Office 365 Security – Capabilities & Planning

Moving to the Cloud can introduce new concerns. In this post, i’ll help you address your unique organizational security standards, framed against the products and capabilities of your Office 365 services.

While Microsoft has invested heavily in securing their platforms against cyber attacks, they operate with a shared responsibility model in which the customer is responsible for ensuring their users take precautions to protect information. Many organizations have an information gap where the IT security team does not have visibility into everyday high-risk activity occurring within these services. They often do not know about misuse until it escalates into a major data loss incident.

As a result, many IT security teams need actionable intelligence around a wide range of internal and external threats and security vulnerabilities that can lead to data loss including:

  • Employees downloading sensitive corporate data with the intention of taking that data with them when they leave to join a competitor
  • Malicious administrators accessing data out of policy or data not related to their role, intentionally degrading security settings, or creating dummy accounts for unauthorized third party access
  • High-risk user behavior such as downloading data from company-sanctioned cloud services and uploading it to high-risk shadow IT services
  • Third parties logging into cloud service accounts using stolen or guessed login credentials in order to steal sensitive data
  • Dormant administrator accounts belonging to former employees that can be de-provisioned to eliminate the latent risk of account compromise
  • Data leakage from users due to improper configurations/permission management

The information gathered in this report can help mitigate those types of scenarios, based on Microsoft’s own best-practice foundational security goals:

  • Simplify and protect access​
  • Allow collaboration and prevent leaks
  • Stop external threats​
  • Stay compliant​
  • Secure administrative access​

Introduction to Office 365 Security

Let’s assess risk and implement the most critical security, compliance, and information protection controls to protect your Office 365 tenant. The goal is to prioritize threats, translate threats into technical strategy, and then take a systematic approach to implementing features and controls.

At core to Office 365 Security:

Data Loss Prevention

  • Malware and targeted attacks can cause data breaches; however, user error is a much greater source of data risk​
  • DLP identifies, monitors and protects sensitive data and helps users understand risks​

Auditing and Retention Policies

  • Allow logging of events including viewing, editing and deleting content such as email messages, documents and calendars​

eDiscovery

  • A single experience for searching and preserving email & documents​

Data Deletion

  • Clear commitments and procedures for end-of-life and data destruction​

Data Spillage Management

  • Hardware with your data is locked down

Question: “What are the main differences between security on-premises and security in the public cloud?”​Answer: “You still need to do most of what you’re doing now.

Ensuring that the data and its classification is done correctly, and that the solution will be compliant with regulatory obligations is the responsibility of the customer. ​Physical security is the one responsibility that is wholly owned by cloud service providers when using cloud computing.

The remaining responsibilities are shared between customers and cloud service providers​.

Responsibility Zones

Security Responsibilities Managed by Office 365

Threats Managed by Office 365

Implications

Considering the aforementioned Security Responsibility & Threat patterns, a key conclusion can be drawn as to what your Organizational security focus with Office 365 should be:

  • Authentication Security is critical
  • Tenant Security Configuration is critical

Security Capabilites Plan

Start with a set of standards that can be applied across your organization. Here is an example of what this can look like.

Set Information Protection Standards

Start with a set of standards that can be applied across your organization. Here is an example of what this can look like:

Goal Description
Establish information protection priorities The first step of protecting information is identifying what to protect. Develop clear, simple, and well-communicated guidelines to identify, protect, and monitor the most important data assets anywhere they reside.
Set organization minimum standards Establish minimum standards for devices and accounts accessing any data assets belonging to the organization. This can include device configuration compliance, device wipe, enterprise data protection capabilities, user authentication strength, and user identity.
Find and protect sensitive data Identify and classify sensitive assets. Define the technologies and processes to automatically apply security controls.
Protect high value assets (HVAs) Establish the strongest protection for assets that have a disproportionate impact on the organizations mission or profitability. Perform stringent analysis of HVA lifecycle and security dependencies, establish appropriate security controls and conditions.

Classify Data by Sensitivity Levels

Four levels is a good starting point if your organization doesn’t already have defined Data Sensitivity standards:

Sensitivity Level Description
Confidential Only those who need explicitly need access must be granted it, and only to the least degree in order to do their work (the ‘need to know’ and ‘least privilege’ principles).
Restricted Subject to controls on access, such as only allowing valid logons from a small group of staff. ‘Restricted’ information must be held in such a manner that prevents unauthorised access i.e. on a system that requires a valid and appropriate user to log in before access is granted
Internal Use Can be disclosed or disseminated by its owner to appropriate members of your organization, partners and other individuals, as appropriate by information owners without any restrictions on content or time of publication
Public Can be disclosed or disseminated without any restrictions on content, audience or time of publication. Disclosure or dissemination of the information must not violate any applicable laws or regulations, such as privacy rules.

 

Map Service Capabilities to Data Sensitivity Levels

This table is an example of how capabilities can be mapped to data sensitivity levels:

Service Capability Description
Data is encrypted and available only to authenticated users Provided by default for data stored in Office 365 services. Data is encrypted while it resides in the service and in transit between the service and client devices.
Additional data and identity protection applied broadly Capabilities such as multi-factor authentication (MFA), mobile device management, and Exchange Online Advanced Threat Protection increase protection and substantially raise the minimum standard for protecting devices, accounts, and data.
Sophisticated protection applied to specific data sets Capabilities such as Azure Rights Management (RMS) and Data Loss Protection (DLP) across Office 365 can be used to enforce permissions and other policies that protect sensitive data
Strongest protection and separation Customer Lockbox for Office 365, eDiscovery features in Office 365, and use of auditing features to ensure compliance to policies and prescribed configurations.

 

Office 365 Secure Score

Secure Score analyzes your Office 365 organization’s security based on your regular activities and security settings and assigns a score. Think of it as a credit score for security.

Anyone who has admin permissions (global admin or a custom admin role) for an Office 365 Business Premium or Enterprise subscription can access the Secure Score at https://securescore.office.com. Users who aren’t assigned an admin role won’t be able to access Secure Score. However, admins can use the tool to share their results with other people in their organization.

Secure Score figures out what Office 365 services you’re using (like OneDrive, SharePoint, and Exchange) then looks at your settings and activities and compares them to a baseline established by Microsoft. You’ll get a score based on how aligned you are with best security practices.

Using Secure Score helps increase your organization’s security by encouraging you to use the built-in security features in Office 365 (many of which you already purchased but might not be aware of). Learning more about these features as you use the tool will help give you piece of mind that you’re taking the right steps to protect your organization from threats.

If you want to improve your score, review the action queue to see what you can do to help increase security and reduce risks.

Expand an action to learn about what threats it’ll help protect you from and how you’ll get the job done.

To see the impact of your actions on your organization’s security, go to the Score Analyzer page and review your history.

Click any data point to see a breakdown of your score for that day. You can scroll down to see which controls were enabled and how many points you earned that day for each control.

Add Secure Store to Office 365 Security and Compliance Center Dashboard

Office 365 Secure Score is a great security analytics tool that you can access at https://securescore.office.com. However not everyone knows how to access Secure Score. You can make it easier to discover and quickly review your security position by adding a Secure Score widget to the home page of the Office 365 Security and Compliance Center.

The widget will show your latest score and the maximum points you can obtain. To get more information about your score you can click the “Go to Secure Score” link and it will take you directly to Secure Score to review the additional details.

References

Offerings
Office 365 Secure Productive Enterprise

Getting Started

New technologies and services enhance Microsoft’s unique approach to cybersecurity
Address your CXO’s top five cloud security concerns
Take control of your security and compliance with Office 365
Learn how Office 365 security and compliance leverages intelligence in a cloud first world
Secure Office 365 like a cybersecurity pro—assessing risk and implementing controls
Own your data with next generation access control technology in Office 365
General Data Protection Regulation (GDPR)

How Does Microsoft IT Secure Office 365?

Keep calm and automate: How we secure the Office 365 service

Office 365 Secure Score
Introducing the Office 365 Secure Score
An introduction to Office 365 Secure score
New Office 365 capabilities help you proactively manage security and compliance risk

Advanced Threat Analytics

Learn how Microsoft Advanced Threat Analytics combats persistent threats
Plan and deploy Microsoft Advanced Threat Analytics the right way

Advanced Security Management

Overview of Advanced Security Management in Office 365
Get started with Advanced Security Management
Gain visibility and control with Office 365 Advanced Security Management

Advanced Threat Protection
Introducing Office 365 Advanced Threat Protection
Advanced threat protection for safe attachments and safe links
Learn about advancements in Office 365 Advanced Threat Protection

Data Loss Prevention

Protect your sensitive information with Office 365 Data Loss Prevention
Customize and tune Microsoft Office 365 Data Loss Prevention

Customer Lockbox
Announcing Customer Lockbox for Office 365
Office 365 Customer Lockbox Requests

Developer

Building security and compliance solutions with the O365 Activity API – a Microsoft IT case study

Exchange
Implement Microsoft Exchange Online Protection
Get an edge over attackers – what you need to know about email threats
Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam emails
Learn about advancements in Office 365 Advanced Threat Protection

Advanced eDiscovery

Office 365 Advanced eDiscovery
Video: Office 365 Advanced eDiscovery
Reduce costs and challenges with Office 365 eDiscovery and Analytics

Azure Information Protection

What is Azure Rights Management?
Collaborate confidently using Rights Management
Adopt a comprehensive identity-driven solution for protecting and sharing data securely

Mobile Devices
Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune
Deliver a BYOD program that employees and security teams will love with Microsoft Intune
Manage BYOD and corporate-owned devices with MDM solutions

Encryption

Introducing Office 365 Message Encryption: Send encrypted emails to anyone!
Encryption in Office 365
Challenge cloud encryption myths and learn about Office 365 BYOK plans

Advanced Data Governance

Advanced Data Governance overview
Take control of your data with intelligent data governance in Office 365
Applying intelligence to security and compliance in Office 365

SharePoint Code Analysis Framework 5 released

chartsAndReports_
I’m not one to make a blatant product plug but I really like the SharePoint Code Analysis Framework tool and they’ve upped the ante on how effective it is for running QA on SharePoint code, including tests for SharePoint Apps.

What is the SPCAF tool?
A desktop program that evaluates SharePoint code, solutions, features, Apps etc. and  checks all XML, HTML, ASPX, CSS, JavaScript and also assembly code against the quality policies, calculates metrics, generates dependency graphs and builds an inventory report.

Features list here: http://www.spcaf.com/features/

Grab it from: http://visualstudiogallery.msdn.microsoft.com/d3b2aaf7-0d6a-4995-a4e5-4153c57e3889

WARNING: This tool can reveal flaws big and small in your SharePoint Solutions. Prepare for some soul-crushing issues to be discovered in your code that your previously considered beautiful.  Hearts may be broken but remember the phoenix always rises out of the ashes. SharePoint is hard, Dev is hard, SharePoint + Dev = well.. a grey hair or two should be expected. Tools like SPCAF help keep us in line with best practices.

You may find that some of the problems reported by SPCAF do not meet your operational engineering minimum standards for rectifying – in particular HTML, CSS, & JS validation is such a patchwork of standards & recommendations, automated validation reports need to be taken with a grain of salt.

Overall, I’ve found SPCAF to be a worthwhile exercise to run on any major chunk of new or updated SharePoint code.

New Features in v5

  • Analyzers
    • New analyzer for JavaScript code applies ca. 150 rules to .JS files in WSPs and Apps
    • New analyzer for SharePoint Apps with lots of rules, metrics, dependencies and inventory checks
  • Client application
    • Completely new client application to improve usability and functionality
    • New client application “Result Viewer” (separate download) to view analysis results without license
    • New settings editor application
  • Migration Assessment
    • New analyzers and reports to analyze WSPs and give recommendations for a transition to the App model
    • Free limited version available
  • Reporting
    • New format of HTML reports with filters, charts, sorting, grouping and many more
    • Extensibility with custom reports and report section
    • New reporting engine based on Razor to ease the creation of custom reports
    • New report type PDF

Can’t wait to try SPCAF? Get your trial now or update the SharePoint Code Analysis Framework already installed on your machine.

New Client Application

The new SPCAF client makes your code analysis even easier.

Just drop your WSP or App Packages in the center of the application and start the analysis or access your recent analysis results directly from the start screen.

Learn more

Client_StartSeite
SPCAF Client

Better Analysis Dashboard

The new analysis dashboard shows you a 360° degree overview of Code Quality, Metrics, Dependencies and Inventory.

From there you can access the individual reports and download Word, PDF, XML or CSV reports to share them with team members.

Learn more

SPCAF Analysis Dashboard
SPCAF Analysis Dashboard

New dynamic reports

The new reports have a simple overview dashboard showing the key findings in a graphical presentation.

You can filter, sort and re-arrange the results and dig down deep into source code to find out what is inside your solution or app.

Learn more

Client_Report
SharePoint Code Quality Report

 

Code Quality Analysis HTML DOCX PDF XML CSV
Code Metrics HTML DOCX PDF XML CSV
Code Dependency Analysis HTML DOCX PDF XML CSV DGML
Code Inventory HTML DOCX PDF XML CSV
Code Migration Assessment HTML DOCX PDF XML

New SharePoint Code Migration Assessment Report

Full trust customizations are the main risk and cost driver for migrations to a newer SharePoint version or to Office 365. Without knowing what has been customized you cannot manage the transformation or elimination of custom code.

The new SharePoint Code Migration Assessment provides deep insight into your customizations and allows better effort estimations and risk mitigation.

Learn more

Client_Report
SharePoint Migration Assessment Report

New Analyzers for Apps and JavaScript

With the JavaScript and Apps becoming the only future-proof way of customizing SharePoint both on-premises and in the cloud many seasoned SharePoint developers are now facing a paradigm shift which requires them to adjust their skills.

With the new App and JavaScript analyzers, which contain already in this first release over 170 rules, developers can assure their code quality with SPCAF like they are used to for full-trust code.

Learn more

Client_Report
Documentation of JavaScript Rules

Try it!

Would you like to see these new features in action?

Get a trial and start getting your SharePoint Code under control!

vSharePoint Presentation May 31 – SharePoint 2010 Permissions

Thanks to all for showing up last night, we had a great turn out. Cheers to Chris Stone for his presentation on Business Intelligence and to Sector for hosting us again. If you are in Victoria BC be sure to check out the next SharePoint meetup at:

http://www.meetup.com/vSharePoint/
http://www.vsharepoint.com

SharePoint 2010 Permissions Presentation

vSharePoint-SharePoint 2010 Permissions (PowerPoint)
vSharePoint-SharePoint 2010 Permissions (PDF)

1. SharePoint 2010Permissions
2. Access Management Terminology- Permissions – single units of access that represent specific tasks that can be performed at the list, site, or personalization level – permission levels are made up of sets of permissions – SharePoint ships with a core list of permissions that cannot be edited, added to or deleted- Users – smallest value to which access can be granted – value corresponds to an account in Active Directory or another host application for user accounts- Groups – a set of users who will have identical access needs- Securable objects – levels within SharePoint 2010 that can be “locked down,” or secured, by setting specific user access- Inheritance – used to describe how user access is created by default within SharePoint- Security Trimming & Indexing – SharePoint will only show you search results for content you have access to, and for which SharePoint understands the security- Audiences – Used to target content to specific sets of users – Defined in the User Profile Service Application in Central Admin – NOT a security setting but simply a way to display pertinent content to specific users
3. Topology Web Application
4. Permission Levels- Permission Levels are collections of permissions – level of access that users with the assigned permission have is based on the permissions that make up the permission level.- Defined at the site collection- Managed by Site Collection Administrators – Customize an existing permission level – Copy an existing permissions level and edit the copy – Create a new permission level “from scratch”
5. Default Permission CollectionPermission Level DescriptionFull Control -Contains all permissions. -Assigned to the Owners SharePoint group, by default – cannot be customized or deleted.Design – Can create lists and document libraries, edit pages and apply themes, borders, and style – Not assigned to any SharePoint group, by default.Contribute – Can add, edit, and delete items in existing lists and document libraries. – Assigned to the Members SharePoint group, by default.Read – Read-only access to the Web site – Assigned to the Visitors SharePoint group, by default.Limited Access – Designed to be combined with fine-grained permissions to give users access to a specific list, document library, item, or document, without giving them access to the entire site. – To access a list or library a user must have permission to open the parent Web site and read shared data such as the theme and navigation bars of the Web site. – Cannot be customized or deleted. – You cannot assign this permission level to users or SharePoint groups, instead, SharePoint automatically assigns this permission level to users and SharePoint groups when you grant them access to an object on your site that requires that they have access to a higher level object on which they do not have permissions. For example, if you grant users access to an item in a list and they do not have access to the list itself, SharePoint automatically grants them Limited Access on the list, and also the site, if needed.
6. Web Application Policy- Central Administration > Manage Web Applications- Configures policy-based access to all content in a web application- Allow and Deny – Deny overrides any allow permissions- SharePoint 2010 allows you to define policies for any available permission
7. Site Security- Site Actions > Site Permissions- Groups are established at the site collection – Can be given permissions at the site level – Permission inherits down from there – When you create a group you do not have to assign a permission – A group without a permission at the site can still be assigned permissions to another securable object- Create a sub-site – Unique or Inherited Permissions
8. Default Groups- Owners: Full Control- Visitors: Read- Members: Contribute- Features add more groups (Designers, etc.)- The Members group is the “default members groups”
9. SharePoint Groups- Enable hierarchical membership management – Create a group named Site Managers > owned by site collection administrators > membership managed by owner (site collection administrators) – Site members (and other groups) > Owned by Site managers > Membership managed by owner (Site Managers)- Enable Access Requests – Add link to request page for the group – Optionally enable auto-accept of access requests- Control Member Visibility
10. Group Management Comparison- Active Directory – Technical user interface (AD Users & Computers) – No provisioning (requests, workflows) – Difficult delegation of membership management – Centralized security (group membership) management- SharePoint – Non-technical user interface – Easy delegation of group membership management – Optional provisioning of membership requests – Unified view of SharePoint groups & users – Only applies to SharePoint
11. Using Active Directory Groups- Assigning permissions directly to AD groups – Possible but not recommended > Assumes that content will always be hosted in a web application using AD as its authentication provider- Nest Active Directory groups in SharePoint groups – Add to a SharePoint group and give permissions (recommended) > user > Active Directory group > SharePoint group – Must be a security group (not a distribution group) > Distribution groups are expanded and then must be kept in sync- Distribution groups can be used to create audiences
12. To Nest or Not to NestUsers > Active Directory Group > SharePoint group- Ideal world: Synchronization of membership between Active Directory and SharePoint groups- “Intranet” sites: AD groups  SP groups to define access – Add site to users’ My Sites with personalization site links – Support easy management of access – Add site to users’ My Sites with personalization site links- “Collab” sites: Add users directly to SP groups – Provide My Site visibility – Provide visibility of user in user information list – Provide visibility to site owners and members – Support collaboration
13. List & Library Permissions- List > List Settings / Library > Library Settings- Stop Inheriting Permissions – Copies inherited permissions as initial explicit permissions – Can reset with Inherit Permissions button- Ribbon Actions for Selected Group(s)/user(s) – Grant Permissions – Remove User (or group) Permissions – Edit User (or group) Permissions – Check permissions: Resultant set of permissions – Anonymous Access
14. Folder & Item/Document SecurityItems & Documents will be referred to in this presentation as “Items” unless specific difference needsto be highlighted- Change permissions on a folder or item – Item > Arrow > Manage Permissions – When viewing the item properties in SharePoint > Edit Permissions
15. Inheritance- Permissions (role assignments) are inherited from the parent object- Inheritance can be broken – All permissions are explicit – Any changes to parent do not affect the child object- Inheritance can be reinstated – All customizations (explicit permissions) are lost- Use inheritance wherever possible – Simplicity, coherence, maintainability
16. Effective Permissions- SharePoint access is based on a per URI (web address) basis – The permission to the URI is all that matters – These kids are wild: no need to ask the parents permission – No equivalent to NTFS (Windows folder security) Traverse Folder permission- Explicit Inherited – One or the other – Different than NTFS (inherited + explicit)- Check Effective Permissions button – Shows you the actual effective permission level
17. Security Trimming & Indexing- The SharePoint interface and search results are security-trimmed – User don’t see what they do not have permission to read- Item-level permissions on pages in a Page Library – Problem: A Web Part displays items > Users don’t see items they don’t have access to > The crawler sees all items in the web part and indexes them – When inheritance is stopped within a site, all Web Part content on ASPX pages is not indexed by default – Site Settings > Search and Offline Availability > Indexing ASPX Page Content
18. Permission LevelsPublishing Feature Collection Manage – Available only with Publishing Features Hierarchy turned on Restricted Read Publishing Feature Approve
19. SharePoint Security Notes- Columns can not be secured uniquely (out of the box) – Performance – Conditional formatting – Related Lists – Third party solutions- Audiences – Make content visible to users – Effect can be close to security, but it is not security
20. Information Management Policies- In-place records management – New in SharePoint 2010 – Record library still supported for dedicated record libraries- Enable the feature at the site collection level- Declare records management attributes – Site Collection – Folder – Content type- Supports security at the document level withoutpermissions- Information rights policies – Relies on Active Directory Rights Management Services
21. Conclusion- Remember: limited access is for SharePoint to manage unique permissions. It neither means someone is limited to access something, nor does it mean they have limited access to something. Ignore it- Permissions can be defined at creation of a site (more options) but can’t be during creation of a new list or library (in the GUI at least)- When in doubt, check effective permissions- Help your users, set a valid email account for ‘manage access requests’- Finally, build sites based on a ‘team’ of people. Setting individual permissionsshouldn’t be something you do all the time, it should be in the ‘odd timesneeded’ not the goto action
22. Q&A + Contact Any Questions? Contact Details: Keith Tuomi ktuomi@itgroove.net itgroove.net

Nintex Custom Actions permissions – Understanding RunWithElevatedPrivileges

When trying to do a simple System.IO.File.Copy inside the context of a Custom Nintex Action I wrote, I found that I couldn’t get the file to copy to a particular Windows Server File Share. Even though I had assigned the user name that was running the Nintex Workflow Read/Write permissions on the share, it would fail with an error indicating lack of access to that folder.

It worked ok if I set “Everyone” with Read/Write permissions. Reviewed the great article on Windows Server 2008 File Share setup at http://www.techotopia.com/index.php/Configuring_Windows_Server_2008_File_Sharing , still it was clear the File Share was just net configured right.

The source of the issue is that in running the File Copy code inside a RunWithElevatedPrivileges block, it is actually using a different account than the one running the workflow. Here is the Nintex Execute Activity function in question:

protected override ActivityExecutionStatus Execute(ActivityExecutionContext executionContext)
		{
			NWWorkflowContext ctx = NWWorkflowContext.GetContext(
			   this.__Context,
			   new Guid(this.__ListId),
			   this.__ListItem.Id,
			   this.WorkflowInstanceId,
			   this);

			base.LogProgressStart(ctx);
				SPSecurity.RunWithElevatedPrivileges(() =>
				{
					if (!Directory.Exists(ctx.AddContextDataToString(OutputPath)))
						Directory.CreateDirectory(ctx.AddContextDataToString(OutputPath));
					File.Copy(ctx.AddContextDataToString(SourcePath) + ctx.AddContextDataToString(strFileName),ctx.AddContextDataToString(OutputPath) + ctx.AddContextDataToString(strFileName),true);
				});
			}
			catch (Exception ex2)
			{
			    EventLog.WriteEntry("CopyFile Create Exception - Source File [" + SourcePath + strFileName + "] Output File [ " + OutputPath + strFileName + "]", ex2.Message + ", StackTrace: " + ex2.StackTrace, EventLogEntryType.Error, 9999);
			}
			base.LogProgressEnd(ctx, executionContext);
			return ActivityExecutionStatus.Closed;
		}

The thing to remember regarding this method call is that the account NAME that is being used is “SHAREPOINT/SYSTEM” and this does not resolve to an actual domain account. Now the only time this becomes and issue is when one is referring to Windows resources outside of SharePoint. Again this is only intended to be used for resources within SharePoint. If your function code is say calling even a SharePoint web service and one sets the web service “Credential” to “System.Network.CredentialCache.DefaultNetworkCredential” that the service call will in fact fail because IIS will not be able to resolve the domain account “SHAREPOINT/SYSTEM”. If the case is one needs to access external data then consider using a Secure Store credentials.

I’ve always found that the nuances of RunWithElevatedPrivileges cause much confusion as well as some weird and wonderful behavior if not properly understood. While the documentation here does a good job of explaining how and when to use it, it’s missing a key piece of information and that’s how the mechanism actually works.

Behind the scenes, RunWithElevatedPrivileges impersonates the identity of the current thread. In effect, this means that the delegate will run under the context of the application pool account, in the case of the code being called in the W3P process, or in the context of the SPTimerv4 service, in the case of the code being called in a workflow, timer job or anything else that’s kicked off using the timer. If the code is running in a console application or some other user-initiated app, the delegate will be kicked off using the context of the user who started the application. (Which would be the default behavior anyway).

When using workflows, bear in mind that the workflow may start running under W3P but continue executing under owstimer (SPTimerV4) depending on what it’s actually doing. In this case a delegate executed using RunWithElevatedPrivileges would not neccesarily yeild the same result.

PS nifty trick if you’ve forgotten about it: just add a $ to the end of the share name (rendering it accessible but invisible when people browse the shares).

Firefox Friday #1 – Useful Plugins for SharePoint Development

As SharePoint developers we are bound to IE but often fallback to other browsers for various reasons such as performance, HTML standards compliance, or in my case with Firefox – the plugins available.   The official Technet on what is and is not supported on various browsers (Chrome is notably not even in there): http://technet.microsoft.com/en-us/library/cc263526.aspx. I will follow up this post with a list of what specifically will not work with SharePoint when using Firefox (so you can’t say I didn’t warn you!)

While Google Chrome is definitely a solid choice, if you are using Firefox the following plugins will help you out:

FasterFox Plugin

Download: http://fasterfox.mozdev.org/
Description:
Various network tweaks that deliver a zippy experience. This will also speed up your SharePoint user experience greatly too.

  • Prefetch Links
    Dynamic speed increases can be obtained with Fasterfox’s unique
    prefetching mechanism, which recycles idle bandwidth by silently
    loading and caching all of the links on the page you are browsing.
  • Tweak Network
    Fasterfox allows you to tweak many network and rendering
    settings such as simultaneous connections, pipelining, cache,
    DNS cache, and initial paint delay.
  • Page Load Timer
    A millisecond accurate page load timer tests the effectiveness
    of your settings.
  • Block Popups
    A popup blocker for popups initiated by Flash plug-ins is also
    included.

Notes:
1. Remember, just because you’ve got a turbocharged browser doesn’t mean your colleagues or clients do.  This plugin is a double-edged sword because you can get lazy or indifferent about performance problems on web applications. If you are developing, testing, or QA’ing systems you should either use a different browser (COUGH IETester COUGH) or temporarily disable Fasterfox.

2. The out of the box setting in the Firefox > Add-Ons > FasterFox > Options menu is “Optimized“. Set that bad boy to “Turbo Charged” and to hell with playing nice with server resources – our time is worth more!


Windows Media Player Plugin for Firefox

Download: http://www.interoperabilitybridges.com/windows-media-player-firefox-plugin-download
Description: Lets you run Windows Media content in Firefox. In particular you will be able to stream WMV videos such as the ones we have in the newly minted it groove SharePoint center directly in your browser window.

Web Developer Toolbar

Download: https://addons.mozilla.org/en-US/firefox/addon/web-developer/
Description: Adds a toolbar with a slew of options essential for anything webby. CSS, Forms, Images, Cookies, Viewing Source – instantly get Xray vision into any web page.

iMacros for Firefox

Download: https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox/?src=collection&collection_id=da0ecd99-2289-7ab0-7d57-e7c489c845c3
Description: Automate Firefox. Record and replay repetitious work. If you love the
Firefox web browser, but are tired of repetitive tasks like visiting the
same sites every days, filling out forms, and remembering passwords,
then iMacros for Firefox is the solution you’ve been dreaming of!
***Whatever you do with Firefox, iMacros can automate it.***

Colorzilla

Download: https://addons.mozilla.org/en-US/firefox/addon/colorzilla/
Description: With ColorZilla you can get a color reading from any point in your
browser, quickly adjust this color and paste it into another program.
You can Zoom the page you are viewing and measure distances between any
two points on the page. The built-in palette browser allows choosing
colors from pre-defined color sets and saving the most used colors in
custom palettes.

Basic end-user usage could be grabbing the color code for the blue from a clients logo and matching it up to another design element.

Firebug

Download: http://getfirebug.com/
Description: Firebug integrates with Firefox to put a wealth of web development tools
at your fingertips while you browse. You can edit, debug, and monitor
CSS, HTML, and JavaScript live in any web page.

Learning to use Firebug is a whole different topic but it is possible for non-developers to get working with it to quickly id and delegate issues due to Javascript or CSS issues, broken images, etc.

Firebug also is required for Yahoo YSlow and the Google Pagespeed Firefox Plugins