SharePoint 2010 PowerShell snippit for deleting all items in a list

$SPAssignment = Start-SPAssignment;

$SPWeb = Get-SPWeb -AssignmentCollection $SPAssignment;

$items = $SPWeb.Lists["My List to Delete All Items"].Items;
while($items.Count -gt 0){$items.Delete(0)};

Stop-SPAssignment $SPAssignment;

SharePoint 2010 Secure Store shared service is not responding

When trying to manage the Secure Store Service in SharePoint 2010 I ran into an error stating that the “secure store shared service is not responding…”

ULS logs dumped the following critical error message:

08/30/2013 12:27:50.80	w3wp.exe (0x1AEC)
0x16E8	Secure Store Service
Secure Store
The Secure Store Service application Secure Store Service is not accessible. The 
full exception text is: The HTTP service located at 
is too busy.

After stumbling around google for a while, I came across the following article which suggested that the Security Token service needed to be reprovisioned:

PS C:\Users\uhleeka> Get-SPServiceApplication

DisplayName          TypeName             Id
-----------          --------             --
Secure Store Service Secure Store Serv... a785c55d-74fe-4c36-b3f0-ead5ce920fd0
State Service        State Service        da12d0c8-4455-4ff0-8d78-fafc17495f72
PerformancePoint ... PerformancePoint ... 287024db-317b-4157-b1cf-48fad7997e46
Visio Graphics Se... Visio Graphics Se... e67b7b0b-89c7-413e-97a3-3bdd2181c2e3
Managed Metadata ... Managed Metadata ... 9a407eef-f763-4f8a-a40e-13fcfc731372
Web Analytics Ser... Web Analytics Ser... 9a6bd1b0-3318-4018-b06f-e9bfcbeab042
Excel Services Ap... Excel Services Ap... ae2b3782-8434-4259-8941-de7f6a10e752
Security Token Se... Security Token Se... aea1b402-c567-414a-87ec-de78ef1c050d
Application Disco... Application Disco... aa7cd819-184e-4be3-97ce-bab1ddaa5ccb
Usage and Health ... Usage and Health ... 6c149bc0-1d6f-464a-a191-51afa27e9f89
Search Administra... Search Administra... 9f714436-729e-42ea-a8f0-94cc9f659d7d
Word Automation S... Word Automation S... 5849509b-27bb-4ea3-9377-77261832f58b
User Profile Serv... User Profile Serv... ad8c6f20-4f57-4c6b-82c1-2ff2e4c3894c
Business Data Con... Business Data Con... b352de0b-1bb4-4998-83c2-93d239abcabf
Search Service Ap... Search Service Ap... 14e512ae-59fa-4a21-9cfd-9cfbc7392293

PS C:\Users\uhleeka> $sts = Get-SPServiceApplication | ?{$_ -match "Security"}
PS C:\Users\uhleeka> $sts

DisplayName          TypeName             Id
-----------          --------             --
Security Token Se... Security Token Se... aea1b402-c567-414a-87ec-de78ef1c050d

PS C:\Users\uhleeka> $sts.Status
PS C:\Users\uhleeka> $sts.Provision()

PowerShell to the rescue. Thankx sowmyancs!

Git Sparse Checkout

From the root of your local git repo:

$ git config core.sparsecheckout true
$ echo a_directory_i_want_to_include/ > .git/info/sparse-checkout
$ echo another_directory_i_want_to_include/ >> .git/info/sparse-checkout
$ git read-tree -m -u HEAD


$ ls
a_directory_i_want_to_include/ another_directory_i_want_to_include/

SharePoint 2010 SPSecurity.RunWithElevatedPrivileges HandleAccessDenied

The Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges method enables you to supply a delegate that runs a subset of code in the context of an account with higher privileges than the current user.

Using SharePoint context with an unauthenticated user does not actually elevate privileges:

    // do something with SPContext.Current.Web 
    // fails with a HandleAccessDenied Exception
    // because SPContext is loaded with the site,
    // not within this delegate block.

So to get actual elevated privileges, you have to reload the context:

    using (SPSite site = new SPSite(this.Page.Request.Url.ToString()))
        using (SPWeb thisWeb = site.OpenWeb())
            // do something with thisWeb

See here for a better explanation:

C# Hash String to Hexadecimal String

Outputs a 40 character hexadecimal hash string using the MD5 algorithm.

private string ToHash(string source)
    byte[] bytes;
    char[] c;
    byte b;
    //using (SHA1 m = new System.Security.Cryptography.SHA1Managed())
    using (MD5 m = System.Security.Cryptography.MD5.Create())
        bytes = m.ComputeHash(System.Text.UTF8Encoding.UTF8.GetBytes(source));
        c = new char[bytes.Length * 2];
        for (int i = 0; i < bytes.Length; ++i)
            b = ((byte)(bytes[i] >> 4));
            // replace 0x57 with 0x37 to output uppercase
            c[i * 2] = (char)(b > 9 ? b + 0x57 : b + 0x30);
            b = ((byte)(bytes[i] & 0xF));
            // replace 0x57 with 0x37 to output uppercase
            c[i * 2 + 1] = (char)(b > 9 ? b + 0x57 : b + 0x30);
    return new string(c);

C# Thread.Sleep(TimeSpan) to Run Every 10 minutes

Based on truncating a DateTime to the second in C# while preserving the “Kind” (Local, UTC, Undefined):

dateTime = dateTime.AddTicks( - (dateTime.Ticks % TimeSpan.TicksPerSecond));

Thread.Sleep until the next 10 minute mark (e.g. Run every 00, 10, 20, 30, 40, 50 minutes):

        (TimeSpan.TicksPerMinute * 10) - 
        (DateTime.Now.Ticks % (TimeSpan.TicksPerMinute * 10))


In the real world, the above code appears to be waking up a fraction of a second too early. So perhaps adding an additional tick might be the way to go:

        1 + (TimeSpan.TicksPerMinute * 10) - 
        (DateTime.Now.Ticks % (TimeSpan.TicksPerMinute * 10))

JohnnyA WordPress malware on MediaTemple

My MediaTemple (gs) account got hit by JohnnyA a couple weeks ago. I assume that it occurred because I was slow to update my WordPress to version 3.0. Lucky for me, I actually looked at my blog only 4 days (yikes!) after the exploit occurred. Avast caught the site attempting some sort of JavaScript exploit, which clued me in to the problem.

After digging through the site using Firefox and the Firebug plugin, I found the offending JavaScript and stumbled upon the WordPress Administrative user, “JohnnyA”. So I deleted the code from the file and disabled the database user, only to have the exploit reappear less than 24 hours later.

Confused by its reappearence (I had updated WP to the latest version of 3.0), I contacted MediaTemple support. (mt) politely informed me that the problem was mine own and pointed me to this “System Status” link:, which states in bold “…this is not exploiting any architectural or system vulnerability” which translates to “Fix it yourself or pay someone to do it for you.

Anyhow, noting that an Adminstrator, username JohnnyA, had been created, I searched and stumbled upon this thread: Realizing that there was a .php vector to this attack in addition to a .js vector, i opened up an SSH session and grepped through my “domains” directory. After finding and neutralizing the offending .php file and offending .js file, the site was back to normal and has been malware free for the last 48 hours.

I have since been passively monitoring my site with a plugin called “WordPress File Monitor” which fires off an email every time a file is modified on the site. Hopefully, that will provide an alert of future exploits. I have also installed several other security-related Plugins. Check out for a good rundown on WordPress security.

Bottom line, MediaTemple is not at all to blame for this. If I was to exploit a WordPress vulnerability, I would target hosting companies like MediaTemple for the sheer number of (un)managed WordPress installations. Lesson learned? Keep your software up to date!

Edit (2010-07-30): After further looking into this, it appears, IMHO, that MediaTemple (gs) architecture may be at fault. They have acknowledged that there were some sort of permissions issues that allowed neighboring (gs) accounts to read each others data. So they implemented Access Control Lists as a fix ( Reading between the lines, something (?) was wrong and MediaTemple took steps to fix it. Transparency? Not really.

The new bottom line is: Something happened to compromise my (gs).
Lesson learned: Don’t issue an opinion based on spoon-fed incident reports. My apologies to WordPress.

Edit (2010-08-06): The comments are well worth reading.

[ Read more » ]

Less than percent colon – code render blocks in ASP.NET

ASP.NET 4.0 introduces the following code render block syntax:

<%: YourOutput() %>

The search terms “less than percent colon” and “less than percentage colon” did not turn up anything for me in google, but thanks to stackoverflow:

<%: is almost the same as <%= except that the output from <%: is automagically html encoded.

Essential Freeware

Firefox – web browser

Firefox plugins

7-zip – file compression/decompression library

CutePDF – virtual printer: print to a PDF

Avast – antivirus

Picasa – picture and video organizer

Generic List<T> to DataTable using Reflection

The following function takes in a System.Collections.Generic.List<T> and returns a System.Data.DataTable with the properties (via reflection) of T as columns. [ Read more » ]

Next Page →