11 September, 2012

Auditing User Activities in SharePoint 2007

Scope
This documentation is to find or trace user activities on SharePoint website

Purpose
When we enable Audit Logs in SharePoint, we can track all the events related to additions and deletions of users/groups in SharePoint.

We can trace the same events using SQL queries queried on site content database as a SharePoint Administrator in more detailed manner.

Steps for Auditing
Below are the queries which have been used to trace the user deletions:
1.       Get the group ID and Site ID from below query
SELECT * from Groups with (nolock) where Title=’GroupName’;

2.       Get all deleted instances of that particular site scope from the below query…
SELECT * from AuditData with (nolock) where EventData like '<roleid>-1</roleid><principalid>’Principal ID’</principalid>%' and ItemType=6 and Event=’Event Id’;

3.       Get the User details with the ID ‘Owner ID’ using the below query...
SELECT * from UserInfo with (nolock) where tp_ID=’Owner ID’;

4.       Get the permissions which are deleted in the above Site Scope by USER from below Query…
SELECT * from dbo.Perms with (nolock) where ScopeId=’Scope ID';

Change the SharePoint system account password

Step1.   Update the password for the account that is used by the Central Administration application pool. To do this, follow these steps:
               
On the server farm, open a command prompt, type the following line, and then press ENTER:
cd %commonprogramfiles%\Microsoft Shared\Web server extensions\12\Bin

On the server that hosts the Central Administration Web site, type the following line at the command
prompt, and then press ENTER:
stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword

On all other servers in the server farm, type the following line at the command prompt, and then press
ENTER:
stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword –local

Restart Microsoft Internet Information Services (IIS) 6.0. To do this, type the following line at the
command prompt, and then press ENTER:
iisreset /noforce               
Step2.   Verify that the Administration Application Pool Credential Deployment job definition is no longer displayed on the Timer Job Definitions page of SharePoint 3.0 Central Administration. To do this, follow these steps:
               
·         Open SharePoint 3.0 Central Administration, click Operations, and then click Timer job definitions under Global Configuration.
·         Verify that the Administration Application Pool Credential Deployment job definition is no longer displayed in the list.
Note: If the Administration Application Pool Credential Deployment job definition is displayed in the list, wait until it disappears from the list or delete after 10 minutes.
               
Step3.   Update the password for the application pool account that is used by Web applications on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm -o updateaccountpassword -userlogin DomainName\UserName -password NewPassword -noadmin
                               
Step4.   Update the password for the account that is used to run the Windows SharePoint Services Help Search service. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o spsearch -farmserviceaccount DomainName\UserName -farmservicepassword NewPassword
               
Step5.   Update the password for the default content access account that is used by the Windows SharePoint Services Help Search service. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o spsearch -farmcontentaccessaccount DomainName\UserName -farmcontentaccesspassword NewPassword
                              
Step6.   Update the password for the account that is used by every Shared Services Provider (SSP) on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o editssp -title SharedServicesProviderName -ssplogin DomainName\UserName -ssppassword NewPassword
               
 Step7.   Update the password for the account that is used to run the Office SharePoint Server Search service. To do this, type the following line at the command prompt, and then press ENTER:
stsadm.exe -o osearch -farmserviceaccount DomainName\UserName -farmservicepassword NewPassword
               
Step8.   If the server farm is configured to use single sign-on, update the password for the account that is used by the Microsoft Single Sign-On Service. To do this, follow these steps:

·         Click Operations in SharePoint 3.0 Central Administration, and then click Service accounts under Security Configuration.
·         Under Windows service, click Single Sign-On Service.
·         Under Configurable, specify the password, and then click OK.
               
Step9.   Update the password for the default content access account that is used by the Office SharePoint Server Search service. To do this, follow these steps:

·         Open SharePoint 3.0 Central Administration, and then click the link to the SSP Web application under Shared Services Administration.
·         Under Search, click Search settings, and then click Default content access account.
·         Specify the password to use for the content access account, and then click OK.

Web Services Uncovered: SharePoint 2007.


Today we are going to talk about the Web services in SharePoint. We all know SharePoint provide very extensive support for the web services, writing custom web services, we will try to compile some information on this. 

What is a web Service?

A Web service is a method of communication between two electronic devices over the Web (Internet).

The W3C defines a "Web service" as "a software system designed to support interoperable machine-to-machine interaction over a network". It has an interface described in a machine-processable format (specifically Web Services Description Language, known by the acronym WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.

What is SOAP? 
SOAP, originally defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks. It relies on Extensible Markup Language (XML) for its message format, and usually relies on other Application Layer protocols, most notably Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.

Web services protocol stack?

A web service protocol stack is a protocol stack (a stack of computer networking protocols) that is used to define, locate, implement, and make Web services interact with each other. A Web service protocol stack typically stacks four protocols:
  • (Service) Transport Protocol: responsible for transporting messages between network applications and includes protocols such as HTTP, SMTP, FTP, as well as the more recent Blocks Extensible Exchange Protocol (BEEP).
  • (XML) Messaging Protocol: responsible for encoding messages in a common XML format so that they can be understood at either end of a network connection. Currently, this area includes such protocols as XML-RPC, WS-Addressing, and SOAP.
  • (Service) Description Protocol: used for describing the public interface to a specific Web service. The WSDL interface format is typically used for this purpose.
  • (Service) Discovery Protocol: centralizes services into a common registry such that network Web services can publish their location and description, and makes it easy to discover what services are available on the network.
Web Services in SharePoint?

The web service .asmx files are located at "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\ISAPI"
Every SharePoint Site has a virtual directory known as "_vti_bin" which maps to the above directory.  Don't believe me?  Open up your IIS management console, go to one of your web apps, and look where "_vti_bin" maps to in the file system.

Here is a list of the web services:
Name
URL
http://<AdminSite>/_vti_adm/Admin.asmx
http://<Site>/_vti_bin/Alerts.asmx
http://<Site>/_vti_bin/Authentication.asmx
http://<Site>/_vti_bin/Copy.asmx
http://<Site>/_vti_bin/Dws.asmx
http://<Site>/_vti_bin/Forms.asmx
http://<Site>/_vti_bin/Imaging.asmx
http://<Site>/_vti_bin/DspSts.asmx
http://<Site>/_vti_bin/Lists.asmx
http://<Site>/_vti_bin/Meetings.asmx
http://<Site>/_vti_bin/People.asmx
http://<Site>/_vti_bin/Permissions.asmx
(in stssoap.dll)
http://<Site>/_vti_bin/SiteData.asmx
http://<Site>/_vti_bin/Sites.asmx
http://<Site>/_vti_bin/spsearch.asmx
http://<Site>/_vti_bin/usergroup.asmx
http://<Site>/_vti_bin/Versions.asmx
http://<Site>/_vti_bin/Views.asmx
http://<Site>/_vti_bin/WebPartPages.asmx
http://<Site>/_vti_bin/Webs.asmx

SharePoint has a rich list of Web Services it support so it is always good to keep handy the SharePoint Web Services Link provided by Microsoft, http://msdn.microsoft.com/en-us/library/ms445292.aspx
 
A nice reference to the well explained Architecture of Web services by Trent Swanson: http://www.infoq.com/articles/swanson-moss-web-services.
You nice video on calling web services  using silver light application: http://www.youtube.com/watch?v=_-Z30-1sdXY

If you have any queries/questions regarding the above mentioned information then please let me know. Thank you. 

Data Security in the Cloud: Who's Responsible & How Does It Happen?


Does your company use a cloud service to store sensitive or confidential data? If so, where does the responsibility lie for keeping that data secure? These are a couple of the questions addressed in a new study released by Thales e-Security. The study, titled "Encryption in the Cloud," also focused on data encryption with cloud solutions and where such encryption is applied.
One of the big surprises in the survey data comes from how many companies are using the cloud for sensitive or confidential data: nearly half, 49 percent, of respondents do so currently, and another third said their companies likely would do so within the next two years. With that amount of sensitive corporate data going to the cloud, data security must be a primary concern -- or so you might think.
Another section of the survey, which was conducted by the Ponemon Institute, looked at where companies felt the responsibility fell for keeping safe that data they were sending to the cloud. Here, 44 percent of respondents said they felt the primary responsibility for data security was with the cloud provider, while only 30 percent thought primary responsibility was with the data owner (i.e., the company that's sending sensitive data to the cloud). Another 24 percent thought there should be a shared responsibility.
 
I would have thought that businesses that had strong concerns for the security of their data would have answered more towards keeping responsibility for themselves, or possibly sharing responsibility -- after all, regardless of where the data is, your company is still the one on the hook if your customers' data gets loose. When you couple that possibility with another finding from the research -- namely, that 63 percent of respondents said they had no idea what security measures cloud providers used to secure the sensitive data entrusted to them -- it begins to look like companies are simply taking an easy solution by sending data to the cloud and washing their hands of responsibility. They're hoping the hammer of data loss won't fall on them.
Richard Moulds, vice president of product management and strategy for Thales e-Security, had another possibility in mind. "It may be the case that the companies that are sending data to the cloud today are the ones that are encrypting it themselves and keeping hold of the keys," he said, "and therefore have a pretty high security posture and feel pretty good about it because they know that they are in control." Key management is, uh, key, according to Moulds, when using encryption: Make sure you're not storing the key with the encrypted data.
"Encryption is a very definitive approach to security," Moulds said. "It's either encrypted or it's not, it's black or white. It's a very binary type of security. I think that's why regulators like it -- it's the reason it's mandated in policies like PCI DSS. Mandating the use of a firewall is a bit wishy-washy because you can have a good or bad firewall. You don't see the use of firewalls or intrusion detection as factors in data breach disclosure law." Of course, when considering a cloud solution, data encryption can be applied at different points: on the customer side before transmission; during transmission; or in the cloud itself.
 
Regardless of which method (or methods) you choose, Moulds believes it's important for the enterprise to maintain control of the encryption keys. "I can imagine a world where data is shared with the cloud in encrypted form and is selectively decrypted by the enterprise giving out keys on demand to cloud providers or applications in the cloud -- then they can do something with that data. So the data is still, as it lies, protected. It's protected by default, and it's selectively unprotected just to the point of use," Moulds said.
The level of control Moulds envisions is not, perhaps, borne out by the survey data of what businesses are currently doing -- but then, he did say he was imagining. Encryption is clearly useful for protecting data, but James D. Brown, CTO for StillSecure, believes that taking a layered approach to security is best, whether in the cloud or on the local network. Brown also said he felt the job of managing data security should be in the hands of security experts.
"Security really needs to be a 24 by 7 operation," Brown said. "It's not something where you set up a product and leave it sitting in a closet somewhere and check it once in a while. If you do that, chances are you're going to be attacked and compromised and you'll be looking at that information after the fact. It really needs to be monitored 24 by 7, and it needs to be monitored by experts, and it needs to be deployed by experts."

As more companies move important chunks of their business processes and corresponding data to cloud providers, questions about cloud security can only increase. If you're interested in more findings from "Encryption in the Cloud," be sure to download the complete report. And if you're interested in a little extra chilling factor, consider this: This study addresses the data organizations knowingly transfer to cloud sites; it doesn't consider the corporate data your employees might be sending to personal data sharing sites, and the related risks associated with such behavior. That, of course, is a topic for another day.
Ref: http://www.windowsitpro.com