonight.  In order to get this correct date / time for my client computers I actually have to set the scheduled task for January 16th at 11:30 PM.  Confusing…you bet! Here’s visual proof:

Here’s how the schedule tasks is inputted using the Group Policy editor

schedtsk1

 

 

 

 

 

 

 

 

 

 

 

 

Here’s what the task looks like in the Group Policy Management Console.  Notice how the date says 12:30 AM

schedtsk2

 

Finally, this is what the task looks like in the client, Windows 7 scheduled tasks window.  Notice how the date is 1/15/2013 now instead of 1/16/2013

schedtsk3

It took some time playing around to figure out that if I wanted the task to run on 1/15/2013 at 11:30 PM, I had to schedule the task for 1/16/2013 at 11:30 PM.  I also have a weekly scheduled task that I set to run at 9 PM and 12 AM, but client-side it actually is scheduled for 10 PM and 1 AM.  So word to the wise, check your clients to make sure they really are going to run when group policy says they are going to run.

My top 12 gadgets, apps, and nerdy finds of 2012

Posted: 3rd January 2013 by Seth Killey in Nerdy Stuff

*** Most of this stuff has been around well before 2012, but it was new(ish) to me in 2012 ***

1) Roku – I simply cannot state how much I’ve been impressed with this device.  Even if I owned a smart TV, Xbox, Playstation, etc I would still find room in my collection for my Roku.  Extremely good value, flexible, and constantly evolving with new channels, and 3rd party developers finding new ways to innovate on this platform.  For a long time I debated on building my own HTPC, but this thing was such a good value, uses so little electricity, and is remarkably responsive for such limited hardware.

2) Netflix – Ok, I’m a little late to the Netflix party.  I also wasn’t around for the gnashing of teeth when Netflix split out the DVD and streaming subscription into two separate plans.  All I know is this is a tremendous value even if the movie selection is somewhat limited.

3) Plex – This was the most recent addition to the list.  In the past I’ve used TVersity as a networked media center server, but I was looking for something that could be streamed thru my handy Roku and found Plex to be an excellent addition.  It does all that you would expect from a typical media center app where you can stream downloaded movies, TV shows, music, and pictures, but it also has a very impressive selection of channels that can be added.  For instance, I can stream NBC, CBS, ABC, PBS, NPR podcasts, among many other selections on the Plex channel on my Roku which will likely mean Hulu Plus will be cancelled.

4) NComputing L300 – I’ve rolled out thin clients to a couple departments at work and I’ve found investing in a thin client device is well worth a few extra dollars versus re-purposing old computers.  Their back-end management software is solid and should be improving further with a web management interface.  The devices run quiet, use very little power, and have been rock-solid.  Easy to mange, easy to deploy, and heck of a lot cheaper than full VDI with session based virtualization.

5) Amazon Prime / Instant Video – We got Amazon Prime simply because some of our subscribe and save options paid for Prime by itself.  Free 2 day shipping is a definite nice bonus and the instant video available (again via Roku) make this a home run.  There are few companies I love more than Amazon…except when AWS goes down and takes Netflix with it 🙁

6) Hyper-V – I’ve went all in with Hyper-V as my server virtualization platform and it has turned out really well for me.  To be clear, I’ve never experienced some of the feature rich options available with VMware because it’s hard to justify the licensing costs when Hyper-V provides so much for free.  All I know is Hyper-V does everything I need and licensing is free (and doubly inexpensive because I get server licenses donated to our non-profit).

7) Spotify – It took little bit for me to warm up to Spotify because I kind of liked how Pandora would introduce me to new music with little effort.  Now Spotify has its radio feature + the ability to activity seek and play a specific artist or song so its my player of choice for music.  I don’t even feel the need to pay for a subscription because the ads seem somewhat infrequent for a free service.

8) New Balance GPS watch – This is not necessarily a recommendation of New Balance over other options, but just having a GPS watch in general has really enhanced my trail runs by keeping track of my miles and pace.  Especially when exploring new trails it’s reassuring to know how many miles you’ve logged without panicking about how far “lost” I am.

9) Portable Apps – I love this website http://portableapps.com/apps.  I hate junking my registry up and having a ****storm of applications firing up as soon as my computer turns on so portable apps can be a real resource saver.  Plus, having portable web browsers and access to older browser versions has saved my bacon a number of times especially when accessing web interfaces to networking gear with outdated firmware.  Not to mention it’s a pretty good list to explore to discover new and useful apps.  I think I’ve been using this for over a year, but it keeps getting better.

10) PassMark – I use this website http://www.cpubenchmark.net/index.php any time I’m purchasing new computer hardware.  Great resource for seeing benchmark results from various processors, video cards, hard drives, and RAM.  Especially with processor speeds, cores, etc making it difficult to identify the “sweet spot” for value and performance.

11) LinuxLive USB Creator – I think I burned about 2 weeks trying out various Linux distros by using this handy tool found at http://www.linuxliveusb.com/.  It can be downloaded as a portable app and then used to install Linux to a USB stick.  Then you just change your boot order to a USB stick and away you go without burning a disk.

12) Susestudio.com – Speaking of cool Linux tools, if I would have went the route of using a custom thin client OS, I would have settled on using this website I think.  I wrote a couple posts on this already, but it allows you to hand pick packages for a custom / striped down version of OpenSuse to be deployed via USB stick for a diskless thin client.

PC vs Mac

Posted: 29th November 2012 by Seth Killey in Saving Money, Windows 8

I’m admittedly a bit anti-Apple, but I still find this shocking.  I think if I really preferred OSX, I’d opt for the Hackintosh route because their hardware pricing is nuts.  The PC on the left is the system I recently purchased and the closest Mac comparison on the right.  This is the 13″ MacBook Pro WITHOUT the Retina display.  The price difference is obviously much greater if you opt for the Retina version.

My guest WiFi solution

Posted: 28th November 2012 by Seth Killey in WiFi

I recently needed to come up with a cost effective, open guest WiFi solution.  My requirements were that the guest WiFi be completely isolated from the corporate network and filter web traffic through our proxy server according to corporate web usage policies.  Using our existing layer 2 Dell switches, our Smoothwall UTM 1000 router, and a new D-Link DAP-2310 access point, I was able to do all of the above.

The DAP-2310 allows you to configure multiple SSIDs and then assign VLANs to those SSIDs so I could have the primary SSID for our corporate WiFi and then assign the Guest WiFi SSID to a different VLAN.  Essentially you get something like this for VLAN settings. S-1 is the virtual port for my secondary guest SSID

 

 

 

 

 

 

 

 

 

 

 

 

Next up, you tag all relevant upstream layer 2 switch ports with the guest VLAN ID.  The connection between the LAN port on the DAP-2310 and the LAN port on the layer 2 switch are tagged, as well as the uplink port to the next upstream switch.  Finally, on my Smoothwall UTM, I created a new LAN cable connection to an extra available NIC on Smoothwall and connected it to a guest VLAN tagged port on my core switch.  On Smoothwall you’ll need to configure the new NIC with the guest VLAN tag and assign an IP.  One thing that threw me off is even though the physical NIC is displayed and would seemingly not need to be configured further outside the VLAN settings, you in fact do need to assign an IP address for both the physical NIC and the newly created VLAN NIC.  Furthermore, you must designate the interface as “internal”.

That in a nutshell is the basis for my guest WiFi network.  For further fine tuning, I used my Smoothwall to function as the DHCP server for my guest WiFi, assigning public DNS servers and internal IP addresses based on a range.  You could also do this at the DAP-2310 level, but I figured it would be easier to do it on my router so when I add additional access points it will be centrally managed.  For my proxy, I configured all traffic on the guest VLAN to go through the Smoothwall proxy transparently so regardless of client browser settings all sessions must go through the proxy.

File Server Resource Manager (FSRM) Email Notifications

Posted: 7th November 2012 by Seth Killey in Windows Server

If you’re like me and set up quotas on redirected storage (My Documents), you likely also want to setup email notifications so your users know when they hit the quota threshold.  The problem is when sending the e-mail alert from FSRM to an internal hub transport server the message will likely not be delivered because FSRM does not have the necessary permissions to send the message on behalf of whatever user or distribution list you specified in the default “From” e-mail address.  In my case the notifications comes from a distribution list (generic IT group) so I needed to run the following PS script on my hub transport server:

Add-ADPermissions -Identity <Distribution Group> -User <domain\FSRM Server Name> -ExtendedRigths Send-As

 

 

 

 

 

 

 

 

 

 

 

 

 

Data usage before and after cutting cable #RokuForTheWin

Posted: 24th October 2012 by Seth Killey in Nerdy Stuff

Customizing SharePoint 2010 sites

Posted: 9th October 2012 by Seth Killey in SharePoint

There are plenty of websites out there that more succinctly describe how you can customize a SharePoint site, but I figured I’d jot down some notes on stuff I found helpful.

  • This post does a nice job of explaining why the default (no theme) that comes standard on SP 2010 is superior to some of the default theme colors you can apply http://thechriskent.com/2012/02/29/sharepoint-2010-default-theme-colors/.   In other words, you have the ability to change themes under Site Settings –> Site Theme –> Select a theme.  However, what I found to work best is to take the strength of the default theme and override just the section you wish to change with a custom .css
  • To add a custom .css file to the master template, first identify what file is you master page by going to Site Settings –> Master page.  Then using SharePoint Designer, I found the master page and inserted a line for my custom .css right before closing </head>.
    <SharePoint:CssRegistration name=”/Style Library/Custom.css”  After=”corev4.css” runat=”server”/>
  • In my custom css I defined some background graphics to create a curved edge to my web parts.  For more information http://msdn.microsoft.com/en-us/library/hh537935.aspx
  • In general, if you want to figure out what item to override in the custom css, view the source on your page and identify the ID of the object you wish to customize.
  • Within each specific page, you can add further customization by adding a content editor web part.  In the content editor web part, you can specify an html file which uses javascript to set .css properties on a specific web part.  A good resource http://techtrainingnotes.blogspot.com/2009/06/sharepoint-hide-list-and-library-column.html.  See below how I set a background image for various web parts.
  • Although I don’t use the default theme colors, if you’re curious what each item controls this is a good reference http://erikswenson.blogspot.com/2010/01/sharepoint-2010-themes.html
  • Finally, once you are satisfied with the changes, you’ll need to check in a major version of the master page and be sure to publish the updated version which includes the custom css file.  Otherwise, only your user account will see the changes and other users will see the old master page without the custom style applied.