PowerShell – Limit OneDrive4Business Synchronization to certain AD Domains

March 29, 2019

In the Onedrive4Business Admin Portal you can define which user that are part of a certain AD Domain are allowed to sync.

image

Solution :

You need to get the AD GUID’s first using the PowerShell Get-ADDomain Cmdlet.

See here on how to.

image

image

Enter the GUID’s and save it.

And choose to Block MAC devices if needed.

Enjoy !

Advertisements

SharePoint – Online Security and Security by Obscurity

March 22, 2019

SharePoint Online Security settings are scattered all around… Sad smile

Next problem is that the Online version OOTB might not give you all the security features you need ?

So you will have to apply some tricks to fool the users.

Here is an overview of what is to your disposal ….

SP Security :

SharePoint delivers a Security Model that is a combination of AD user & Groups with SP Users & Groups.

See Managing the Security Model for more info.

These users and “Nested” Groups can be used to secure your Site Collections on different levels

image

Using Site Settings –> People and Groups and Site Permissions

image

To set security on different levels

1. Site level
2. List and Library security
3. Record level Security

See here for more info

What is Record level Permissions versus Record level Security, see here for more info.

Setting Record Level Security will also have a performance hit !  So try to avoid it as much as possible.

– Search Security
Via Site Settings you can refine the security on the Search

image

So let’s say you don’t want to have the users see the search EVERYTHING option

image

Go to SITE SETTINGS –> SEARCH Settings

image

Delete the EVERYTHING from the list.

Disable File and Folder Sharing :

image

Go to SITE SETTINGS –> Site Permissions –> Access Request Settings

 

SP Security by Obscurity :


Using Target Audience settings :

This is not a real security because the SP Search will ignore the target audience settings !!


– Hiding List or Document Library records using Audience Targeting :

On the list or Library activate Audience Targeting

image

You have to use it in combination of the Content Query Web Part

See here on how to.

– Hiding Web Parts using Audience Targeting :

This is done using the EDIT Web Part feature

image

In the Advanced Section you specify the TARGET Audience user(s) or group(s).

image image

You can use different other settings to HIDE Web Part features from the users

– Select a different VIEW to limit and filter the records shown in the Web Part. And hide the TOOL Bar if needed.

image

In the MISCELANEOUS section you can hide different sections

image

Here you decide to hide the Web Part Toolbar and only leave the INLINE LIST SEARCH available.

– Hiding Search options using Audience Targeting

image

Next you can  set Targeting Audience using SP Groups to limit the search this site feature for certain users.

– Hiding Objects using CSS

Examples to hide the SEARCH box on a site, and more …

<style type="text/css">  
#DeltaPlaceHolderSearchArea {display: none;}
.ms-InlineSearch-SearchStatus {display:none;}
.ms-cui-topBar2 { display : none; }
</style> 

– Hiding Objects using JQuery, give the same effect.

– Hiding Objects using SharePoint Designer : See below

Tools :

1. SharePoint Designer

Hide Libraries from the all site contents

image

image

Use SP Designer Workflows to automate Security settings on Lists and Libraries or Records / Documents

See here for how to.

First activate the Workflows can use app permissions using Site Features

image

Go to Site Settings –> Site App Permissions

image

Copy this part of the GUID and insert it in

image

Go to the Site Collection URL and add this part  “_layouts/15/appinv.aspx”

Workflow App Permissions : See here for the extra steps to complete the whole process

2. PowerShell

Use PowerShell to automate Security settings on Lists and Libraries or Records / Documents

Or to create reports to get visibility on Security.

See here for some good examples

So if you combine all of them, you can go a long way !

But it is important that you have a good security strategy, before starting to build your application.

Enjoy !


Office365 – Onedrive4Business Storage Limits Report

February 25, 2019

Once in a while you may get an E-mail notification from SharePoint that a user has nearly reached the storage limits.

Which is set at 1 Terrbyte ?

In our case there was something weird going on… We had a user that reported a Mail Archive file (PST) of 278 Gb large ?

While the maximum size of a PST is 50 GB

After deleting it and removing it from the Recycle Bin, the problem was solved Smile

How to check the storage size on OneDrive4Business

Solution :

Go to the storman.aspx page :

https://YourTenant-my.sharepoint.com/personal/Account_Name_YourOrganization_com/_layouts/15/storman.aspx

image

Enjoy !


Office 365 – Retrieve User Password Expiration Date

December 4, 2018

Sometimes it will be handy to scan your O365 User base on next Password Expiration Date.

This is done using PowerShell, like this.

First connect to your tenant and execute this script :

CLS

$cred = Get-Credential "your.credentials@company.com"

Connect-MsolService -Credential $cred

$domain = Get-MsolDomain | where {$_.IsDefault -eq $true}

$PasswordPolicy = Get-MsolPasswordPolicy -DomainName $domain.Name

$Account = "Account.ToCheck@company.com" # Change HERE !!

$UserPrincipal  = Get-MsolUser -UserPrincipalName $Account

$UserPrincipal | fl PasswordNeverExpires

$PasswordExpirationDate = $UserPrincipal.LastPasswordChangeTimestamp.AddDays($PasswordPolicy.ValidityPeriod)

Write-host "Password will Expire on : $PasswordExpirationDate"

$StartDate = (GET-DATE)
$DaysLeft = NEW-TIMESPAN -Start $StartDate -End $PasswordExpirationDate
$DaysLeft = [math]::Floor($DaysLeft.TotalDays)

Write-host "Password will Expire in # Days : $DaysLeft"

$UserPrincipal | select DisplayName, LastPasswordChangeTimeStamp,@{Name=”PasswordAge”;Expression={((Get-Date).ToUniversalTime())-$_.LastPasswordChangeTimeStamp}} | sort-object PasswordAge -desc

image

If you want to change the Password Policy to NEVER EXPIRE use this codereset

Set-MsolUser -UserPrincipalName $Account -PasswordNeverExpires $true

If you want to RESET the Password, use this code

Set-MsolUserPassword -UserPrincipalName $Account -NewPassword "PassWord"

Enjoy !


SharePoint – Online ActiveX in Chrome Browser

January 8, 2018

Since I migrated my Hard and Software Inventory Scripts to SharePoint Online.

https://audministrator.wordpress.com/2018/01/08/sharepoint-online-computer-inventory/

I felt the need to check if I could run it in the Chrome Browser as well … ?

Solution :

Step 1. Is to configure Chrome to accept ActiveX Scripts

Open Chrome and go to Settings –> Advanced Options –> Proxy Settings

image

Go to the Security Tab –> Add you SharePoint Online site to the TRUSTED Sites

Next go to Custom Level –> Change the following ActiveX settings

image

Safe and restart Chrome

Step 2. Is to download IETab Extension for Chrome

image

Once installed is will ask you to run a local exe called ietabhelper.exe

And it will show you the Extension Icon here :

image

Step3. Run it and test the Result

Go to the Hardware Inventory Tool in SharePoint Online and click Get Info

image

As you can see it retrieved all the details, to be saved in the SharePoint Online Cloud using the Chrome Browser

How cool is that Smile Smile


SharePoint – Online Computer HW & SW Inventory

January 8, 2018

Nearly 5 years ago I converted the Outlook forms to an on premise SharePoint 2010 Foundation version

https://audministrator.wordpress.com/2013/05/14/sharepoint-computer-hw-sw-inventory/

 

But now it’s time to migrate to Office365 – SharePoint Online !

Basically all of the JavaScripts done in SP 2010 can be reused in the Online version.

 

Solution :

Step 1. I created a new Custom List in SP Online

With the exact same fields and field names as in SP 2010.

 

Step 2. I created the new SP Online Custom Forms

These where created from scratch again

 

Step 3. I migrated the JavaScript / JQuery Scripts

I adjusted the scripts where needed (very little efforts neededs)

 

Step 4. Tested the results

 

New Form :

image

When pressing Get Info, it will check if it can find the PC or Server in your network.

If the field is blank it will present an error message and the button will go RED.

In the other occasion the button will show GREEN.

image

Extra logic in the script will check disk Capacity and show RED if below 10 % free space.

 

Edit Form :

image

Using the EDIT form you can just refresh the data at all times, even if you make a remote VPN to your network.

GREEN means all data has been updated.

 

Display Form :

image

Once all Hardware is loaded you can have the bonus effect to have this info available using the SharePoint Mobile App.

So all the data is at your fingertips wherever you are.

 

Migrating and reusing this logic from MS Exchange Forms to SharePoint Online over more then 15 years, is very rewarding.

 

Isn’t that cool Smile


Office 365 – Email Usages Reports in the Admin Portal

November 24, 2017

When running Email usage reports in the Office 365  Admin Portal.

Gives you the names of the users in a disguised format by default.

 

image

 

You can change this : Settings –> Services & Add-Ins –> Reports

Read the rest of this entry »