Archive for January 18, 2013

Securing Large Data Models in Master Data Services 2012

I ran into this issue today when experimenting with the security capabilities in SQL Server 2012 Master Data Services.  I am working with a very large Product data model for a Manufacturing client.  The core entity has 391 attributes at this point in time.  I was attempting to understand how I can secure this entity such that users responsible for mass updating a set of attributes can refine their view only to  those attributes.

In the prior version of MDS (SQL Server 2008 R2), Attribute Groups were the solution to this problem. In 2012, it would seem that Attribute Groups are not secured in the same way. But that is a topic for another time.

When I attempted to set a Deny permission on a single attribute in the model, I received a generic error in the Web Application interface: An Unknown Error has occurred. When I turned on the Trace in web.config (located under C:\Program Files\SQL Server\110\Master Data Services\WebApplication), saw the following error:

MDS Error: 0 : LogError : Operation is not valid due to the current state of the object.
    DateTime=2013-01-18T16:46:19.5107689Z

StackOverflow to the rescue!  This error is apparently a common one in ASP.NET web applications where large collections are being serialized.  By adding an appSettings key to the web.config, I was able to increase the limit of collection keys/members:

<appSettings> <add key=”aspnet:MaxHttpCollectionKeys” value=”2001″ /> </appSettings>

http://stackoverflow.com/questions/8832470/operation-is-not-valid-due-to-the-current-state-of-the-object-error-during-pos

And that solved the problem!

Deploying Software with Windows Intune

New trends in IT are emerging with the biggest being the move for businesses to cloud services. One of the newer cloud based services from Microsoft is Windows Intune. Intune is Microsoft’s cloud answer for on-premise management based technologies such as System Center. With Intune you can manage windows updates, mobile/tablet devices, perform hardware/software inventories and manage antivirus. In addition, you can now choose 2 plans for Intune with or without a Windows 8 Enterprise license so you can be sure your desktops/laptops are running the latest version of Windows.

In this blog article, I’ll be walking you through deploying a 3rd party application, Adobe Reader by using Windows Intune. This is a great feature from Windows Intune giving IT the ability to deploy 3rd party applications with a few clicks versus having users themselves install the software or IT walking around to each desk. Time is money these days in businesses and businesses are looking at where they can save money and increase productivity. In my next article, I’ll discuss on how to deploy an Adobe Reader update so you can be sure everyone running 3rd party applications are kept up to date.

To get started, if you don’t already have the Adobe Reader MSI file, you can download it here on Adobe’s FTP site: ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/

Once the file is downloaded, log into your Intune Admin console and click on the Software icon on the left hand side of the screen.

1. Click Add Software under Tasks on the right.

clip_image002

2. Run the application and sign in with your Intune credentials. Click Next.

clip_image004

3. Keep default selections and browse to your downloaded MSI file from the FTP site. Click Next.

clip_image006

4. Enter a publisher name. You can also upload an icon for the package. (Optional). Click Next.

clip_image008

5. Keep the defaults and click Next.

clip_image010

6. No command line arguments needed for Adobe Reader. However, note you may need to configure silent installs for other applications. Click Next.

clip_image012

7. Click Uploadon the summary screen and Adobe Reader’s .msi file will be uploaded to your Windows Intune storage.

clip_image014

8. Once the upload is complete. Click view software properties to go directly to the deployment settings for the software package.


clip_image016

9. Select the devices/users you’d like to deploy the software to then click Next.

10. Specify the type of deployment whether is it required or available to install then a deadline. Click Finish.

If you’ve followed all of the above then you should have successfully deployed Adobe Reader through Windows Intune. Comment below if you have issues or questions.