Monday, 11 May 2015

Hide Recent & Updated Pages in a SharePoint 2013 Wiki

If you have implemented a SharePoint 2013 wiki page library for your company, you might agree with me that the recent and updated pages links are an unnecessary distraction to your users.  Just because a page has been updated, that doesn't suddenly make it more important than any other content in the site.  The problem is that Microsoft doesn't give us a supported way to remove these links.

So, we add a small piece of code.  I like to have big bold commenting on anything I add so that I can easily spot it later on.

<!-- REMOVE THE LEFT HAND NAVIGATION PANEL -->
< style type="text/css">
#sideNavBox { display:none; }
< /style>

You can either add it to a Script Editor web part on each page, or install SharePoint Designer 2013 on your PC and add it to the master page.

Thursday, 24 July 2014

Gertrude Street Projection Festival

I've been experimenting with long exposures on my new Fujifilm XE-2, which is awesome, so here are a few pics from the various installations at the projection festival.






More info on the festival here: www.gspf.com.au

Thursday, 31 May 2012

How to set up WordPress on Amazon EC2

First of all, you need to get yourself an Amazon Web Services account. You need to attach a credit card to the account but they won't charge you until you use something. If you choose to create a 'Micro' instance, which I'll cover in just a moment, you may indeed be able to host your website or blog for a whole year for free!

OK... so now you've got your account set up, lets get started...

1. Create your Instance (Virtual Server)

Open up your AWS Management Console and on the EC2 tab, we need to create an Instance. Select the region you'd like to host your website, and then select 'Launch Instance'.

Go with the 'Classic Wizard', and then you can get straight on choosing your preferred OS. I chose Amazon Linux (64-bit) for my server, which I assume is going to be more closely married to the EC2 service as a whole.

Once selected, your next option is to choose the Instance type you require. This is basically how much grunt you're going to need. For a small blog site or if you are just testing stuff out, you should be OK with a Micro instance, but for anything else you'll need to choose something more powerful.

All the remaining instance details can be left default, and you can add descriptive tags if you like. Next you need to create a key pair; this essentially works like a password to access your server. Just give it a name and click 'Create and Download your Key Pair', saving it in a safe place.

The final step is to create a security group, which is a set of firewall port rules. Name the group 'WordPress', add a description (I just repeated 'WordPress'), and then add the following Inbound rules:

HTTP (0.0.0.0/0)
SSH (0.0.0.0/0)
Custom Rule, Port Range 20-21 (0.0.0.0/0)
Custom Rule, Port Range 14000-14050 (0.0.0.0/0)

Those rules deal with access for web traffic, terminal access and FTP. Finish up the wizard and in just a few moments you will see your server up and running under 'Instances'

2. Connect to your Instance

In the AWS Console select the running instance and, under 'Instance Actions', click 'Connect'. A Java based SSH client will open up and, once you've provided the path to the key file you saved earlier, you'll have a linux shell ready and we can get on with configuring the server.

First, lets install all the available updates. Type:
sudo yum update

A lot of the commands in this article also require root access, so each time I connect to the instance I'll just run one command to elevate my permissions. Otherwise I would need to prefix everything with 'sudo'.

Type:
sudo su

3. Install Apache Web Server

To install apache, type:
yum install httpd

Start the service:
service httpd start

Set the service to start automatically:
chkconfig httpd on

4. Install PHP

To install PHP, Type:
yum install php php-mysql

Restart apache:
service httpd restart

5. Install MySQL

To install MySQL, type:
yum install mysql-server

Start MySQL:
service mysqld start

Set the service to start automatically:
chkconfig mysqld on

Create your wordpress database:
mysqladmin -uroot create wordpress

Secure your database:
mysql_secure_installation

Answer the wizard questions as follows:
Enter current password for root:  Press return for none
Change Root Password:  Y
New Password:  Set a strong password and make sure you document it!
Remove anonymous user:  Y
Disallow root login remotely:  Y
Remove test database and access to it:  Y
Reload privilege tables now:  Y

6. Install WordPress

Most of the articles I found covering this suggested installing WordPress in a directory called 'blog' or 'site' or something similar within /var/www/html, however in this case I am going to install it directly into the root folder as I do not like having those extra bits in my website URL.

Change directory:
cd /var/www

Download WordPress:
wget http://wordpress.org/latest.tar.gz

Extract WordPress:
tar -xzvf latest.tar.gz

Move WordPress into the html folder:
rmdir html
mv wordpress html

Clean up:
rm latest.tar.gz

Create and edit the config file:
cd html
mv wp-config-sample.php wp-config.php
vi wp-config.php

That last command will open the config file for view. You can scroll up and down with the cursor keys and if you press i on your keyboard it will go into edit mode. You need to edit the following lines:

define(‘DB_NAME’, ‘wordpress’);
define(‘DB_USER’, ‘root’);
define(‘DB_PASSWORD’, ‘YOUR_PASSWORD’);
define(‘DB_HOST’, ‘localhost’);

When you are finished editing, you press Esc on your keyboard, and then type :wq and press enter to save the file and quit vi.

7. Assign an Elastic IP Address

One mistake I made in my early attempts was to rush on with configuring WordPress before I had assigned an Elastic IP address to the server in the AWS console. If you don't assign an Elastic IP, when you restart the server, its public DNS will change and your WordPress configuration will be broken. It's easy to fix, but can be avoided, so lets assign an Elastic IP so that we have a permanent address to work with:

In the AWS console, choose Elastic IPs and then 'Allocate New Address'. Once allocated, associate it with the server instance.

8. Configure WordPress

We are now ready to configure WordPress, so just put http://xxx.xxx.xxx.xxx (replacing with your Elastic IP address of course) into your web browser and that will trigger the WordPress configuration process:



It's simple, just give your website a name and set up an admin password and your site is ready!

9. Install an FTP Server

If you want to be able to easily update the files in your WordPress installation, then you'll need an FTP server.

Back in the SSH terminal, install the FTP server by typing:
yum install vsftpd

Edit the config file at /etc/vsftpd/vsftpd.conf
cd /etc/vsftpd
vi vsftpd.conf

That last command will open the config file for view. You can scroll up and down with the cursor keys and if you press i on your keyboard it will go into edit mode. You need to edit the following lines:

Disable anonymous access:
anonymous_enable=NO

These next 6 lines will need to be added to the config file.
Configure the FTP server for passive connections:
pasv_enable=YES
pasv_min_port=14000
pasv_max_port=14050
port_enable=YES

Configure the FTP Server to send your Elastic IP address to clients for passive connections:
pasv_address=xxx.xxx.xxx.xxx (Replace with your Elastic IP)
pasv_addr_resolve=NO

When you are finished editing, you press Esc on your keyboard, and then type :wq and press enter to save the file and quit vi.

Start the FTP service:
service vsftpd start

Set the service to start automatically:
chkconfig vsftpd on

10. Configure an FTP User

Add an FTP user, giving access only to the WordPress files and for additional security ensuring the user can not open a shell:
useradd ftpuser -d /var/www/html -s /sbin/nologin

Set the password for ftpuser:
passwd ftpuser

Set a strong password and make sure you document it!

To stop WordPress continually asking for your FTP login details every time you update a plugin or theme, edit the config file:
cd /var/www/html
vi wp-config.php

That last command will open the config file for view. You can scroll up and down with the cursor keys and if you press i on your keyboard it will go into edit mode. You need to add the following lines after the MySQL database settings:

/** FTP Settings */
define("FTP_HOST", "YOUR_ELASTIC_IP");
define("FTP_USER", "ftpuser");
define("FTP_PASS", "YOUR_PASSWORD");

When you are finished editing, you press Esc on your keyboard, and then type :wq and press enter to save the file and quit vi.

11. Set Permissions on WordPress Files and Folders

To change the permissions on WordPress files and folders to recommended values, type:
find /var/www/html/ -type d -exec chmod 755 {} \;
find /var/www/html/ -type f -exec chmod 644 {} \;

Change the ownership of the files to 'ftpuser'. Because PHP runs in the identity of the file owner, this will ensure that WordPress can modify files as needed as well maintaining our own access and ensuring read-only access for everyone else:
chown -R ftpuser /var/www/html

12. Back Up Your Instance

As always, we should take regular backups, and so with the initial build and configuration all complete, lets take an image of the server so that if something goes wrong in the future, we never have to go through this process again!

In the AWS console, select your server and then under Instance Actions, choose 'Stop'. Once the server has shut down, again under Instance Actions, choose 'Create Image':

Fill in the details, and then press 'Yes, Create'. Once complete, this will be available in the console under Images and Snapshots and you can use it to either roll back or create a new server.

When you start your instance up again, you might have to re-associate the Elastic IP, otherwise that's it...

All done!

Monday, 11 October 2010

How to deploy iTunes with Group Policy

I needed to deploy iTunes across a network and lock down some of the settings, and it turned out to be a little more complicated than a bunch of command line switches. It's not difficult, but there is little official documentation available so having completed the task here is a detailed methodology for anyone out there needing to do the same thing:

A. Preparation

1. First you are going to need Orca, which is included in the Windows Installer SDK. It's not installed by default, but once the SDK is installed you should be able to find orca.msi and install it. If you can't be bothered to go through all of that, I've uploaded a copy here.

2. Download the latest version of iTunes and save the installer into a folder that is accessible (read only) by all. I have a shared folder for all my group policy deployments so I'll just put it in there, in a \Apple\iTunes\Version sub-folder.

3. Extract the iTunes installer files using WinRAR and then delete the downloaded file, SetupAdmin.exe and AppleSoftwareUpdate.msi. The remaining five .msi files are required.

B. Transform the Installers

AppleApplicationSupport.msi does not require any modification, so I'll just move on to the other four files:

QuickTime.msi

4. Start Orca and open QuickTime.msi. Go to View -> Summary Information and remove all languages except for 1033. Click OK and then save over the original.

5. Go to Transform -> New Transform, and then make the following modifications:

- LaunchCondition -> NOT BNEWERPRODUCTISINSTALLED: Right click and drop this row.
- Property -> SCHEDULE_ASUW: Set the value to 0 (zero).
- Registry: Find the item that has QTTask.exe in the Component column and drop that row.
- Shortcut: Drop rows for QuickTimePlayer_Desktop, QuickTimeUninstaller, and QuickTimeReadMe.

6. Generate the transform (.mst file), Transform -> Generate Transform, and save it as QuickTime.mst.

iTunes.msi

9. In Orca, open the iTunes.msi file, Go to View > Summary Information and remove all languages except for 1033. Click OK and then save over the original.

10. Go to Transform -> New Transform, and then make the following modifications:

- Component -> iTunesDesktopShortcuts: set the Condition so that it reads DESKTOP_SHORTCUTS="0" (zero).
- CustomAction -> QuickTimeInstallFailed: Drop this row.
- Property -> IAcceptLicense: Set the value to Yes.
- Property -> SCHEDULE_ASUW: 0 (zero).
- Shortcut: Drop the AboutiTunes row.

11. Generate the transform (.mst file), Transform -> Generate Transform, and save it as iTunes.mst.

Bonjour.msi

12. In Orca, open the Bonjour.msi file, Go to View -> Summary Information and remove all languages except for 1033. Click OK and then save over the original.

13. Go to Transform -> New Transform, and then make the following modifications:

- Property -> IAcceptLicense: Set Value to Yes.
- LaunchCondition -> NOT BNEWERPRODUCTISINSTALLED: Drop this row.
- Shortcut -> Drop all rows.

14. Generate the transform (.mst file), Transform -> Generate Transform, and save it as Bonjour.mst.

AppleMobileDeviceSupport.msi

15. In Orca, open the AppleMobileDeviceSupport.msi file, Go to View -> Summary Information and remove all languages except for 1033. Click OK and then save over the original.

16. Go to Transform -> New Transform, and then make the following modifications:

- Property -> IAcceptLicense: Set Value to Yes.
- LaunchCondition -> NOT BNEWERPRODUCTISINSTALLED: Drop this row.

17. Generate the transform (.mst file), Transform -> Generate Transform, and save it as AppleMobileDeviceSupport.mst.

18. Close Orca.

C. Deploy by Group Policy 

Using the Group Policy Management tool, create a new Group Policy Object (GPO) and link it to the Organisational Unit that contains the target computers. In my case I only want iTunes to go to certain machines so I also filter the object by a security group of computers. You probably already have a structure for group policy deployment and I'm not going to cover that stuff here anyway, so I'll get straight to adding each installer to the GPO.

19. Edit the Group Policy Object and expand Computer Configuration -> Policies -> Software Settings -> Software Installation.

20. Right click and select New -> Package. Browse to your deployment share and select AppleApplicationSupport.msi. Leave 'assigned' selected as the deployment method and click OK to add it to the object.

21. Add another package but this time select QuickTime.msi. Select Advanced as the deployment method and click OK. After a few moments the Quicktime Properties panel will open. Go to the Modifications tab and select Add. Pick your QuickTime.mst file and press OK to finish.

22. Repeat step 21 for iTunes.msi, Bonjour.msi and AppleMobileDeviceSupport.msi, being sure to add the correct transform file for each package.

23. Reopen the iTunes package you created, and on the Deployment tab you can tick 'Uninstall this application when it falls out of scope of management'. This is just so that iTunes can easily be removed if necessary.

D. Lock Down Settings & Features

Apple provides a mechanism for locking down various parts of the software, including automatically checking for updates, parental controls and a few other things. This is all managed through a single registry key.

I prefer to use Group Policy Preferences for this sort thing so I have created a single registry entry in the same GPO that I am using to deploy the software. The correct location for this entry in the GPO is under Computer Configuration -> Preferences -> Windows Settings -> Registry.

24. You can add the registry key however you like, but if you are using Group Policy Preferences then create a New Registry Item and fill in the properties box with the following values:

- Hive: HKEY_LOCAL_MACHINE
- Key Path: SOFTWARE\Apple Computer, Inc.\iTunes\Parental Controls\Default
- Value name: AdminFlags (do not tick Default)
- Value type: REG_DWORD
- Value data: Please see the next step to work out your particular value.
- Base: Decimal

Note. For a 64bit installation the key path needs to be: SOFTWARE\Wow6432Node\Apple Computer, Inc.\iTunes\Parental Controls\Default

25. The last thing we need to do is figure out that crucial registry key value. The table below shows all the options that are available to you. All you have to do is add together all the values for the ones you want and apply the total value:

ItemValue
kParentalFlags_Locked1
kParentalFlags_DisablePodcasts2
kParentalFlags_DisableMusicStore4
kParentalFlags_DisableSharing8
kParentalFlags_DisableExplicitContent16
kParentalFlags_DisableRadio32
kParentalFlags_RestrictMovieContent64
kParentalFlags_RestrictTVShowContent128
kParentalFlags_DisableCheckForUpdates256
kParentalFlags_RestrictGames512
kParentalFlags_DisableMiniStore1024
kParentalFlags_DisableAutomaticDeviceSync2048
kParentalFlags_DisableGetAlbumArtwork4096
kParentalFlags_DisablePlugins8192
kParentalFlags_DisableOpenStream16384
kParentalFlags_DisableAppleTV32768
kParentalFlags_DisableDeviceRegistration65536
kParentalFlags_DisableDiagnostics131072
kParentalFlags_AllowITunesUAccess262144
kParentalFlags_RequireEncryptedBackups524288
kParentalFlags_DisableHomeSharing1048576
kParentalFlags_DisableCheckForAppUpdates2097152
kParentalFlags_DisableCheckForDeviceUpdates4194304
kParentalFlags_DisablePing8388608
kParentalFlags_DisableFirstRunWelcomeWindow16777216

I have including only the following controls:

- kParentalFlags_Locked: You must include this or users will be able to override your settings.
- kParentalFlags_DisableSharing
- kParentalFlags_DisableExplicitContent
- kParentalFlags_DisableHomeSharing
- kParentalFlags_DisableCheckForAppUpdates
- kParentalFlags_DisablePing
- kParentalFlags_DisableFirstRunWelcomeWindow

The value for my registry key is therefore 1 + 8 +16 + 1048576 + 2097152 + 8388608 + 16777216 = 28311577. The value you end up with will depend on your specific requirements.

All done!

Saturday, 23 June 2007

Life in Melbourne: Food, Parties & The Dalai Lama!

We've been in Melbourne for over a month now and we've been going out a lot! We've been partying hard down here and have a got a pretty good grasp of the city, where all the cool stuff is, where's good to eat and drink, and what the night life is like. Coburg ColoursWe're staying in Coburg, in the north of Melbourne, and the main road down to the city is peppered with cool bars and restaurants, notably one called 'Lentils as Anything' where you eat whatever you want and pay whatever you think it was worth - it's a great concept and the food is fantastic! There's tons of other good food around here: Lebanese, Italian, Afghan, Nepalese, Turkish, Indian, Greek, Thai, Chinese, Vietnamese... The list goes on and on and it's all right on our doorstep - now that can only be a good thing! I have yet to find a Burmese restaurant - its supposed to be a wonderful fusion of Indian and Oriental cooking :) If you know a good one... stick a comment on this blog!

On the night life side of things, we've been having a ball! We've been to illegal warehouse parties and legit club nights alike, we also went to see DJ Shadow play at The Forum which, aside from a rash of technical problems and London priced tickets, was pretty cool. He's definitely a very talented guy and it was great to see some live stuff once again. Check out the video I shot - it's hardly audiophile sound quality, my little camera simply not up the bass, but you get the general idea and if you know DJ Shadow you'll recognise the classic track!


Watch all my videos on Vimeo

We also went to see the Dalai Lama talk at a free event in a football stadium. 'His Holiness' was definitely a very chilled out guy and despite some fairly heavy topics he doesn't seem to take things too seriously, laughing and joking about quite a bit and the way he spoke and chuckled reminded me a lot of Yoda! It was a really interesting afternoon, and it feels quite special to have had the opportunity to see the Dalai Lama at all.

Overall, I like Melbourne a lot and we've both settled in pretty well. I don't much like the federal government out here: Their policies regarding immigration and indigenous people are blatantly discriminatory and even downright racist - they're a bunch of bloody Nazis. It's very disappointing to see that people will actually vote for such policies, in much the same way as it was disappointing to see Bush get a second term. I can only hope they get the boot in the coming elections.

Over the past few weeks I've been busy uploading loads more photos from our travels so far to my album on Zooomr, so if you haven't already had a look, then please do! They're not all great photos, but they tell a story.


View all my photos on Zooomr

Well, it doesn't feel much like 'travelling' any more, job hunting is taking up most of my time so I probably won't blog again for a little while. I will try to keep the photos and videos coming though, and please stay in touch.

Steve x