Stupid SkyDrive Tricks
The iPad is equipped with many things. One of those things is a double-edged sword that can reach out and cut you. The beauty of the iPad is it’s simplicity. However, when you live in a Windows world and use an iPad, you often run into places where Apple’s simplicity runs counter to getting things done.
Now, many of you will snicker at what follows. Some will shake your head, and say, “WTH?”. Still others will say, “Why doesn’t he just use SharePoint?”… I know, I know…
If you work in a Windows environment, you need to sometimes get files from an SMB server. No matter how hard Microsoft may evangelize SharePoint, there are still quite a few SMB servers in use around the world. Well, one of them is in our office. We exchange documents using a checkin/checkout process on our central SMB server. Great, but what about when you’re at home, or traveling, and a PC with a VPN isn’t handy and you just want to take a quick look at a document? Well, you’re SOL.
There is no SMB file browser on the iPad. There are a couple of third party apps that attempt to do this, but most I’ve seen were way more complicated than they needed to be, or added yet more infrastructure cost to the network (add a server, etc).
I had an idea for an approach to do this that is remarkably simple, but the more I thought about it, I kept thinking about the “Fetch” feature added to the latest version of SkyDrive. This feature lets you fetch (read-only, no write) files that are on your Windows system at work. If it’s on, you’re logged in, and SkyDrive is running, you can grab local files. So I thought to myself, if I’m that close… is there some way to get the files off of the UNC?
Ever since I was at Microsoft, I loved tinkering with junctions to do some stupid tricks with Windows (creating directories that don’t really exist, but point to an actual directory). For example, there was a trick in Windows Server 2003’s briefly included POP3 Server where you could create email aliases for a user just by making a junction to a user’s actual inbox. Not supported, but it worked.
In Windows before Vista, there was no way to link a remote UNC to a local path. That changed in Vista, when symbolic links arrived. So you can make a local directory mapped to a remote one by typing:
mklink /D c:\<localdirectoryalias> \\<server>\<share>\ (down to the subdirectory level)
So, I did this, to see what would happen when I browsed to SkyDrive. Sure enough, it showed up when I browsed from Windows or my Mac. Since I was already authenticated to the share on my desktop, I could browse anything. And from another Windows machine, Mac, etc, it worked fine.
Unfortunately, Microsoft elected to omit the “Fetch” functionality from the iPad app (probably for good security reason), so I couldn’t try it from there. They also do user agent sniffing when you browse to SkyDrive on an iPad and just say, “go get the SkyDrive app for iPad”. Disappointing. There is no way to manipulate the browser user agent in Safari, so I thought I was out of luck.
But I recalled that several iPad browsers do let you muck with the user agent. I tried Dolphin Browser HD first. Dolphin is actually a pretty great iOS browser, with some elegant touches like gestures. If I could make it the default browser, I probably would. Anyway, I switched Dolphin to “Desktop Mode”, and sure enough, I got in to the site, to see this (note the box on the left, indicating a computer where files are able to be fetched from):
When I tried browsing to it, I was prompted for a security code (each device/browser needs to be authenticated to connect to this remote machine). This required sending a text message to my default phone number. I entered that, and browsed in to my My Documents directory, where I had added the symlink (highlighted in red):
I got all the way into the directory, browsed around, and was able to open several image files, but it neither wanted to let me open the file in Word Web App, or let me download them. But what did work was selecting a file, selecting to copy it to my SkyDrive, and then opening or editing it from within the iPad SkyDrive app.
So, far from perfect, but I can now open a Word document for editing (not for saving) from an SMB server on the company network, using an iPad only connected to the network. Mission accomplished.
This of course does open up security questions. But realistically, if I am authenticated as me, and you let me install the SkyDrive app (which features fetch and, to my knowledge, fetch cannot be disabled through GPO), then have I compromised anything? Security along the way includes:
- I have to be logged on locally as me (need my domain password)
- I have to be connected to that network share as me (need my domain password)
- I have to log on to SkyDrive’s Web site (need my Microsoft password)
- I have to authenticate using SkyDrive’s SMS-based challenge/response (need my phone)
Should this terrify some companies? Sure. Should some people find it handy? I hope so.