Wednesday, October 26, 2011

EFS for Remote Blob Storage (RBS)

In continuation to my blog on Enabling Remote Blob Storage (RBS) in SharePoint 2010 Today I’m going to write on how we can encrypt Blob Storage using encryption

Since Blob Stores does not support SQL provided Encryption hence only method remains is using NTFS based Encryption EFS or bit locker today I would be covering how to protect your blob store files using EFS.

Configuring EFS

Two types of certificates play a role in EFS:

  • Encrypting File System certificates. This type of certificate allows the holder to use EFS to encrypt and decrypt data, and is often called simply an EFS certificate. Ordinary EFS users get this type of certificate. The Enhanced Key Usage field for this type of certificate (visible in the Certificates Microsoft Management Console snap-in) has the value Encrypting File System (1.3.6.1.4.1.311.10.3.4).
  • File Recovery certificates. This type of certificate allows the holder to recover encrypted files and folders throughout a domain or other scope, no matter who encrypted them. Only domain admins or very trusted designated persons called data recovery agents should get this. The Enhanced Key Usage field for this type of certificate (visible in the Certificates Microsoft Management Console snap-in) has the value File Recovery (1.3.6.1.4.1.311.10.3.4.1). These are often called EFS DRA certificates.

Step1: Configuring Domain Group Policy(normally this would be configured by default by your Network Administrator)

Domain Policy: This setting allows all domain users to create their own EFS certificate:

clip_image002

Step2: Create a file recovery certificate (this certificate needs to be created for the Service Account executing SQL Server Services)

You can do this by executing the following steps:

Start menu > Run > Cmd
(this can be accessed also through Start ->All Programs -> Accessories -> Command Prompt)
Type cipher /r:recovery_certificate and hit Enter

Type a strong password. This will be your password to your data; it is advised to use at least 10 characters, a combination of lower and upper case, numbers and special characters.

clip_image003

The certificate is stored in a file called recovery_certificate.CER located in the directory shown at the command prompt.

Note: It is a good idea to move this file to an encrypted USB disk and store the media in a safe. This file will be your key to your data.

Step3: Install file recovery certificate (Data Recovery Agent) :

1. Start menu > Run

2. Type gpedit.msc and hit Enter to run the Group Policy editor

3. Navigate to the :
-> Local Computer Policy
-> Computer Configuration
-> Windows Settings
-> Security Settings
->Public Key Policies
-> Right click Encrypting File System and select Add Data Recovery Agent

4. Follow the wizard and when it asks you for a file with the certificate, browse to the folder containing the recovery_certificate.CER file which you created earlier and select that file.

clip_image004

Step4: Delete old certificate

The Encrypting File System screen in the Group Policy editor should list only one Data Recovery Agent (certificate). If you see more than one Data Recovery Agent there, then export them first and delete all but the one with the farthest expiration date.

Open the certificates Microsoft Management Console snap-in (type mmc in the Start -> Run screen and hit Enter, then go to File -> Add/Remove Snap In and select Certificates from the Available Snap-ins menu, then hit Add and select My user account). Navigate to the following location:

-> Console Root
-> Certificates – current user
-> Personal
-> Certificates

and make sure the right pane shows no File Recovery certificates. If it does show any, then export and delete them.

Step 5: Copy/Install EFS certificate (1.3.6.1.4.1.311.10.3.4) to the User’s Certificate folder

1. Start menu > Run

2. Type certmgr.msc and hit Enter to open the Certificate editor

3. Navigate to the :
-> Certificates – Current User
-> Personal
-> Certificates
-> Check the certificate with the Intended Purpose as Encrypting File System or Enhanced Key Usage is as Encrypting File System (1.3.6.1.4.1.311.10.3.4) in the certificate properties.
-> If EFS certificate does not exist: copy and paste the Certificate from other folders in the certificate snap-in. For ex: Other People > Certificate, or from, Trusted People > Certificate. You may also create such certificate from the CA root.

NOTE:

1. All the steps described on this page need to be executed under the default Administrator account.

2. The Recovery policy configured for this system contains invalid recovery certificate message is known to appear when trying to encrypt a file or a folder using the Windows Encrypting File System. The File Recovery certificate being outdated or expired is the most frequent cause of this invalid recovery certificate message. The message is shown in the following print screen:

clip_image005

To encrypt all files under a folder use following steps

1. Browse to the folder structure.

2. Right click on the folder and open properties

3. Click on advanced button

clip_image007

4. Select Encrypt contents to secure data check box and click Ok button

clip_image009

5. Click on apply button on properties window

 clip_image011

6. Select apply changes to this folder , subfolders and files

clip_image013

Posted by at No comments:
Labels: , , , , , , , , ,
Reactions: 

Sunday, October 16, 2011

sharepoint facebook wall

sharepoint facebook wall

Hi Guys here’s a brief description about my latest contribution to open source community

Have you ever needed to show the facebook updates of your organization on your sharepoint portal ? If yes, this project is for you.

What we provide is two webparts for SharePoint 2007 & SharePoint 2010, one that can be used to show the facebook wall of any user on the SharePoint portal. Second webpart can be used to post updates to facebook directly from your sharepoint portal. Just download and install, and you are all set.

The only thing you need to configure after installation is the username of the facebook user whose updates you want to show. For posting to facebook, slightly more configuration is needed - you need to register a facebook application and get the OAuth settings. This web parts use out of the box SharePoint CSS elements that match automatically with current theme.

Features

  1. Posting / Reading feeds from wall/page
  2. Paging support
  3. Show my or all feeds
  4. Show user images
  5. Support for rich media content like videos, images, links etc
  6. stsadm,powershell installers included

http://code.google.com/p/sharepoint-facebook-wall/

Posted by at No comments:
Labels: , , , , , , , ,
Reactions: 

Creating Custom Logger Classes

 

In continuation to my previous posts

SharePoint logger part-1

SharePoint logger part-2

In some circumstances, you may want to customize how the SharePoint Logger behaves in your production environment. For example, you might want to update the logger so that calls to LogToOperations copy messages to a third-party repository.

The SharePointLogger class implements two key interfaces named IEventLogLogger and ITraceLogger that define how events and traces are logged. You can change the behavior of the SharePoint Logger by providing alternative implementations of these interfaces:

  • To change the behavior of the ILogger.LogToOperations method, create a class that implements the IEventLogLogger interface.
  • To change the behavior of the ILogger.TraceToDeveloper method, create a class that implements the ITraceLogger interface.

For example, you might want to customize the SharePoint Logger so that the LogToOperations method writes a message to a database instead of to the Windows event log. Alternatively, you might want to modify the behavior of the TraceToDeveloper method, so that trace messages are written to a dedicated location instead of to the ULS trace logs that also contain many other SharePoint-related trace messages.

The following code example shows how you can override the IEventLogLogger interface to provide your own event logger implementation. Notice that the interface requires you to implement a single method named Log.

public class MyEventLogLogger : IEventLogLogger

  public void Log(string message, int eventId, EventSeverity severity,
                  string category)
  {
     // Custom code to handle event logging request…
  }
}

The following code shows how you can override the ITraceLogger interface to provide your own trace logger implementation. This interface defines a single method named Trace.

public class MyTraceLogger : ITraceLogger
{
  public void Trace(string message, int eventId, TraceSeverity severity,
                    string category)
  {
     // Custom code to handle tracing request…
  }
}

After you develop and deploy your custom logging and tracing classes, you must register these classes with the SharePoint Service Locator as implementations of IEventLogLogger and ITraceLogger respectively. Typically, you should use a feature receiver class to register your implementations at the point of deployment.

 

Updating Type Mappings for the Logger Interfaces

The following code shows how to register custom implementations of the IEventLogLogger interface and the ITraceLogger interface from within a feature receiver class. This example assumes that you have created classes named MyEventLogLogger and MyTraceLogger that implement the IEventLogLogger and ITraceLogger interfaces, respectively.

The example also assumes that you have added a reference to the Microsoft.Practices.SharePoint.Common.dll assembly, the Microsoft.Practices.ServiceLocation.dll assembly, and the Microsoft.SharePoint.dll assembly.

using Microsoft.Practices.ServiceLocation;
using Microsoft.Practices.SharePoint.Common.ServiceLocation;
using Microsoft.Practices.SharePoint.Common.Logging;

[CLSCompliant(false)]
[Guid("8b0f085e-72a0-4d9f-ac74-0038dc0f6dd5")]
public class MyFeatureReceiver : SPFeatureReceiver
{
   // ...

   [SharePointPermission(SecurityAction.LinkDemand, ObjectModel = true)]
   public override void FeatureInstalled(SPFeatureReceiverProperties properties)
   {
      IServiceLocator serviceLocator = SharePointServiceLocator.GetCurrent();
     
      IServiceLocatorConfig typeMappings =                                  
  serviceLocator.GetInstance<IServiceLocatorConfig>();

      typeMappings.RegisterTypeMapping<IEventLogLogger, MyEventLogLogger>();
      typeMappings.RegisterTypeMapping<ITraceLogger, MyTraceLogger>();
   }  
}

Posted by at 1 comment:
Labels: , , , , , , , ,
Reactions: 
Subscribe to: Posts (Atom)