Monday, 7 June 2010

Some minor SharePoint irritations solved

From Ciaran Kenny @CiaranJKenny

I’ve used SharePoint on and off for clients since it first appeared about 10 years ago but I have only really got into it myself recently as we have started to use it as the core repository for our client project documentation.

We’ve been using it in the office and at home and the degree of control over document development pretty much leaves everything else standing. We have been using SharePoint via the SBS 2K8 Remote web Workplace. It’s very nice but two things have been really irritating me about it when using it from home: 1) the constant password prompts (come on you know who I am by now) and 2) that supremely irritating security warning message

Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage."

Though this warning message doesn’t quite compare to the brilliant error message pre SBS 2K8 Update Rollup 4 “This computer doesn’t meet the maximum operating system requirements … it is out of the same mould in that you have to really think before you respond. The response options are ‘Yes’ and ‘No’ – if you actually want to see the web page that prompted the warning then the correct response to ‘No’.

Anyway, the logic behind the warning is sound enough. It means that the page that is about to be displayed with an HTTPS address also contains some material from a location which is delivering its content without the protection of HTTPS.

In the case of SharePoint this is probably going to be some graphics on the page or something similar. Since Internet Explorer 8 the default setting has been to keep you safe by warning about stuff like this. Assuming you are happy to ignore best practice in order to avoid irritating messages here’s what you need to do:

To stop the warning from appearing go to:
Tools --> Internet Options --> Security
With the Internet zone highlighted click on Custom Level, scroll down to the Miscellaneous section and for the 'Display mixed content' option change from the default selection of 'Prompt' to 'Enable'
Click OK, accept the security warning and Click OK again - then restart the browser.
NB – this advice is offered with the clear caveat that strictly speaking you are introducing a security risk.
As an alternative you may prefer to click the 'Disable' option above. This will eliminate the problem with SharePoint and does not have any negative impact on the functionality of the site. However, some other HTTPS sites may not display or function correctly.
It should also be possible to achieve the same effect by adding the SharePoint site to the Trusted and/or Intranet zones and enabling the setting only for those zones. However, this option didn't work on testing.
This leaves the problem of the constant password prompts. To stop these all you have to do is add your SharePoint site (or Remote Web Workplace site) to the Intranet zone uner IE Tools --> Internet Options --> Security.

Any feedback on the security implications of either or both of the above changes (especially when taken together) would be very gratefully received. I can’t see a realistic problem but would be happy to told otherwise.

No comments:

Post a Comment