Join the #CodeGeneration Movement

Building on Microsoft’s recent announcement to invest $75 million in community programs to increase access to computer science education for all youth worldwide, Microsoft Canada is launching the #codegeneration movement – to inspire Canadian youth (13 -18 year olds) to learn more about coding. #codegeneration will run from now until Computer Science Education Week (December 7-13). 

Join the Movement!

Help us spread the word and teach Canadian youth to create with technology. Anyone can code, it’s simple and easy.

  • Coding Challenges: For the next five weeks, Microsoft will be issuing coding challenges at www.CodeGeneration.ca. Students who complete these weekly challenges will have the chance to win points towards prizes while learning the basics of coding; and parents and teachers can find resources to help them lead students in these challenges themselves.
  • “Hour of Code” Sessions: As a founding corporate supporter of Code.org, Microsoft is offering free Preparation Webinars with live chat for questions and answers on November 24 and December 1.  Ready to hold your own Hour of Code with your students – download your toolkit today and lead them through a Minecraft tutorial.  Or schedule a field trip to a local Microsoft Retail Stores during Computer Science Education Week to give young developers the opportunity to learn coding. For more info, please visit the In-Store event section at a store near you.

Spread the word!

Microsoft Ignite Conference: Day 4 Round-Up

Last day of the MS Ignite conference for me. Let’s take it to the bridge:
Bridge

Another metaphor? You betcha:

– Cloud vs on-premise
– Microsoft as Service Provider vs Shrink Wrapper
– Unified experiences vs Diversified devices
– People-driven Intranets vs Intranet-driven people
– Windows OS as a true personal & biz life and productivity platform vs Windows OS as a 900 pound gorilla

My top picks for Day 4 in the SharePoint/Office 365 realm (with a little .NET 5 in there to maintain my Dev street cred):

My last-day sessions:

JEA: A PowerShell Toolkit to Secure a Post-Snowden World

When asked what to do about corporate hacking, Ex NSA Director Michael Hayden replied, “Man up and defend yourselves.” Edward Snowden then rocked the world by disclosing privileged NSA information. JitJea stands for “Just In Time, Just Enough Admin.” It’s a Windows PowerShell toolkit that admins use to perform functions without giving them admin privileges.

MVP Panel: SharePoint On-Premises, Online and Everything in Between
Imagine five great minds coming together to talk about Microsoft SharePoint across the board, be it within Microsoft Office 365, in Microsoft Azure, on-premises and certainly hybrid. Via a panel Q&A format, these MVP experts expose how online and hybrid improvements increase both deployment scenarios and value. This session is designed to help ITIs and ITDMs find the right cloud formula to deploy based on practical business and technical considerations. This is a must-not-miss session for any IT pro!

How to Decide When to Use SharePoint and Yammer and Office 365 Groups and Outlook and Skype
Your users may struggle with these questions: Should I share a message via Skype for Business instead of Yammer, Office 365 Groups, or Exchange? Should I collaborate on data using an Excel sheet or a SharePoint list? Should I share a file in Outlook, in a meeting, from OneDrive for Business, on Yammer, in a Group, or in a SharePoint site? This session is the ‘How To’ user’s guide What happens when your users can’t decide what technology or feature to use? They use what they know, or what’s easy; even if better options exist. In this session, Richard and Kanwal help you maximize the value of your Office 365 investment by providing the guidance you need to help your users make better, more effective decisions on how they get work done.

Experts Unplugged: Office 365 Security

OneNote for OneLife: From Notes to Productivity and Platform
OneNote is awesome. Really. Knowledge, learning and info on the bleeding edge benefits from structure – but not too much structure. We all need a place to inscribe understanding, without having to go overboard on the word-processing end of things.  I’m always thrilled to hang out with the OneNote crew as I sometimes wonder if they know they have the future of Education and Wikis in their hands.

Microsoft OneNote gives you one place for your notes and other content with you, anywhere now that OneNote is across all platforms and devices. Write by hand, type, record, snap a picture, clip from the web, or use a growing number of other partner apps and devices and OneNote saves it. Organized or not, you can easily find your notes in any form (text, writing, picture, or audio) with OneNote search. This session demonstrates end-user productivity scenarios at work to give you a clear understanding of how OneNote can help drive adoption of Office 365 with cross-platform, real-time collaboration, and extensibility with OneNote API. You’ll walk away wanting to use, evangelize, and build on OneNote personally or for your organization.

Microsoft Ignite Conference: Day 3 Round-Up

I’ll kick off Day 3’s post with another imprint of pure experience. Scale- On-premise, Cloud, Global, Local. The rush/distraction/tunnel vision of being one of 23,000+ people moving through the Microsoft Ignite conference, contrasted with simple but essential logistics like bio-breaks and food, are a big parallel for me to the distinct juncture we are at in technology:  empower everyone at a mass scale, but make sure the human details are taken care of, and that everyone has a voice.

The entrance hall may resemble a slightly above average shopping mall scene for most, but in context, on the ground, it was more like the entrance to a spaceship waiting to take off:
Entrance

Existential experiences aside, I waited a full 5 minutes for cell phone guy to abandon his hostile takeover of Microsoft (pleading eye contact included), and finally realized that was 5 minutes I would never get back, so I snapped my obligatory “largest Expo Hall ever” pic:
Microsoft
Really, words don’t help much with describing the scale of this event. 23,000 of the world’s finest Microsoft-oriented IT professionals in not one, but two Conference centers daisy-chained together. Being from Canada, the SCALE of business in America is always impressive-  this time it was the hammer of Thor (axe of Abe Lincoln?). There were numerous, well-attended core educational/interactive groups with all the best of the Microsoft team providing direct interaction with attendees. These were no tradeshow stunt doubles, but really the actual program leads and people who make things move at Microsoft. Super high quality interactions all over the floor.

Office 365

TechNet is my bible, which would make Joanne & KC here (Senior Content Writers for Microsoft), pretty high up in the toga-wearing department:
TechNet Rocks

Aside from the separate, colossal pool of core Microsoft and Partner & Vendor talent present in the Expo Hall, here’s the top sessions from day 3, on the SharePoint/Office 365 tip (with some guest appearances from OneNote & Visio, as I love both):

Whats New for IT Professionals in SharePoint Server 2016
What's New for IT Professionals in SharePoint Server 2016

“Engineering paths directly influenced by SP Uservoice” See: https://sharepoint.uservoice.com/forums/282887-customer-feedback-for-sharepoint-server
“Durable Links- permalinks based on resource ID. Move Docs freely, URL stays the same”
“No downtime CU patching”
“OneDrive integration big priority for Engineering team”

 

This article describes initial investments made in installation and deployment of SharePoint Server 2016: http://blogs.technet.com/b/wbaer/archive/2015/05/12/what-s-new-in-sharepoint-server-2016-installation-and-deployment.aspx

MinRole for the win!!
image10_00727E0C

Embrace the BYOD Revolution: Effectively Manage a Multi-Device, Multi-Generational Workforce


A major business transformation is brewing in the enterprise today. Mobile technologies, business velocity, geographically dispersed and multi-generational workforce are converging to deliver the promise of responsive organizations. Organizations that miss this paradigm shift will face dire consequences. How can you effectively manage this shift, ensure that it will be sustainable and reap the benefits of being a responsive organization? In this session, learn how to apply practical steps and effective techniques to manage your multi-device and multi-generational workforce.

MVP Panel: Sample Apps and Intelligent Solutions Showcasing Office Graph and Delve Extensibility

Preparing for a meeting, but not sure what documents are relevant? Writing a proposal and looking for similar documents to help you out? Interested in what your colleagues are working on to stay updated? With the new Office Graph, answers to those questions are within your reach. In this demo-packed session, we show you how the Office Graph works and how it can be used when building custom apps and enriching existing solutions and portals. All scenarios are backed up by real-life solutions that you could use in your organization.

Microsoft Ignite Conference: Day 2 Round-Up

Day 2 started off with a walk to the shuttle bus under the looming John Hancock building. Infrastructure into the Cloud, this pic worked out well as a deep ol’ metaphor 🙂 :
John Hancock

Here’s some of the most awesome SharePoint/Office 365 sessions from Day 2:

There are over 150 Day 2 sessions available for immediate viewing.

Source: Microsoft Ignite Day 2 Sessions On-Demand

Here’s my takeaways from the sessions I had scheduled:

Microsoft Office 365 Groups Overview and Roadmap

“It’s not an email, it’s a conversation.”
Dynamics CRM and Group’s integration.

Office 365 Groups helps you collaborate by easily bringing together your colleagues and the applications you need to get work done. Office 365 Groups leverages a standard definition for team membership and permissions across Microsoft Exchange, SharePoint, and later Skype for Business, Yammer and the rest of Office 365, managed through Microsoft Azure Active Directory. This session provides an overview of Office 365 Groups, demonstrates its capabilities today, and provides a roadmap for future investments.

Designing and Applying Information Architecture for Microsoft SharePoint and Office 365

Provide Clear Guidance
Make it Easy
Keep it Simple, Stupid
Define > Design > Implement > Govern

This session demonstrates a proven process for defining, designing, implementing, and governing your information architecture (IA). IA is more than just columns and metadata. Learn how the different components available in SharePoint and Microsoft Office 365 can be leveraged to their fullest potential and your users’ ultimate benefit to content organization and discovery.

Managing Change in an Office 365 Rapid Release World

Selective First Release! Roll out first release changes to selected users only. ’nuff said.

Before moving to Microsoft Office 365, your team planned each and every change or update before your users saw anything new or different. Now in a services-first world, changes are introduced at a rapid pace, sometimes before you or your help desk may be prepared. Office 365 provides communications to help you manage change, stay informed, and inform your users. Learn how to best use the Office 365 Message Center, Roadmap.office.com, and Success.office.com to get ahead of updates and help your business take advantage of the latest and greatest Office 365 has to offer.

Microsoft Office 365 Groups Deep Dive
Office 365 Groups helps you collaborate by easily bringing together your colleagues and the applications you need to get work done. Office 365 Groups leverages a standard definition for team membership and permissions across Microsoft Exchange, SharePoint, and later Skype for Business, Yammer, and the rest of Office 365, managed through Microsoft Azure Active Directory. This session follows the introduction session “Microsoft Office 365 Groups Overview and Roadmap,” and covers the following topics: architecture, administration, security and compliance, and extensibility.

All in all a great day- I was also lucky enough to be able to work at the Microsoft MVP Booth (in the “Microsoft on Microsoft” section of the Expo Hall). Very rewarding to answer questions about the MVP program and connect with people from around the world.

MS MVP Booth

MVPS

Symptoms of Pathological Science & Technical Problem Solving

Langmuir-sitting
Irving Langmuir had an interesting career in science. He made countless discoveries an inventions including the diffusion pump, atomic hydrogen welding, submarine detection devices and the gas-filled incandescent light bulb, and even coined the word “plasma”. What is really interesting for me, however, is that in 1953 he coined the term “pathological science“, describing research conducted with accordance to the scientific method, but tainted by unconscious bias or subjective effects. This is in contrast to pseudoscience, which has no pretense of following the scientific method. In his original speech, he presented ESP and flying saucers as examples of pathological science; since then, the label has been applied to polywater and cold fusion.

As a side-effect of all his right-on inventions and amazing science, he also excelled at keeping an eye open for scientists who had unconsciously broken with the scientific methodology. Langmuir described it as “These are cases where even when no dishonesty was involved, people were tricked into false results by a lack of understanding about what human beings can do to themselves in the way of being led astray by subjective effects, wishful thinking, or threshold interactions.”

He did a lecture in 1954  where he proposed a list of “symptoms of pathological science”:

1. The maximum effect that is observed is produced by a causative agent of barely detectable intensity, and the magnitude of the effect is substantially independent of the intensity of the cause.
2. The effect is of a magnitude that remains close to the limit of detectability; or, many measurements are necessary because of the very low statistical significance of the results.
3. Claims of great accuracy.
4. Fantastic theories contrary to experience.
5. Criticisms are met by ad hoc excuses thought up on the spur of the moment.
6. Ratio of supporters to critics rises up to somewhere near 50% and then falls gradually to oblivion.

Now what does this have to do with us techies? Coming into a typical SharePoint, IIS, ASP .NET or indeed any other technical issue with many actors and moving parts, I find that the notion of pathological science is really something to watch out for. There are a few key risky neighbourhoods around some of the harder IT issues when they involve parachuting in to a lot of unknowns.

A major contributor to pathological science in the IT realm these days is, in my opinion, the “Let me Google/Bing that for you” effect – As far as I can tell, the world did not go off it’s axis when Google went globally down for a period. Global internet traffic dipped a bit, some people might have been induced to try an alternate approach or go take a break.

Although it’s a bit cynical to paint search engines with a broad brush as they give so much information out freely, there are schools of  thought that propose search engines make people dumber. 🙂  At the least, people such as, let’s say, Irving Langmuir, managed to crank out stunning inventions without such aids.

In the Microsoft world there are generally enough technical documents, forums, blogs, snippets and personal experiences that one can rapidly use a search engine to zero in on “a” fix for a particular symptom, but the problem is that these channels need to be vetted to exclude all the following critical factors as complications:

– software versions
– software interdependencies
– personal opinions
– known bugs
– unknown bugs
– known unknown bugs
– hardware
– networking
– OS
– End user or external system interaction patterns
– .. and so forth.

When trying to isolate a cause for these types of issues, it’s important to stick to the patterns of these old school science greats. While things these days in the IT sector may be almost childlike in comparison to what these scientists dreamed up in their heads with no acronyms or decades of progress to back them up, the silo’s of logic that we have created around modern code mask huge underlying complexities. The problems we encounter daily normally are not so simple in that we have a square peg and are trying to fit it in a round hole- it’s that we have a bunch of pegs of various diameters, many of which will fit the pattern despite not being a true fit for the problem.

The cure for having many “so-so” answers to an issue and no definitive “right” answer is to fall back on experience, reason, and research and peer review.

Oh and what became of Irving Langmuir? Well, he went on in his latter career to pitch the concept of controlling weather via cloud seeding, so that humans could spawn rain clouds and such- with huge potential for agriculture and of course military uses. Unfortunately, he wanted to believe his weather spawning solution worked so much, he became an ironic victim of his own Pathological Science.

“Utilizing his own criteria for pathology, Langmuirʼs claims for cloud seeding qualified on several counts: they rested on observations close to the threshold of detectability, on apparently meaningful patterns generated in field trials; on the inability of critics to reproduce the experiments; on the intervention of the courts, legislature, and the press; and on overreliance on the credentials of a Nobel laureate rather than proof.”

In essence, despite knowing better, he pursued the result instead of getting a result from pursuit. I think this is something that all of us involved in IT can keep in mind in our daily problem solving.

SharePoint Maintenance Recommendations Document – On Sale Now

sharepoint-maintenance-recommendations-icon

Routine system maintenance is essential for the smooth operation of Microsoft SharePoint Products and Technologies. Routine system checks must be performed consistently, and the results need to be archived over a period of time to obtain the greatest benefit (trend analysis).

The routine checks come in the form of:

  • Daily Maintenance Tasks
  • Weekly Maintenance Tasks
  • Monthly Maintenance Tasks
  • Annual Maintenance Tasks

Maintenance-Recommendations1

This checklist provides information and guidelines for maintaining the databases that host Microsoft SharePoint 2010 & 2013 data and configurations. It describes and provides examples of tried & true, best practice system & database maintenance tasks that itgroove recommend when using SharePoint 2010 & SharePoint 2013. Composing checklists and procedures is time consuming, we’ve done it for you!

Buy now for the super discounted price of $20 on the itgroove store!

Claims Based Authentication in SharePoint 2013, SharePoint 2010 and SharePoint Online

What is SharePoint Claims Authentication?

The claims-based identity is an identity model in Microsoft SharePoint that includes features such as authentication across users of Windows-based systems and systems that are not Windows-based, multiple authentication types, stronger real-time authentication, a wider set of principal types, and delegation of user identity between applications.

Claims-based identity is based on the user obtaining a security token that is digitally signed by a commonly trusted identity provider and contains a set of claims. Each claim represents a specific item of data about the user such as his or her name, group memberships, and role on the network. Claims-based authentication is user authentication that utilizes claims-based identity technologies and infrastructure. Applications that support claims-based authentication obtain the security token from the user and use the information within the claims to determine access to resources. No separate query to a directory service like Active Directory is needed.

In a simple analogy:

You check in at the Airport (Authentication)
– present credentials (Passport)
– credentials are validated by security guard

You receive a boarding pass (Signed Claims)
– Seat, Frequent Flyer, Gate etc.

Think of a claim as a piece of identity information (for example, name, e-mail address, age, or membership in the Sales role). The more claims your application receives, the more you know about your user. These are called “claims” rather than “attributes,” as is commonly used in describing enterprise directories, because of the delivery method. In this model, your application does not look up user attributes in a directory. Instead, the user delivers claims to your application, and your application examines them. Each claim is made by an issuer, and you trust the claim only as much as you trust the issuer. For example, you trust a claim made by your company’s domain controller more than you trust a claim made by the user.

Claims-based authentication in Windows is built on Windows Identity Foundation (WIF), which was formerly known as the Security Token Service, or STS. Many areas of SharePoint still refer to the name STS so it’s important to understand that it and WIF are one in the same. The Security Token Service comes pre-baked into the standard SharePoint 2010 install:

The Security Token Service Application in Central Administration:

The Security Token Service Application in IIS:




WIF is a set of .NET Framework classes that is used to implement claims-based identity. Claims-based authentication relies on standards such as WS-Federation, WS-Trust, and protocols such as SAML.

Microsoft recommends Claims-based authentication as the preferred provider to use on fresh SharePoint 2010 installs. You can configure this on a per-Web Application basis in SharePoint via the following dialog in Central Admin > Web Applications > Manage Web Applications > Ribbon Bar – New

If you select Classic-Mode Authentication, you configure the Web application to use Windows authentication and the user accounts are treated by SharePoint Server 2010 as Active Directory Domain Services (AD DS) accounts.

If you select Claims-Based Authentication, SharePoint Server automatically changes all user accounts to claims identities, resulting in a claims token for each user. The claims token contains the claims pertaining to the user. Windows accounts are converted into Windows claims. Forms-based membership users are transformed into forms-based authentication claims. Claims that are included in SAML-based tokens can be used by SharePoint. Additionally, SharePoint developers and administrators can augment user tokens with additional claims. For example, Windows user accounts and forms-based accounts can be augmented with additional claims that are used by SharePoint Server 2010.

Claims Based Authentication (Tokens) Classic Mode Authentication
-Windows Authentication: NTLM/Kerberos, Basic-Forms-based Authentication (ASP.NET Membership provider and Role Manager)
-Trusted Identity Providers-Custom Sign-in page
-Windows Authentication (NTLM/Kerberos) only

*Both map authenticated users to the same SPUser object (security principles)

What does Claims look like/feel like?

The core process of Claims is illustrated as follows:

The core currency of Claims is the identity token.

 
EXAMPLE 1:

i:0#.w|contosojsmith
EXAMPLE 2:
i:0#.w|jsmith@contoso.com

i = Identity Claim all other claims will use “c” as opposed to “i”
: = Colon separator
0 = Reserved to support future Claims
#/? = Claim Type Encoded Value. The out of the box claim types will have a hardcoded encoded value, this will enable parity across farms.
E.g. Key: ? Value: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

           Key: # Value: http://schemas.microsoft.com/sharepoint/2009/08/claims/userlogonname

./0 = Claim Value Type. The out of the box claim value types will have a hardcoded encoded value, this will enable parity across farms.

            E.g. Key: . Value: urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name

            Key: 0 Value: http://www.w3.org/2001/XMLSchema#string

w/m/r/t/p/s = Original Issuer Type -> w = windows, m = membership, r = role, t = trusted STS, p = personal card, s= local sts claim

Why do I want to use Claims?

1. Decouples Authentication logic from Authorization and Personalization logic – this means speed and flexibility
2. Provides a common way for applications to acquire the identity information the need about users
3. Cloud-ready – lays the foundation to be able to Authenticate against Azure, Facebook, Google, Windows Live ID etc.
4. Federation – Partner networks, business to business, subsidiaries can all interact in the same sphere of authentication, cross machine and cross-farm
5. Supports existing identity infrastructure (Active Directory, LDAP, SQL, WebSSO etc.)
6. Standards-based and interoperable

Bonus Prize:
7. In SP 2010 we can have a single Web Application configured to use multiple authentication types which allows different auth types to be served from one URL:

Claims Gotchas

General issues for all Claims implementations
– Search crawler requires NTLM in the zone it uses
– Office Client Integration (2007 SP2+, 2010 are minimum requirements in order to maintain Client integration e.g. fluid editing of Word Document)
– SharePoint Designer does not support working with Claims Enabled Endpoints for Web Services

Migration issues when moving from Classic to Claims
– When upgrading from Classic to Claims, you will need to migrate users and Test & re-work customizations (Web parts, workflows etc.)
– After you move to Windows claims, you cannot go back to Windows classic. Ensure that you have good backups before you start and try your migration in a lab first before moving into production.
– Existing alerts may not fire, if this occurs the only workaround may be to delete and recreate the alerts
– Search crawl may not function, double-check the web application policies and ensure that the search crawl account shows the new converted account name. If it does not, you must manually create a new policy for the crawl account.

References

Configure Forms-based Authentication for a Claims-based Web Application
Configure the Security Token Service

SharePoint and Claims-based Identity

A Guide to Claims-based Identity and Access Control

SharePoint Server 2010 IT Professional Evaluation Guide

Plan Authentication Methods (SharePoint Server 2010) on TechNet

Claims-Based identity with Windows

Claims to Windows Token Service Overview (MSDN)
Claims Based Authentication in SharePoint 2010
Friends don’t Let Friends Use Claims Based Authentication

Co-Authoring in SP 2010

A useful collection of info regarding co-authoring in SP 2010:

“In today’s highly connected work environment, documents created by multiple authors, editors, and stakeholders are becoming the rule, instead of the exception. Organizations look to the communication and collaboration capabilities of Microsoft SharePoint Server 2010 to help them foster communication and collaboration between end-users while reducing administration required to support it. Microsoft Office 2010 continues this trend with co-authoring functionality for Microsoft PowerPoint 2010, Microsoft Word 2010, and Microsoft OneNote 2010 documents on SharePoint Server 2010.

Co-authoring removes barriers to server-based document collaboration and helps organizations to reduce the overhead associated with traditional document sharing through attachments. Co-authoring simplifies collaboration by enabling multiple users to work productively on the same document without intruding on one another’s work or locking one another out. This functionality requires no additional server setup and is the default state for documents stored in SharePoint Server 2010. Co-authoring functionality is managed by using the same tools and technologies that are already used to manage SharePoint, helping to minimize the impact on administrators.”

Nintex Upgrade / Install Failure – SecurityException

If you are upgrading or installing Nintex (and, as you will learn, pretty much any other .NET app/solution/web part/widget etc.) you may run into a fail whale in the form of the the error described on this post on the Nintex Forums

“Trying to upgrade my PRODUCTION server to the latest build of Nintex WF 1.11.1

At the end of the upgrade process I get a Windows Command prompt window with the following text:

Upgrading solution package…
System.Security.SecurityException: Access denied.
at Microsoft.SharePoint.Administration.SPSolutionLanguagePack.CheckPermissionJobScheduled()
at Microsoft.SharePoint.Administration.SPSolutionLanguagePack.UpgradeCabFile(String path)
at Microsoft.SharePoint.Administration.SPSolutionLanguagePack.Upgrade(Stringpath, DateTime dt)
at Microsoft.SharePoint.Administration.SPSolution.Upgrade(String path, DateTime dt)
at Nintex.Installer.WSSHelper.Program.DeployWSP(String[] args)
The Zone of the assembly that failed was:
MyComputer
Press any key to continue…

While the advice offered in that thread regarding using MSIEXEC works, it’s important that one understands the simple cause and effect for this issue : one needs to Right-Click on the file in Windows Explorer and “Unblock” it before attempting to execute it. This also is a simple remedy for preventing similar issues with lot’s of .NET related installables, .DLLs, solutions etc.

You simply need to “Unblock” the installable file to prevent this situation from occuring – it is common for UAC in Windows to block executable or compilable code downloaded from the Internet Zone. Unless you explicitly unblock it, this type of error will occur. Had the MSI or file/code/.DLL been copied/compiled/executed locally in Visual Studio/via the installer etc. , the newly generated .dll or unpacked program files would have been in the same Zone (the My Computer Zone) as the rest of the .Net assemblies for the web application. The problem would not occur.

You will often encounter warnings when downloading the files (note: these warnings are not exclusive to .MSI or .CHM installer file types but also can occur for .ZIP’s, .DLL’s and other formats):

The Nitty Gritty Details

This file / directory blocking is provided by default on:

Windows XP SP2 with IE 7
Later Windows, like Windows Vista, 7

And marking the file / directory as blocked / unblocked is implemented via alternative data stream feature, which is a feature of NTFS file system. The alternative data streams are just some data like key-value pairs attached on a file or folder.
In the above scenarios, since the file in this scenario was downloaded from an internet location, the file is marked by set such key-value pair:

key (data stream name): Zone.Identifier;
value (data stream content): [ZoneTransfer]
ZoneId=3

Here

1 = trusted;
2 = intranet;
3 = Internet;
4 = untrusted.

The above alternative data stream can be examined via command line:

more < MyCodeFile.zip:Zone.Identifier

That is how is MyCodeFile.zip file marked as blocked to enhance the security, and a “Unblock” button appears on the property dialog.
Actually any file / directory marked with this Zone.Identifier alternative data stream is considered from Internet and blocked by the Windows. A test.txt file can be created to test this:

echo test > test.txt

by checking its property, this test.txt is unblocked of course. Now inject the same Zone.Identifier alternative data stream into test.txt:

more < MyCodeFile.zip:Zone.Identifier > test.txt:Zone.Identifier

By clicking the “Unblock” button, the key-value pair is removed from the file, so the file is treated as unblocked by Windows.

If the files in the MyCodeFile.zip are extracted without unblocking the MyCodeFile.zip, those file will also have the same alternative data stream, indicating they are from Internet. So they are blocked, just like the above test file.

Resolution 1 – The Just get this damn app working approach

1. Roll back your code changes – this means uninstall any new .DLL’s, solutions, components that you may have added, or cancel out of the MSI install routine you were attempting.
2. Ensure that any new .DLL’s/code/files that are applied by the change are unblocked (right click on the file in Windows Explorer and click unblock). If you have one .ZIP file with a bunch of .DLL’s and other code inside it, it’s only necessary to unblock the root .ZIP file itself.
3. Re-apply code changes
4. If Application doesn’t come back to life give IIS a kick in the head with an IISRESET.exe

Resolution 2 – Change Workstation Config So Files Don’t Get Blocked Like this In Future

Several ways can be used to remove the Zone.Identifier data stream to unblock file / directory:

-Configure Windows to disable this feature (described below)

-Use command lines
-Use streams.exe provided in Sysinternals Suite (technique described here)
-Programmatically remove the data stream
-Registry Tweak to take ownership of a folder (technique described here)

Please review the following links that explain why this security exception is occurring
http://weblogs.asp.net/dixin/archive/2009/03/14/understanding-the-internet-file-blocking-and-unblocking.aspx
http://www.securityfocus.com/infocus/1822
http://en.wikipedia.org/wiki/Fork_(filesystem)
http://blogs.msdn.com/b/friis/archive/2010/06/09/system-security-securityexception-request-for-the-permission-of-type-system-web-aspnethostingpermission-failed.aspx
http://anotherlab.rajapet.net/2010/08/resolving-to-webpage-was-canceled-with.html

In completely unrelated news, it’s Yalla, the underwater cat:

Large collection of Free Microsoft eBooks for you, including: SharePoint, Visual Studio, Windows Phone, Windows 8, Office 365, Office 2010, SQL Server 2012, Azure, and more.

Eric Ligman has assembled a nice little collection of free Microsoft ebook downloads:





Moving to Microsoft Visual Studio 2010


image
Programming Windows 8 Apps




Programming Windows Phone 7


643352_win Phone.indd

Programming Windows Phone 7 (Special Excerpt 2)




Office 365 – Connect and Collaborate virtually anywhere, anytime


9780735693876f
Microsoft Office 2010 First Look




Security and Privacy for Microsoft Office 2010 Users


image

Getting started with
Microsoft Office 2010 – For IT Professionals


image

Planning guide for Microsoft Office 2010 – For IT professionals


image

Deployment guide for Microsoft Office 2010 – For IT professionals


image

Operations guide for Microsoft Office 2010 – For IT professionals


image

Technical reference for Microsoft Office 2010 – For IT professionals


clip_image001

Understanding Microsoft Virtualization R2 Solutions


image

Introducing Windows Server 2012


image

Introducing Microsoft SQL Server 2012


image

Introducing Microsoft SQL Server 2008 R2




Configure Kerberos Authentication for SharePoint 2010 Products




Business continuity management for SharePoint Server 2010




Deployment guide for SharePoint Server 2010




Get started with SharePoint Server 2010




Governance guide for Microsoft SharePoint Server 2010




Profile synchronization guide for SharePoint Server 2010




Remote BLOB storage for Microsoft SharePoint Server 2010




Technical reference for Microsoft SharePoint Server 2010





Upgrading to SharePoint Server 2010


image

Getting Started with SharePoint Server 2010


image

Planning guide for sites and solutions for Microsoft SharePoint Server 2010, Part 1


image

Planning guide for sites and solutions for Microsoft SharePoint Server 2010, Part 2


image

Planning guide for server farms and environments for Microsoft SharePoint Server 2010


image

Capacity planning for Microsoft SharePoint Server 2010




SQL Server 2012 Tutorials: Analysis Services – Tabular Modeling




Microsoft SQL Server AlwaysOn Solutions Guide for High Availability and Disaster Recovery




Transact-SQL Data Manipulation Language (DML) Reference




QuickStart: Learn DAX Basics in 30 Minutes




SQL Server 2012 Tutorials: Analysis Services – Data Mining




Microsoft SQL Server Analysis Services Multidimensional Performance and Operations Guide




Data Analysis Expressions (DAX) Reference




SQL Server 2012 Upgrade Technical Guide




Backup and Restore of SQL Server Databases




SQL Server 2012 Tutorials: Analysis Services – Multidimensional Modeling




Master Data Services Capacity Guidelines


In The Classroom - Digital Storytelling

Digital Storytelling


In The Classroom - Free Tools

Free Tools in the Classroom


In The Classroom - Movie Maker

Windows Live Movie Maker in the Classroom


In The Classroom - Windows 7

Windows 7 in the Classroom


In The Classroom - Web Apps

Microsoft Office Web Apps Teaching Guide


In The Classroom - Office

Microsoft Office in the Classroom


Critical Thinking - In The Classroom

Developing Critical Thinking through Web Research Skills


In The Classroom - Bing

Bing in the Classroom




Moving Applications to the Cloud, 2nd Edition




Windows Azure Prescriptive Guidance




Windows Azure Service Bus Reference




Intro to ASP.NET MVC 4 with Visual Studio (Beta)




Deploying an ASP.NET Web Application to a Hosting Provider using Visual Studio



Getting Started with ASP.NET 4.5 Web Forms (Beta)




Introducing ASP.NET Web Pages 2


image

Own Your Future


W7PUG Cover-free

Windows 7 Power Users Guide


eBook

Deploying Windows 7 Essential Guidance


image

Welcome to Windows 7


image
What You Can Do Before You Call Tech Support (Windows 7)