Results Show: SharePoint Saturday DC

The most recent iteration of the SharePoint Saturday franchise, SharePoint Saturday DC, was held yesterday at the Microsoft Technology Center in Reston, Virginia. The day went very well, thanks to Dux Raymond Sy and his team of event coordinators, volunteers, and sponsors! Over 200 people were there and most of the sessions were packed and a few were standing room only!

There were a variety of session topics, including Dan Lewis's Social Computing talk, Tom Resing's Business Data Catalog presentation, and Jonathan Distler's overview of Arlington County, Virginia's SharePoint pilot. All-in-all, there were twenty-eight sessions plus an open "Ask the Expert" discussion in the lobby.

Dan Usher and I presented our talk SmartCard Authentication: Considerations, Options, and Pitfalls with SharePoint during the last session of the day, 4:45-5:45. Surprisingly, we still had the energy in us to have a lively discussion about security, SmartCards, and how they fit into a SharePoint implementation.

View the slides on SlideShare or download the PowerPoint file (PPT or PPTX) which includes the slides plus notes and resource links.

View Online (slides only)
SlideShare

View PowerPoint (slides + notes/resources)
PowerPoint 2003 (PPT)
PowerPoint 2007 (PPTX)

A video of our talk may be made available at some point, and I'll post it here if it does.

Speaking at SharePoint Saturday DC

In recent months there has been a series of interesting free weekend events called SharePoint Saturdays centered around the topic of--what else--SharePoint! Well, SharePoint Saturday is coming to the Washington, DC, area!

Dan Usher and I are scheduled to present together on the topic of smart card authentication with SharePoint 2007. The talk is entitled SmartCard authentication: Considerations, options and pitfalls. Oh my!

With the ever present risks of data integrity and non-repudiation, several organizations have begun to utilize smartcards for authentication to systems. With the greater number of SharePoint instances being stood up within organizations, ensuring the smartcards can be used to access data is key. In this session, we'll discuss smartcard authentication, considerations when determining the appropriate architecture, options for integration with different authentication providers and implementation pitfalls.

There are a few different ways you can integrate smart cards (or other two factor authentication) into a SharePoint instance. We'll talk about the various methods, including the option of using a custom membership provider.

There is a special food drive going along with the event. Check out Dux Raymond Sy's explanation on the SharePoint Saturday DC website.

Search Settings in SSP gives error "Authentication failed because the remote party has closed the transport stream"

There was an odd error that we have been seeing in one of our SharePoint 2007 server farms. When trying to access the Search settings page in Central Administration's Shared Services Provider, the SSP gives this error:

"Authentication failed because the remote party has closed the transport stream."

It ends up that it's an issue with the SSL certificate that is installed on the "Office Server Web Services" IIS instance. Somehow it gets corrupted when .NET 3.5 Service Pack 1 is installed.

Microsoft knows about the issue and has a fix right here:

http://support.microsoft.com/?id=962928

Custom Smart Card Authentication and SharePoint

One of the great new features of SharePoint 2007 was the ability to utilize multiple means of user authentication: Active Directory, LDAP, SQL, and more. This is nothing new, and since the advent of MOSS 2007/WSS 3.0 the use of non-AD authentication via Membership Providers has been well documented.

What if you need to use PKI (Public Key Infrastructure) certificates and/or Smart Cards (like Common Access Cards, aka CAC)? There are a few ways to do this, depending on how the user certificates need to map to your account store. If you use Active Directory, there are built in ways to map certificates to users and have IIS handle the handshake. Or you can use a third-party system or SSO. This assumes you have a defined user directory and pre-defined certificate mappings.

But what if you need to accept PKI/Smart Cards, but do not have a master user directory (AD, LDAP) of everyone who will attempt to access the site?

The Concept:

• Use a custom ASP.NET Membership provider to accept and read PKI certificates (using IIS)
• Create and login to a NEW account (AD, LDAP, SQL)
• Forward the user to the SharePoint site.

Very similar to this idea from Adam Buenz.

Easy? We shall see.

Opening PowerPoint Slideshows

Scenario: Users want to store files in SharePoint and open them from another website. The users are on a network with Internet Explorer (IE) 6 or 7 and Office 2007. This should not be an issue.

However, files of type .pps (PowerPoint slideshows) were opening in a undesirable manner.

Instead of opening in full-screen slideshow mode, the PPS files were opening in Edit mode inside of PowerPoint.

After doing a bit of research and testing, I believe this is the only solution that will allow PPS files to open in slideshow mode when using Internet Explorer and Office 2007. This site talks about it too. In a nutshell, it requires a client side configuration. Nothing on the server side can do the trick if the user is on Internet Explorer and Office 2007. It's not even an issue with SharePoint. It happens on non-SharePoint sites too.

This solution references this Microsoft KB article: http://support.microsoft.com/kb/299824/

Basically, each computer needs to have its registry changed:

1. Start Registry Editor (Regedt32.exe).
2. Locate and click the following key in the registry:
   HKEY_CLASSES_ROOT\PowerPoint.Show.8
3. Edit or add the following registry value:
   Value name: BrowserFlags
   Data type: REG_DWORD
   Radix: click Hexadecimal
   Value data: (see below)

It appears that Office 2007 changes the default value to "a", which means PPS files open in Edit mode. You can change the value to 8 (open in a new window in show mode) or 0 (open in the browser window in show mode), but this is a local computer change that would need to be done on each PC. Not realistic. :-(

Accessing the files in Firefox works fine: PPS files open as slide shows, no problem.

Apparently I’ve been tagged…

Thanks to SharePoint Dan/UVAGeek for tagging me. Something to get the mind wandering a little on this beautiful, cold winter solstice.

8 TV Shows I Watch

1. Scrubs. I had never watched an episode until the summer of 2007. Now I own all seven seasons on DVD. It's been moved to ABC and hopefully will end it's eight-year run properly now (NBC really screwed Bill Lawrence over). It's remained well-written and funny throughout the years. Kudos to Bill.
2. 30 Rock. Tina Fey and Alec Baldwin. *giggle*
3. Saturday Night Live. It's still funny, usually. I'm going to miss Amy Poehler.
4. 60 Minutes. We always watched it at home when I was a child. I think it made me appreciate good journalism all the much more.
   
5. Dead Like Me. It's no longer on TV, but I just discovered it so it's new to me. Dark, funny commentary on the human existence.
6. The Simpsons. Sure, I don't watch recent episodes every time they're on. But I have through season eight on DVD and it still makes me laugh. Purple monkey dishwasher.
7. Lost. A simple (yet complex) pleasure.
8. Moonlighting. Probably the best thing ABC ever produced. And my favorite show of all time. It's got David Addison. Enough said.

8 Favorite Restaurants

1. Le Mistral. Only been there once, but I'd eat there weekly if we could afford it.
2. 2941. Also only been there once, but ooo la la!
3. Rabieng. One of the best Thai places ever. 
4. 2 Amys. Warren, where are you?
5. The Italian Store. Right alongside 2Amys for the best pizza around.
6. Sushi Taro. Best sushi I've had in the DC area, besides the sushi counter at the Harris Teeter. :-)
7. Bojangles. Still love that greasy fried chicken.
8. Sammy T's. Have to make a pit-stop in Fredericksburg anytime we're driving up or down I-95. Always good food and lots of vegetarian choices too.

8 Things That Happened To Me or That I Did Today

1. Was woken up multiple times by poor, sickly Zachary. He has yet another yucky cold.
2. Cleaned up the attic. (Yesterday was basement cleanup and classic technology reorganization day.)
3. Updated Windows Live One Care with a new prepaid subscription. That'll be the last time, seeing that Microsoft is dropping the product and offering a free anti-virus download sometime next year.
4. Watched some football!
5. Got Zachary to sit up, with assistance, for a little while. He's getting stronger.
6. Prepared some gifts.
7. Took more Tylenol and Sudafed for this cold that just won't quit.
8. Lit the menorah for the first night of Hanukkah! Benny enjoyed it. 

8 Things I Am Looking Forward To

1. Christmas.
2. Zachary sitting up, crawling, and walking.
3. Benny mowing the lawn.
4. Windows 7.
   
5. SharePoint 14.
6. The new PKI module.
7. A vacation.
   
8. Retirement.

8 Things I Wish For

1. Zachary will sit up, crawl, and walk.
2. Benny will always be so sweet and silly.
3. Good friends.
4. Good neighbors.
5. Financial security.
6. A fun car to drive.
7. A sense of humor.
8. Sanity.

8 People I Tag To Do This Too!

1. Warren
2. Radio Free Andy
3. Stefan
4. Mei Ying
5. Carol
6. Spence
7. Josh
8. Andrew Connell

FiOS adds HD in a logical way

Over the past few months, Verizon has reorganized our FiOS TV lineup and added new HD channels. Slowly but surely, many of the cable network HD feeds are being filled in. This includes CNN, A&E, FX, USA, TBS, TNT, Smithsonian, and even Disney.

While this is nothing extraordinary, the way they reorganized the channels is something to note. The old channel lineup was between 1 and 1000 and the HD channels existed in the 800 range. The HD channel order beared little resemblence to the standard definion channel lineup that was between 1 and 300.

When they reorganized the channels a few months ago, they kept the SD channels between about 1 and 499 and moved the HD channels to 500 through 999. International channels and the music channels are now between 1000 and 1999.

The neat thing that they did was align the SD channels in the same order as the HD channels. All you need to do to get the HD version of a channel (if it exists) is add 500 to the SD channel number. Of course not all SD channels have HD equivalents, and some HD channels (notably HDNet, HDMovies, and Universal HD) don't have SD equivalents.

For most cases, it's easy to fip around. For example:

• Local NBC affiliate 4 is 4 for SD and 504 for HD. It used to be 807 for HD.
• USA SD is still 50 and USA HD is 550.
  
• CNN SD is 100 while the HD version is 600.

This is a great step up for usability. If you know the trick and are able to do simple math, it's easy to switch around and see if there's an HD version of a channel. Plus, if there's a non-HD TV in the house you can easily find the SD version of a given channel you're used to watching in HD.

I don't remember seeing any tips from Verizon touting this usability feature. It took me about a day to figure it out just by using the new channel lineup. They might want to highlight this more.

The next step up is to have one channel lineup with the ability to switch a network between SD and HD.