Do you have code that should be seen by only a subset of members of your on-premises team project collection? Do you use Team Foundation Build (TFBuild)? If so, you must create some custom groups to reduce the risk that unauthorized team project collection members can use a build process to bypass team project permissions.
For example, you administer the following team projects:
You want only the members of each team project to be able to read the code it contains, as shown above. However, by default, TFBuild controllers are collection-scoped resources, and so have permission to access all code in the collection. This means people who are not members of a team project could use a build process to obtain the code it contains.
For example, Johnnie is a member only of TfvcProjectA, but it is in the same team project collection as TfvcProjectB. So he could create a build process that delivers him the content from TfvcProjectB. Specifically, he can:
To prevent this kind of access, implement some custom groups and deny the Project Collection Build Service Accounts group all permissions. For example, you are running four build servers as NETWORK SERVICE:
The following diagram details the membership and permission settings:
Note: This guidance applies only to on-premises Team Foundation servers. We don't support this scenario for Visual Studio Online team projects.Create the collection-level groups
From the security page of team project collection, create the collection-level groups.
For each of your collection-level groups, grant the following permissions:
Add each build service account to one (and only one) of the collection-level groups.
Q: Where can I get the name of the build service account? A: See Deploy and configure a build server.
Modify the Project Collection Build Service Accounts group:
From the areas page of each of the team projects served by the collection-level group, grant work item permissions:
Set all the permissions of the Project Collection Build Service Accounts group to Deny.Grant build permissions
From the build page of each of the team projects served by the collection-level group, grant build permissions:
Set all the permissions of the Project Collection Build Service Accounts group to Deny.Grant version control permissions
Which kind of version control does your team project have?
From the version control page of each of the team projects served by the collection-level group, grant TFVC version control permissions:
Set all the permissions of the Project Collection Build Service Accounts group to Deny.Git version control
From the version control page of each of the team projects served by the collection-level group, grant Git version control permissions:
Set all the permissions of the Project Collection Build Service Accounts group to Deny.Create the project-level groups
From the security page of each of your team projects, create a project-level group:
For each project-level group, grant the following permissions:
Add the appropriate collection-level group to the project-level group:Q&A Q: Why must I deny permissions to members of the Project Collection Build Service Accounts group?
A: To mitigate the risk of unauthorized access to team project resources, you should set all permissions of this group to Deny. Even if you personally are careful not to add members to the group, this could happen:
I invite you to post:
Today we are happy to announce the alpha release of the .NET Portability Analyzer extension for Visual Studio. Please try it out. This add-in was created by our software developer intern Charles Lowell.
Over the last few years, consumers and enterprise employees are using more devices than before which run different operating systems like iOS, Android, Windows Phone, and Windows 8. As a result developing apps for different platforms is almost a requirement now. With the release of the .NET Portability Analyzer extension we are integrating the ability to reason about portability of your existing code into your development environment. This will allow you an easy way to understand how portable your code is and get recommendations to write your code so that your code just works across platforms.
In our previous post we introduced the command line .NET Portability Analyzer. However, we felt that the acquisition and discovery of the tool for developers would be aided if we were to integrate the experience into VS. Additionally the integration into Visual Studio allows us to pinpoint the source locations where incompatible APIs are found to be. You can download it here. There is a great Channel 9 video about the extension which you can watch below.
Once you have installed the extension you can use the Portability Analyzer in two waysAnalyze Assembly approach
This menu allows you to specify a set of libraries that you want to analyze and get a summary view of all the changes that would need to be made to make it compatible with a given platform.
The output of this analysis is a file that documents the overall compatibility of each assembly analyzed along with a detailed drill down into individual Types/Members that are missing and recommendations about how to fix them.Analyze Project approach
The project analysis adds a context menu to the project dialog, where you can request to analyze a given project for portability. The image below illustrates this experience.
When using this experience in addition to the report shown above, you will also get source level information about compatibility issue where available, which will be reported as a message in the error list of VS as shown below.
Using the API Portability Analyzer extension will enable you to get a quick overview of all the changes that you would need to make in order to be able to port your code to a given platform. Given the assembly level break-down it enables you to easily prioritize and cost either the easiest ports or the most high value ports depending on your business requirements. We are actively working on the recommendations to make them actionable and informative.Using the API Portability Analyzer
In case you don`t have VS or wanted to integrate this functionality into your build the API Portability Analyzer tool takes your existing app or library and provides a report which tells you how compatible you are with different platforms. Let’s take a quick look into how you could use the [API Portability Analyzer]((http://www.microsoft.com/en-us/download/details.aspx?id=42678). Download the tool from the site above and run the command as follows:
This command will analyze the Autfac libraries and give you a report Excel file, which summarizes the compatibility of the existing Autofac binaries against the different platform profiles.
We see that the assembly for Autofac is fully compatible with Silverlight and there are some missing dependencies for the Autofac.Configuration dll. If we wanted to drill into this further you can look at the details page in the excel sheet and see a view as follows.
The details page gives us information about the specific members that are missing from a type and recommendations around alternatives that can be used. We are actively working to fill out the recommendations for the missing APIs so that you have guidance around how you can move your code over to a given platform. You can use your inner Excel ninja to get different organizations around the work that needs to be done in order to move to a given platform. Remember pivot-tables are your friend.Helping make the .NET framework better.
The API Portability Analyzer submits anonymous data to Microsoft about the .NET APIs used by your app. This aggregate data provides input to us on popular and missing APIs along with understanding where our customers are currently trying to migrate code from. As we work on our next set of features and compatibility reviews, this would help us spend more time on enabling APIs that you love and use most frequently. For instance based on the data, we are now working on enabling TypeConverter and System.Web types on the ASP.NET vNext K stack. The information that we collect is the .NET APIs that your app is using, along with some other metadata like what framework version your assembly was built against and assembly references of your assembly.
The site gives you a visual sense of the data that we are collecting and we are looking at ways to add more value to this site. Your feedback around what features or data you would like to see here would be appreciated.
Using this tool enables you to quickly get a high level understanding of the work that needs to be done to port to a given platform. While it may appear that you would need to do work every time that you want to target a new platform, we on the .NET framework team are working to enable a vision of single .NET surface area. Our goal is to have parity across the APIs that we expose on our Modern framework stacks. The only reason for a missing API would be its lack of applicability to a given application model or platform.
The introduction of the Visual Studio extension makes it easy to reason about the migrating of code to a new platform. Depending on what your business requirements are you can easily prioritize and understand the costs of supporting a new platform. In addition this tool give us insights into the biggest pain points that you face when migrating your code. We would love to hear your feedback on how to make this tool better! Please let us know what you think by either leaving a comment on this post or reaching out to the team at NETAPIPort@Microsoft.com.
As part of our ongoing commitment to delivering a more secure browser, starting August 12th Internet Explorer will block out-of-date ActiveX controls. ActiveX controls are small apps that let Web sites provide content, like videos and games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious or compromised Web pages can target security flaws in outdated controls to collect information, install dangerous software, or by let someone else control your computer remotely.
For example, according to the latest Microsoft Security Intelligence Report, Java exploits represented 84.6% to 98.5% of exploit kit-related detections each month in 2013. These vulnerabilities may have been fixed in recent versions, but users may not know to upgrade. To help avoid this situation with ActiveX controls, an update to Internet Explorer on August 12, 2014 will introduce a new security feature, called out-of-date ActiveX control blocking.
Out-of-date ActiveX control blocking lets you:
We wanted to share some guidance ahead of next week’s update, to help you understand this feature and decide the best course of action. If you are an end user and see the notification bar, we suggest updating to the latest version. If you are an IT Pro, you can decide how to implement this feature.Supported Configurations
The out-of-date ActiveX control blocking feature works with:
This feature does not warn about or block ActiveX controls in the Local Intranet Zone or Trusted Sites Zone.What does the out-of-date ActiveX control blocking notification look like?
It is important to note that, by default, this feature warns users, with options to update the control or override the warning. When Internet Explorer blocks an outdated ActiveX control, you will see a notification bar similar to this, depending on your version of Internet Explorer:
Internet Explorer 9 through Internet Explorer 11
Internet Explorer 8
From the notification about the outdated ActiveX control, clicking “update” will take you to the control’s Web site to download its latest version. Optionally, in managed environments, IT can configure the feature to block—and not just warn—a user from running out-of-date ActiveX controls.
Out-of-date ActiveX control blocking also gives you a security warning that tells you if a Web page tries to launch specific outdated apps, outside of Internet Explorer:
How does Internet Explorer decide which ActiveX controls to block?
Internet Explorer uses a Microsoft-hosted file, versionlist.xml, to determine whether an ActiveX control should be stopped from loading. This file is updated with newly-discovered out-of-date ActiveX controls, which Internet Explorer automatically downloads to your local copy of the file. We are initially flagging older versions of Java, but over time will add other outdated ActiveX controls to the list.
As of August 12, 2014, this feature will provide users with notifications when Web pages try to load the following versions of Java ActiveX controls:
You can view Microsoft’s complete list of out-of-date ActiveX controls at Internet Explorer version list.Out-of-date ActiveX control blocking for managed environments
Out-of-date ActiveX control blocking is turned off in the Local Intranet Zone and Trusted Sites Zone, to help ensure that intranet Web sites and trusted line-of-business apps can continue to use ActiveX controls without disruption. Some customers may want more granular control over how this feature works on managed systems. IT Pros may want to turn on ActiveX control logging, enforce blocking, allow select domains to use out-of-date ActiveX controls, or—although it is not recommended—disable the feature altogether.
To support these scenarios, Internet Explorer includes four new Group Policy settings that you can use to manage out-of-date ActiveX control blocking.
Please see the complete technical documentation here, pending publication on August 7. Starting on August 12, you can also download updated Internet Explorer administrative templates from:
We know that many organizations still rely on the capabilities of ActiveX controls, but out-of-date ActiveX controls are a risk today. By helping consumers stay up-to-date—and enabling IT to better manage ActiveX controls, including those that are compatible with Enhanced Protected Mode—Microsoft is helping customers stay safer online. This is another example of delivering on the promise to help get users current with a safer, more secure Internet Explorer.
Save the date!
Mit dem Technical Summit 2014 von 11. bis 13. November in Berlin gibt es einen offiziellen Nachfolger der beiden erfolgreichen Konferenzen Visual Studio Evolution und TechNet Conference. Beim Technical Summit 2014 erwartet Euch eine geballte Ladung Information für Entwickler, IT Administratoren und alle Mischwesen, die die Branche so kennt – es sollte also wirklich für jeden was dabei sein!
Wer bereits auf der Visual Studio Evolution war, kann ungefähr erahnen, was auf ihn zukommen wird. Natürlich kommt noch der an Administratoren gerichtete Inhalt der TechNet Conference dazu – heutzutage sind die Grenzen ohnehin fließend! Ich freu mich drauf! Die Website ist seit ein paar Minuten online, die Agenda wird gerade zusammengestellt, eine Anmeldung wird in Kürze möglich sein. Insofern: Markiert Euch das Datum im Kalender, storniert Urlaubsplanungen und Firmenfeiern, fangt an die Reise zu planen – ich hoffe, wir sehen uns in Berlin!
Hier geht’s zum Technical Summit 2014: www.technical-summit.de !
Today we are going to look at an undocumented (as of 8/6/14) functionality related to the Mount-SPContentDatabase PowerShell command for SharePoint 2010/2013. If you are unfamiliar with this command, I suggest reviewing the TechNet documentation, which can be found here. I was doing some migration testing for a customer recently and had to mount some content databases. I opened PowerShell, typed the command, waiting a few minutes for the database to be mounted, and reviewed the PS output. What!?! No sites in the database? That couldn't be right.
At this point, I jumped over to SQL Server Management Studio. The database was there and it contained all the standard SharePoint tables. Problem was, these tables were empty. So what happened to my content? I checked the create date/time on the database and noticed that it was created a few minutes earlier. As it turned out, the database did not exist prior to my Mount-SPContentDatabase command execution. The Mount-SPContentDatabase command is supposed to attach existing databases to a SharePoint farm, so how did this database get created? Testing revealed that, if the specified database does not exist, the Mount-SPContentDatabase command will create a new database (tested in SharePoint 2010 and 2013). Creating a new database instead of notifying the user that the database name specified does not exist can lead to frustrating troubleshooting. So the next time that your migrated content does not appear as expected following the Mount-SPContentDatabase command execution, you might want to check the create date/time on the content database. Ya gotta love undocumented features.
If there’s a common theme among the people on my team, it’s their ability to overcome some of the thorniest technical challenges with what might be considered the most unorthodox of approaches.
Yaron Goland is a great example. Throughout a lengthy career at Microsoft (as well as a six-year hiatus outside the company), one of Yaron’s ambitions has been to create a Web experience built on a P2P model.
Now, as a software architect with the Microsoft Open Technologies Hub, Yaron is finally pursuing this vision through a project he calls Thali. While on-site a few months back for the Accela hackfest, Yaron sat down to talk about his vision for P2P web, as well as Thali’s role within the hackfest.
Building a P2P Web has, of course, been possible for quite some time. But it’s only within the last couple of years that advances in mobile technology have enabled greater flexibility and control.
There are a number of similar projects underway, but what sets Thali apart from the others is this: Rather than relying on the cloud as a repository for a user’s personal data, Thali anchors it to their personal devices and creates a mesh network that gives the user more control and access to that data from any one of their devices.
Of course, there are some challenges that come with P2P—things like security, discoverability and ensuring the federation of updates across devices. Yaron has been working hard to address these, alongside his colleagues at MS Open Tech, as well as with members of the open source community such as CouchBase and PouchDB,
CouchBase architect Wayne Carter especially appreciated the thoroughness and thoughtfulness that Yaron put into his feedback, and this exchange really sets the standard for how we work together moving forward.
We’re pretty excited about Thali’s potential but there’s still work to be done, and Yaron and his team would appreciate your help in bringing it to completion. Check out the Thali page on Codeplex for more details about the project and how to get involved.
Volcanoes are one of the most destructive forces of nature and always get a fair amount of attention from the general public and the scientific community.
Volcanic activity generates thousands of data points. Remy Tom, one of our semi-finalist of the Power BI Demo Contest leveraged hundreds of years of volcano eruptions and created some very cool visualizations. As you can see in these visualizations, eruptions happen way more often than people think. In fact, just the day before yesterday a volcano in Kagoshima erupted for the first time in 34 years.
You can explore this dashboard to find out some interesting facts such as:
You can watch Remy's video submission to the contest where he walks us through all the steps involved in building this model, including Excel's Power Query, Power Pivot, Power View and Power BI's impressive Q&A feature, which allowed him to ask questions in natural language and get visualized volcano answers on the fly.
You can find the latest flight plan snapshot at aka.ms/vsarFlightPlan
Are you aware of a success story in which the Visual Studio ALM Rangers and/or their solutions have accelerated the adoption of Visual Studio, unblocked an engagement and/or resulted in a happy user? See Tell us about your success stories for details.review our (your) solutions!
When you download one or more of our solutions please invest a few seconds to rate and optionally review the solution on CodePlex or the Visual Studio Gallery. We need your candid feedback and support in terms of ratings!
• ALM Rangers
This is an excerpt from this great TechNet Wiki article:
A comment in Small Basic starts with an apostrophe ' and is highlighted in green. Anything after it is ignored to the end of the line.'Calculate distance between objects distance = Math.SquareRoot((x-a)*(x-a) + (y-b)*(y-b)) '(x,y) is the player
Comments are not just for others reading your code, they help remind you later why you did something. More importantly they show the thinking behind the code and the ideas about how the program should work.
Try to add comments that explain something complex or why you did something one way or another. They should remind you and help someone else understand the overall thinking you had when you wrote the program.
The 'more comments the better' is not good, the following comment adds nothing.x = x+5 'Add 5 to x
Sometimes comments can be used to visually separate sections of your code like the start of subroutines.'=================================================== 'SUBROUTINES '===================================================
Read more great tips in this TechNet Wiki article:
Special thanks to LitDev for helping guide our community!
- Ninja Ed