Showing posts with label SharePoint Help - http 403 forbidden Error / hiding SharePoint help Icon.. Show all posts
Showing posts with label SharePoint Help - http 403 forbidden Error / hiding SharePoint help Icon.. Show all posts

24 September, 2012

SharePoint Help - http 403 forbidden Error / hiding SharePoint help Icon.

Today one of my client stated that he could not open the ‘Set Blog Permissions’ link on one of this Blogs and got the error message. 



I checked the same on my test site and see the same behavior. Now question is why this is happening?

To give you background: We have SharePoint Help disallowed in our environment due to loop whole for the vulnerability attach with the Help.aspx page as per the MS security Bulletin release.   http://technet.microsoft.com/en-us/security/bulletin/MS10-039

Just going a bit out of track from here, to suggest some other methods to disallow the help in SharePoint.  To Disallowing access to the help content page can be manually done need to run a small SharePoint farm. Follow the steps.
  • open up IIS management console
  • find the web application responsible for the public portal
  • find the _layouts virtual folder
  • find the file help.aspx and open the Properties window for that file
  • Change the access permissions for that file.
  • repeat these steps for "HelpSearch.aspx", too
You'll have to repeat these steps on all servers in your web farm.
If you even don’t want the users to see the Help icon on the site then commenting out the following lines in the master pages does the trick for the icon.


The MS Security Bulletin given above also suggests the automated workaround for this. 

You can easily test whether or not your site is prone to the breach, by using below url on your site:

If your site is prone, you will see a JavaScript popup stating your site is hacked.

Hot fixes to resolve the vulnerabilities: WSS 3.0 hotfix: KB983444, MOSS hotfix: KB979445

Coming back to original question why ‘Set Blog Permissions’ link was not working for the client is that when we click the Set blog permissions link in the Admin web art page of the blog site. It tried to call the java script method/functions 

“javascript:HelpWindowsKey(%27MS_WSS_SetBlogPermissions%27)”. 

This script tries to call the Help.aspx, helpcontent.aspx page using HelpWindowsKey function. Since the Help doesn’t work so does this window.