PowerShell Introduction to Administering SharePoint On-Premises & O365

Presented at the Research Triangle PowerShell Users Group, Durham NC, September 17, 2014

As the role of the SharePoint Administrator continues to evolve, as have the tools. PowerShell has become an integral component of the SharePoint Administrator’s tool bag, whether administering SharePoint On-Premises, or as an Office 365 solution. In this session, we’ll look at day-to-day use cases of PowerShell as the primary tool for SharePoint administration, as well as the differences and restrictions between PowerShell for SharePoint On-Premise and O365.

Anatomy of an Intranet (SPSATL 2014)

While many people see the intranet as a pretty (hopefully) homepage, in reality the modern enterprise intranet is a complex animal of many moving parts. Structuring of the information within the intranet, how that information is presented to the user, how the user interacts with it, how the organization manages it, and the physical branding that sits on top of all of it are all critical conversations to have if an intranet is going to be effective. In this session we’ll explore the building blocks of a successful intranet and discuss common intranet pitfalls to avoid on your next intranet roll-out.

Securing Your Online Identity

The recent heartbleed fiasco has really underscored the importance of smart online identity security. Here’s a couple quick tips to help make sure you’ve reduced the risk of heartbleed as well as future identity security.

Change Your Passwords Often

Many businesses require you to change your work password every 60-90 days, and while we complain about it every time it comes around, we all comply (we have to). But at home, many of us (myself included) use the same password for years. The first big step to protecting yourself from a compromised online identity is to make sure you change those passwords frequently.

Be Smart About Your Passwords

Technical people like to tell you to use “secure” or “strong” passwords, but really what we mean is that your password should be complicated. Something like “P@ssw0rd!” is much more complex than “Password”. That said, the best password is randomly generated. Now you may be saying, “Great. Random passwords are secure but completely unusable.” If you’re on your phone logging into a service and you have to type in “~!sdflkjw932kjs*” that’s certainly not very convenient.

Convenience is relative though, isn’t it? What’s less convenient—taking a few extra seconds to get a password, or cleaning up the damage from a compromised online banking password? And let’s be honest with ourselves—that Facebook service that’s now in the background of absolutely everything, can do some real damage if your password gets compromised. I’d argue that you should protect Facebook to the same levels you protect your banking passwords—especially now that you can “Login with Facebook” on so many other sites and services.

Managing Passwords

Get yourself a tool like KeePass. Not only is it super simple to use, but it’ll generate random passwords for you, it’ll automatically type them into the browser for you, and there’s versions available for every phone platform too. The other cool thing about KeePass is that it encrypts the password database it uses, so you can store that KeePass file just about anywhere. Don’t rely on it just being on one computer—what if that computer crashes or your house catches fire? Consider backing up a copy of your KeePass file to OneDrive, Amazon AWS, or another cloud backup provider.

You also need to be smart about your password selection. Many less-techy folks simply alternate between a list of standard passwords that they use over and over. How many of you go to work with “Password1”, then when IT tells you to change your password you make it “Password2”. Don’t do that! Patterns like that make your passwords far more easily cracked.

Using Two Factor Authentication

Most of your critical services (banking, Facebook, etc.) support Two Factor Authentication, and if you're not using it you're just plain crazy. I'd go as far as to say anytime you have a chance to use Two Factor Authentication, you should be. This process essentially forces an extra step of validation when you try to log in. There's two main flavors: sending a text message with a verification code, and using an app on your phone to enter a randomly generated code. The first is pretty straight forward. If you're logging into Facebook as an example, you'll enter your username and password, then Facebook will prompt you to enter a unique code that they send to you via a text message. This process basically eliminates the risk of someone getting into your account if they only have your password. The latter process, using an app on your phone to generate that random number, is gaining popularity since it doesn't require you to consume text messages or wait for the delivery of that message. You will install an application on your phone  that will be synced with the service, much like those little RSA security tokens we used to carry around to VPN to the office. Most services support one or the other, not both, just look for a menu or an option to enable Two Factor Authentication and follow the steps they give you. Next to smart password management, this is the next best way to protect yourself. If a service offers it, you should be using it.

Protect Yourself

Look for browser security assurance everywhere you go. This tells you that the site is secure and protected by an SSL security infrastructure. Now, the unique thing about Heartbleed is that it in essence compromises the entire SSL infrastructure, but we won’t go into those details. Back in the day (I say that like it was more than a few years ago), you were told to look for a “padlock” or a “key” in the browser to indicate the website you’re on is secure. Modern browsers take it a step further and in some cases turn the entire address bar green. I’d go out on a limb and say you should never, ever, put any banking or credit card information into a website that doesn’t have a green address bar.

Next Steps

Go download KeePass for your computer and your phone, and familiarize yourself with it.

Change your passwords ASAP—especially if any of your websites are on the list of affected Heartbleed sites.

Discipline yourself to actually change your password frequently.

Remember that while Heartbleed has brought visibility to this, this isn't a one time thing where you just fix the current threat. As everything moves to the cloud and becomes reliant services like Facebook, Google, Microsoft, etc. you need a strong identity management strategy.

SharePoint Branding Best Bets (ATLSPUG January 2014)

Diving into the world of SharePoint branding can be a real headache. What is the best practice for deploying my branding? How do I select a design firm? What is the impact of mobile devices and how do I ensure cross-browser compatibility? What are the new branding tools available in SharePoint 2013? These are all common questions that must be answered during the course of branding efforts. In this session we’ll look at the various aspects of SharePoint branding, and common pitfalls to look out for during your next branding project.

SharePoint 2013 Suite Bar HTML

I recently started looking to replace the default "SharePoint" text on the top of the SharePoint 2013 Suite Bar. What I expected would be a masterpage change actually turned out to be much more simple; enter the big hammer (PowerShell). If you dig through the changes to the SharePoint 2013 Object Model, you'll find an SPWebApplication property called SuiteBarBrandingElementHtml, that does just what it implies... stores the HTML that gets put in the Suite Bar.

We can use some simple PowerShell to grab the SPWebApplication object, set that value to be whatever we want, and update the object; No masterpage or branding/UX changes required.

$webApp = Get-SPWebApplication http://path/to/webapp
$webApp.SuiteBarBrandingElementHtml = "Company Name"

Coincidentally, after I figured this out and searched to see if it had been blogged before, I found this post. Shout out to Mat for documenting it first... that'll teach me to search first.