Eric Cherng

Every year at Vertigo, we have a company gift exchange (also known as "White elephant gift exchange" or "Yankee Swap" or "Dirty Santa"). This year, I got a USB Missile Launcher:

What is cool about this item is that it is completely driven through the USB connection to your computer. It requires no batteries as it just takes power from the USB connection. And of course the funnest part is you can completely control the rotation and angle through the desktop application:

Here's my attempt at getting a shot of the missile firing:

Now my task for the winter vacation will be to write an interface to the missile launcher application so we can have automated fun. Think of all the possibilities if I can program this thing!

Happy Holidays to everyone and stay tuned next year for even more fun Vertigo posts!

In standard Windows, you can double click the system menu for any window to close the window fast. However with the new Office 2007, there isn't a visible system menu anymore. Instead, Office 2007 uses custom drawn window with the system menu replaced with a huge Office logo button on the top left.

At first I thought the Office button was its own beast and so I would go Office > Close to close the window. However, yesterday I got tired of how long this 2 step process takes and decided to try double clicking the button to see what happens. Lo and behold, my window closed!

So there you have it, double click the Office Logo button to close your Office 2007 application in one swoop.

There are a lot of blog posts and articles out there on the process of installing Vista on a brand new machine. However most people who actually have existing machines that want to move to Vista will likely upgrade rather than reinstall in order to save all their settings and files. In this post, I will go over my experience of upgrading an existing Windows XP machine to Vista RC2.

The machine I am upgrading is a Thinkpad T60 model 2623-D7U restored back to the original factory state. Yes this means all the junk normally installed on a new PC is all there. Not only that, but I installed a couple of other applications just to see how Vista handles software conflicts. My software includes:

• Firefox 1.5.0.8
• Office 2007 Beta 2 Technical Refresh
• Autohotkey
• foobar2000
• Activesync
• Internet Explorer 7

with some of the existing original factory software:

• Google Desktop
• Symantec Client Security
• Sonic DVD Burning
• Thinkvantage Stuff
• Diskeeper Lite
• Verizon Broadband
• Java 1.4
• Netwaiting
• PC-Doctor 5
• Adobe Reader 7

The first thing I did was pop in my RC2 DVD into the drive. Autorun started up immediately and loaded up the setup dialog.

If you click the "Check compatibility online" link, it just opens up your browser to this Microsoft site. Nothing special so just click "Install Now".

After a few seconds of waiting, I get this dialog to ask if I want to get the latest updates.

Once I confirmed the updates, I get the next dialog telling me setup is searching for updates.

Of course you have to enter in a key installing anything nowadays.

Not to mention agreeing to the EULA.

After 5 steps, I'm finally greeted with the meat of the upgrade: easy upgrade or advanced upgrade.

Being lazy, I went ahead and let the easy upgrade go. Before upgrading, Vista has to scan for any incompatabilities.

Which it does indeed find. The first time, setup told me that the Symantec security client installed is not compatible and that I had to uninstall it before proceeding. After doing that, I had to go through all the previous steps once again to come back to this screen. This time, it provided warnings about incompatibilities, but didn't quit setup.

Finally, I arrive at the copy file stage.

During this phase, setup will reboot a few times. Up to now, setup has been running on your existing Windows XP operating system. However, once your computer reboots, your computer will now boot into Windows PE setup mode.

Everything after this setup is exactly the same as the fresh installation as I blogged about here.

So reactions to my Vista upgrade.

First off, the time it takes to upgrade your operating system is no shorter than a fresh install. In fact I would say it took longer. I have yet to see a 20 minute installation that Vista marketing keeps saying. The only 20 minute setup of an OS that I have seen recently is for Ubuntu.

The setup program for upgrading to Vista versus installing a new Vista OS is nearly identical. The only difference is you don't have a formatting hard drive step. On the other hand, now you have to deal with any incompatabilities that setup might have detected.

Looking at my hard drive after the upgrade, some of the significant folders are gone. For example the notorious Documents and Settings folder is gone from the root. Only a symlink exists there. Instead this folder is now in the new Users folder.

After the upgrade, all of my files and settings were kept intact. Even all the junk applications were still around. The common drivers still worked in Vista except the Sonic Solutions DVD recording driver and the Thinkpad Trackpoint drivers. I don't have a Verizon Broadband account so I wasn't able to test that out. Also if you try to run any of the Thinkvantage software (security, backup, ...) Vista will tell you they are not compatible. Though the fingerprint scan tutorial worked, the fingerprint login was gone.

So now that I've tried the upgrade process with Vista, I still believe a clean install is the way to go for the majority of installations. If you really want to keep your settings around, go for the upgrade. However just remember that the UI for Vista is so different, it won't matter what settings you have in Windows XP. If you are doing an upgrade just because you are too lazy to back up your computer, you are putting a lot of faith that the upgrade won't end in disaster. And finally if you are doing an upgrade because you think your hardware will work better as opposed to a clean install, I can definitely say that is not the case. If the drivers you had for Windows XP works in Vista, you can always install a fresh copy of Vista and install those XP drivers as well. The only advantage of upgrading for this scenario is you don't have to go download the drivers again since they are already installed. 

Therefore, my recommendation is that a clean install of Vista is better than upgrades for the majority of cases. A clean install will not only get rid of all the "junk" on your computer, but it will make sure your new operating system will be performing at its peak without old applications bogging it down.

Whenever an application asks you to save a file somewhere, you get a window that looks something like this in Vista:

Notice the Favorite Links on the left hand side. This is similar to the Places Bar in the save dialog in Windows 2000/XP:

In Windows 2000/XP, it was difficult to customize this list of shortcuts. You would have to hack some registry settings or do it programmatically. Luckily in Vista, they made it much easier to customize this list.

All you have to do is add a shortcut to the C:\Users\[username]\Links folder!

I download files frequently, so i usually put them in a Downloads folder. So to make it easier to save files, I added a shortcut to the Downloads folder. Now whenever I need to save a downloaded file, I can click on my new shortcut!

This also customizes the Favorite Links in Windows Explorer as well. So when you browse for files on your computer, the shortcut will also appear there!

In the first part of this article, I discussed how to use the simple Blocked file types feature to provide some basic security protection. Although this feature makes it very simple to provide some security, in the long run it does not provide a complete solution to protecting your servers. In this post, I will focus on SharePoint's second line of defense: built in Antivirus support.

Setup

If you look in Operations, Security Configuration, you can find the Antivirus feature.

If you check the Scan options here without actually installing an antivirus program, SharePoint will do nothing. This is a very bad design. Instead of gladly accepting the changes, SharePoint should let the user know that no antivirus application is installed and that these options will not do anything. An unsuspecting SharePoint admin who does not know this behavior will get a false sense of security, leading to big problems down the road.

So what SharePoint actually provides is not built in antivirus scanning, but the support to plugin your own antivirus software. Luckily for us, Microsoft recently released a beta version of the Forefront product line for SharePoint called Forefront Security for SharePoint. You might recognize the Forefront name associated with Exchange server. Now there's a version for SharePoint. This software will not only allow us to scan for viruses using multiple scanning systems, but also scan for malware!

So to actually enable antivirus scanning on your SharePoint server, the first thing you will need to do is install Forefront for SharePoint (or any other antivirus program that supports SharePoint). As you can see, Forefront's setup is really simple:

Once you install Forefront, the next thing you want to do is make sure it is configured properly. Use the Forefront Server Security Administrator console to configure Forefront:

As you can see, Forefront provides many options so it may seem daunting at first. Still it is a good idea that you review all the options to make sure you didn't miss anything.

And finally, don't forget the last step: once you've installed your antivirus scanning program, in this case Forefront, make sure to enable the scan options in SharePoint to enable scanning.

That's all you'll need to do to setup your server for antivirus protection! Can't get any simpler than this!

Scanning

Now let's say you want to manually scan your SharePoint installation. In the Security Administrator console, just go to the Operate section and click on the Quick Scan option. Select the sites you want to scan and hit the Start button.

So on Monday, Bob from Sales gets a "contract" document from a potential customer. Being the awesome team player, Bob immediately uploads the file to SharePoint to get feedback from his other team members. Uh-oh... looks like there's something wrong with the file. SharePoint shows this page when a virus is detected with an uploaded file:

Note that I did not really upload a virus onto our SharePoint server. My virus is just a "test" virus.

While the benefits of installing an antivirus solution into SharePoint is clear, what tradeoffs exist with having antivirus enabled? After installing Forefront, I noticed the following behavior with SharePoint:

• Forefront takes a significant chunk of memory on the server.
• Downloading files will takes longer.

Hopefully some of these issues is because Forefront is still in beta. Whether these tradeoffs are acceptable or not depends on your organization and your security needs. Personally I feel the need for security and protection against a virus aftermath far outweighs these tradeoffs.

So that's a quick walkthrough of antivirus support with SharePoint, more specifically the Microsoft Forefront product. As you can see, adding antivirus support into SharePoint is fairly simple, and takes security on your server to a whole new level. Combining Blocked file types along with antivirus support provides a comprehensive security protection plan for your SharePoint server to protect against those miscreants out there.

1. Create the document and edit initial draft.
2. Upload to SharePoint document library.
3. Send email to colleagues on document location.
4. Reviewers provide feedback and update the document as needed.

All this is great, but in the world that we live in, security is an important issue to consider, even amongst your team mates. Of course we all trust the people we work with, but sometimes there are just bad apples out there.

In the steps mentioned above, step 2 is where trouble can come in. Once a bad file is uploaded onto SharePoint, unknowing colleagues that download the document will catch the cold and spread the disease. This becomes an even bigger problem if SharePoint is configured for extranet access where people outside of the network without the same security restrictions can upload files.

So ignoring my dramatic example, what facilities does SharePoint provide to help prevent such security breaches? The good news is that SharePoint has 2 built in features that will help with this:

• Blocked file types
• Antivirus

These are 2 broad features, that I will split the discussion of into 2 posts: this post will discuss the Blocked file types while my next post will describe the Antivirus support.

Both of these are configured through the Operations tab in Central Administration.

If you click the Blocked file types link, this will bring you to the configuration page where you can edit the list of file types not allowed on your SharePoint server.

So what does Blocked file types do? Blocked file types is a simple method of allowing only certain file types to be uploaded onto SharePoint. While this doesn't completely prevent files with viruses from being uploaded, it makes it less likely that a user will unknowingly click on such files and infect his own machine. For example, EXE files are by default a part of the blocked file list and cannot be uploaded directly. SharePoint responds to EXE uploads with the following message:

If an EXE file named "2006 Budget.exe" was uploaded onto SharePoint, the company financial officer may not notice the EXE and accidentally click on the file, thus executing the rogue application causing havok on his machine.

However, a malicious user could simple rename the file "2006 Budget.exe.xls", which would bypass SharePoint's file extension check and allow the file to be uploaded. Although the file uploaded is actually an EXE, the file extension is what determines how a file is executed. So instead of running the EXE directly, Excel will attempt to open the file and thankfully fail since it is not a recognized format.

Still, having an EXE on your server is not something IT will like. Who knows, the next day, someone may find an exploit within SharePoint that lets any process to run. When that day comes, you don't want to be around!

So as you can see, Blocked file types allows for a simple way to mitigate some the risk of uploading rogue files. As I mentioned, even though the risk is somewhat less, rogue files can still be uploaded onto the server. If some other server-side security hole is found, the rogue file on the server can potentially cause problems on the server, leading to even more security problems and potentially loss of data. That is how the other security feature of SharePoint comes into play which I will elaborate more on in the second part of this post.

A question came up last week in what permissions does the account that SharePoint uses to connect to SQL need. Unfortunatey I couldn't find the answer to this after doing some internet searches so I just decided to give it a try and see.

After installing MOSS 2007, setup will bring up the SharePoint Products and Technologies Configuration Wizard. Essentially this wizard creates the Central Administration site so you can setup the rest of your MOSS installation.

Obviously the first security check is to make sure your user account running setup has permissions on the database server to create new databases. The wizard to create the Central Administration site will be running in your user account context to create the database so you have to at least have permissions to create a new database. Your user account should also have permissions to create a new IIS site, but since this post is about the database, I'll leave that topic for a future post.

Second user account you have to consider is the user account you specified in the wizard that SharePoint uses to connect to the database. SharePoint will be using this account not only to read and write to existing databases, it will also use this account to create new databases when you create a new SharePoint web application. Therefore a simple datareader or datawriter role is not enough.

Turns out the wizard will take care of adding the user you specified into SQL Server and then assigning the necessary server role. In my test install, it looks like SharePoint requires the dbcreator and the securityadmin server role for the user account.

Down to the security for the specific database, the user account is granted db_owner permissions.

Another note on picking the user account for SharePoint to use to access the database, if you are doing a multi-server installation of SharePoint, make sure to use a domain account. You could also create a shadow account, but that is not a recommended way of installation.

I'm running Outlook 2007 Beta 2 Technical Refresh on my desktop. Just now I got a reminder for a meeting, so as usual, I set Outlook to remind me 5 minutes before the meeting starts. I wasn't ready for Outlook's response:

Followed by this:

Well OK then Outlook. How about I just dismiss the reminder? Nope:

Please Outlook! I'm begging you! 

Does your SharePoint My Site show your domain username instead of your full name? We noticed this behavior during our test installation of Microsoft Office SharePoint Server 2007 Beta 2 Technical Refresh. After tesing out different theories of why this was happening, we realized that the reason for this is because the identity of the application pool for the SharePoint site was using a local machine account instead of a domain account. Since the account was a local machine account, it doesn't have permissions to look up your user account information in the domain Active Directory... makes sense.

So the solution to this problem is to change the identity of the application pool. In order to do this, you will need to go to your SharePoint Central Administration page. Click the Service accounts option under the Security Configuration section.

In the Service Accounts page, change the Credential Management radio button to Web application pool. In the drop down, select Windows SharePoint Services Web Application. In the Application pool drop down, select the application pool you want to change the identity of.

Now the bottom controls should be enabled to allow you to change the identity of the application pool.

Once you're done entering in the user account and click OK, SharePoint will alert you to run IISRESET in order for the changes to take effect.

Once you run IISRESET /noforce, your app pool should now be running under the new identity. If you are in doubt, check Task Manager on the server and you should see the w3wp.exe process running with the new identity.

Also a warning, don't change the application pool user account through IIS Manager. If you do so, SharePoint's configuration will not be in sync with the app pool's identity and may also cause your web site to fail to load. I got this warning message in Event Viewer:

The identity of application pool 'SharePoint - 80' is invalid, so the World Wide Web Publishing Service can not create a worker process to serve the application pool. Therefore, the application pool has been disabled.

followed by this error message:

A failure was encountered while launching the process serving application pool 'SharePoint - 80'. The application pool has been disabled.

Games are a big part of the Vertigo culture. Nearly all our developers play some kind of game every once in a while. Just taking a look at some of our gaming posts we've done probably shows this. ;)

With Vista, games are getting high priority as well with a top level Start Menu shortcut. Here's a peak at the Games Start Menu item in Vista RC1.

Once you open the Games folder, you see all the games on your system. Looks like Windows comes with some new games now.

If you hit the Tools button, all the important Game-related functions and settings are located here. Very useful.

Finally you can customize the Game folder by clicking on the Options button, which brings up this dialog.

I'm assuming future games with the Games for Windows logo will automatically add game shortcuts directly in the Games folder.

What's new with these games?

• Chess takes 15 seconds to load on my Thinkpad T60. While it takes forever to load, it looks very pretty with real time reflections of the pieces on the board and free rotation.
• Minesweeper has some really nice animations now. Make sure you make the window larger if you have a high resolution monitor. Otherwise you won't be able to see all the graphical details.
• Solitaire has updated cards and nice transition animations (flipping cards, moving cards).

Also, you might notice your game icons shuffling around the Game folder once you start playing games. They are moving around because by default the icons are sorted by Last played, so as you play the games, the icons are resorting themselves.

Update 9/19/2006 1:03 pm

Jeff sent me a screenshot of a new game he installed on his Vista machine. Looks like I was right in thinking games would install a shortcut in the Games folder. Although the WEI score requirement looks fishy.. only a 1.0?

Just a heads up to everyone thinking about installing Office 2007 Beta 2 Technical Refresh (B2TR), the download is a patch and not a full install. This mean you must have Office 2007 Beta 2 installed before patching to B2TR.

Our local guinea pig, Adrian, (just kidding ) uninstalled Office 2007 before installing B2TR and he encountered this error dialog:

This blog post on the SharePoint team blog announced this particular update process, but it wasn't clear from the post whether this happens for all Office 2007 Beta 2 products or just SharePoint. I just wish the download link for B2TR was clearer about this.

I've always found it difficult to remember where all the folders SharePoint uses are and what each folder is used for. So here's my attempt to consolidate this information in one post for easy reference. This post assumes default folder locations. Obviously if you customized anything, then you're on your own.

WSS/SharePoint Server Program Folder

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12

C:\Program Files\Microsoft Office Servers\12.0 (not sure about this)

This is where most of the program files for SharePoint live.

WSS/SharePoint Binaries

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN

This contains the executable binaries used with SharePoint. For example, stsadm.exe and the WSS Timer service, owstimer.exe, is located here.

WSS/SharePoint Server Assemblies, ASPX, ASMX

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\ISAPI

Contains most of the ASPX (ASP.NET Web Forms) and ASMX (ASP.NET Web Services) files of SharePoint. Also if you are writing code that uses the SharePoint assemblies (ie. Microsoft.SharePoint.dll, Microsoft.SharePoint.Server.dll, ...), then the assemblies you need are located in this folder.

SharePoint Logs

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\LOGS

SharePoint told you to check the logs? This is where you can find the raw log files.

SharePoint Site Features

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\FEATURES

Looks like this is where all the SharePoint Features metadata is stored.

Site Layout Template

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS

This is the folder where the virtualized _layouts path for each site URL is located. Add additional files in here to have it be available to all sites.

SharePoint Setup Cache

C:\Program Files\Common Files\Microsoft Shared\SERVER12\Server Setup Controller

Looks like this is where SharePoint Setup stores the setup configuration. If you have Office installed as well, then this folder is also used for them.

Web Application Virtual Directories

C:\Inetpub\wwwroot\wss\VirtualDirectories

The folder where your SharePoint web applications point to.

Web Application web.config

C:\Inetpub\wwwroot\wss\VirtualDirectories\[web application]\web.config

Need to customize the web.config for a particular web application? This is the web.config that you want to edit. Replace [web application] to your web application first of course.

Install Web Parts per Web Application in here

C:\Inetpub\wwwroot\wss\VirtualDirectories\[web application]\_app_bin

Additional assemblies (ie. custom web parts) are installed here on a per web application basis. You can also install Web Parts to the GAC as well to be accessible in all web applications on the server.

This post compliments my post on SharePoint 2007's registry locations.

If anyone knows of any other interesting folder locations, let me know so I can add them here.

A couple of us went out to lunch yesterday to a nearby mall and noticed an interesting photo booth.

Upon closer inspection, we noticed this on the screen:

If you happened to be a customer who didn't notice the screen outside, this is what you see inside:

If you can't tell, that is Linux booting up and looks to be stalled. It looks like the video drivers are having some issues. I just love seeing crashed systems in public and for once it's not Windows or DOS!  

Sorry for the bad picture quality. All I had was my camera phone at the time.

Mike and I noticed this earlier at the game store:

Looks like the Vista Logo. Is that how all future Windows PC games will be branded? Interesting...

The new Start Menu in Vista features a power button next to the Search bar. What do you think will happen when you click the power button? Since it's the power button, you would expect it to shut down the computer right? Well too bad that's not the default behavior. Instead, by default the power button is configured to go on standby when you click the power button. Um.. is it just me or does that just not make sense?

I realize Microsoft's goal is to make computing more like a home appliance: shutdown really means standby so you can start up your computer immediately (just like you startup your TV immediately). Personally I use my hardware buttons to make my computer go into Standby, and then use the Start Menu's power button to shut down Windows. So as you can probably guess, I hate how the power button doesn't shutdown my computer anymore. Plus also old habits die hard.

So if you want to change this, you'll have to do the following.

First you'll need to go to the Power Options. This is easier said than done. If you are using the categorized Control Panel, you can get to it by going:

Control Panel > Hardware and Sound > Change battery settings

and no, Change what the power buttons do does not work. That changes what happens with your physical power buttons, not the Start menu power button.

If you have the Classic View control panel, go this path:

Control Panel > Power Options

Next follow this path, which is the same for both Control Panel styles:

Change plan settings under Balanced > Change advanced power settings > expand Power buttons and lid > expand Start menu power button

and from here you can finally change this configuration. Yes, that is a total of 7 clicks just to change the power button configuration! If you didn't follow those steps, take a look at this series of screenshots:

Is it just me or did Microsoft make this REALLY complex to change? I had to dig around for 5 minutes before I finally found this!

And to make matters worse, remember earlier we selected the Balance power plan? Well these settings are per plan. That means if you change your plan, the Power button gets reset to Standby again! You'll have to individually configure each Power plan to make the power button be the same for all plans. Why can't we have a "Override all power plan" option? What a pain!

One last thing to notice, check out the first Start menu, and then this Start menu:

See anything different? The new Start menu now shows the power button as red instead of the original yellowish color. This is the visual cue that the power button now means Shutdown (red) instead of Standby (yellow). Personally I would prefer if the tooltip would just immediately popped up when the mouse hovers over the button and simplify the message to "Shutdown" instead of "Closes all open programs, shuts down Windows, and then turns off your computer" or "Standby" instead of "Keeps your session in memory and puts the computer in a low-power state so that you can quickly resume working." Geez what a mouthfull!