Installing Visual Studio Code and Salesforce SFDX tools without being System Administrator

Installing Visual Studio Code and Salesforce SFDX tools without being System Administrator

I have a new shiny, high specification Windows 10 Laptop from my company. Naturally it is completely locked down from a security configuration.

I’m really fine with this. Developers should always work in least privilege and my company data should always be secured. Sure, it is easier to make progress with your Administrator override buttons, but the pain is just going to come back when you actually need to deploy something.

Microsoft gets this. Visual Studio code installs into my User Level profile without requiring any Admin privileges at all.

However, Salesforce doesn’t seem to get this. As far as I can tell there is no guidance around how to setup your development environment when using a locked down system.

However, you can install with least privilege, but takes a few manual steps which should take you no more than 10 minutes:

  1. Install Microsoft Visual Studio Code
  2. Install Salesforce Extensions for VS Code
  3. Setup Java JDK
  4. Setup NodeJS (with SFDX)
  5. Create a Windows Batch file on your desktop (or wherever):
    • Create VSCodeLocal.bat with a text editor such as Notepad (be careful – notepad will probably put a hidden “.txt” as the suffix)
    • Extend the PATH variable with the Java Bin and SFDX folders, and launch VSCode. See image below.
  6. Double click on VSCodeLocal.bat
    • I recommend running this from the command line first to ensure that no errors are experienced
    • Always run from this batch file. Directly running from the Visual Studio Code desktop/menu icon won’t work.

So at this point you should have a (mostly) working SFDX development environment on your locked down Windows 10. Do let me know in the comments if any steps require elaboration.


  1. Try installing normally first. Your PC may not be as restricted as mine.
  2. Most SFDX commands work, such as ‘SFDX: Create Project’, SFDX: Authorize an Org’, ‘SFDX: Create Lightening Web Component’ and ‘SFDX: Deploy This Source to Org’. I haven’t tested everything.
  3. Installing the SFDX local development server doesn’t work for me because my company policy doesn’t allow scripts to be run. Your mileage may vary.
  4. 100% credit to for the NodeJS/SFDX setup
  5. This process will probably generally work for a restricted MacOS as well. Ensure that you set up launching from the command line in VS Code: Shell Command: Install ‘code’
  6. Versions of all these tools will change all the time. The JDK 11 will probably be fine for years to come, but everything else should be latest as possible.
  7. As far as I can tell, this configuration is likely not supported by Salesforce.
Develop Salesforce DX with Visual Studio Code Remote

Develop Salesforce DX with Visual Studio Code Remote

Scott Hanselman has a great post on the new remote development feature with Visual Studio Code, and I wondered how this would work with Salesforce DX.

Most of my learning for Salesforce DX has been on my personal MacBook, mostly because my company laptop is heavily restricted. I can run Visual Studio Code from my user space under Windows 10, but all the other developer tooling can’t be installed / has issues.

The awesome thing about the new Remote feature is that I was able to install all the required development tooling to a Ubuntu 18 server that I provisioned on a Microsoft Azure subscription and can now control it with Visual Studio as the client.


Note: Please pay close attention as to where I have specified Client machine (your laptop, whatever) and your Remote Machine (Linux server with all dev tools)

Great! This is the basic setup, now the tricky bits so please also refer to the Microsoft SSH guidance:

  • Step 8: Client machine: Run the remote-ssh: Connect to Host command for your Linux server. Visual Studio Code will setup everything for you.
  • Step 9: Client machine: Install the Visual Studio Code Salesforce Extension on the remote machine (obviously not on the Client machine)
  • Step 10: Remote machine: Login to your remote machine with a remote desktop session and run a new instance of Visual Studio Code with Salesforce CI integration. Authorize an org with the ‘SFDX: Authorize an Org’ command
  • Step 11: Remote machine: Still in Remote desktop, run the following command in the Visual Code terminal: ‘sfdx force:org:display -u vscodeOrg –verbose’ (where vscodeOrg the name of your authorized org. Copy the value of “Sfdx Auth Url” which will be in the format force:// (Danger: This value will let anyone log into your org without username or password!)
  • Step 12: Remote machine: Save this value in a text file in an easy location. eg. /home/MyUser/src/login.txt
  • Step 13: Client machine: run the following command in the Visual Studio Code terminal window: ‘sfdx force:auth:sfdxurl:store -f login.txt -s -a vscodeOrg
  • Step 14: Client machine: (optional) Setup access to your source control repository in Visual Studio Code. Note that the source code will now be held on the remote machine, not your local machine.


And there you have it. You can no use you local machine as a development client, with all tools needed for Salesforce DX running remotely.


Thoughts & observations:

  1. The configuration could have been changed to use Docker Containers locally. I didn’t go that route because I’m not convinced my company laptop has the right amount of system resources. It would also be very hard to get Docker Desktop installed.
  2. Debugging javascript with this configuration might be too hard without the browser on the remote machine. Local extensions are probably the way to go.
  3. Setup is non-trivial. Reading through my steps I can see that this is not something that someone who has only ever used Salesforce would want to configure. If you don’t want to jump through the hoops above then I’d advise waiting for a few months for things to advance some more.
  4. There is exciting potential for ‘code from anywhere’ with this model. It is probably unrealistic (for example) to have the full Salesforce DX development suite on an Apple iPad, but definitely more realistic to have the Visual Studio Code client running and connecting to a development server in the cloud.




Speedup the import of a large OLM email archive on Mac

I recently updated my MacBook Pro to a newer model. I started from scratch rather than migrate the old system image, and duly backed up everything.

I’ve had large archive files before from Microsoft Outlook for Windows (PST format), and found them to be easy to manage and portable.

Microsoft Outlook for Mac however cannot export PST files, but uses another format called OLM. OK, fine… but when I copied the 16GB OLM file to my new Mac and imported, I found that would take the best part of a week to import! That doesn’t really cut it since I need to carry to MacBook and use Outlook for work. Even Friday evening to Monday morning would not be sufficient to complete this.

After much Googling, I found out that most people recommend paid utilities that can do OLM to PST conversations.

Luckily I found another solution. It seems that importing the OLM mail archive and importing it on the same disk was causing the process to slow considerably. I just copied the OLM archive to an external USB-3 drive in order to import from there, and the whole archive imported in just a few hours.

Screen Shot 2018-11-24 at 2.42.12 pm.png


Learning Vlocity

Vlocity is a new industry accelerator on top of Salesforce, and it provides a great deal of functionality that will significantly reduce your customization effort within Salesforce. You can design agent workflows, user interfaces and interactions with configurable scripts with more simplicity than coding up in Salesforce APEX or using flows. Additionally they provide processes for each industry to download, so you can just browse the library to get processes that allow you to (for example):

  • apply for Child Care benefit (Government)
  • change a SIM Card (Telecom)
  • get a travel policy quote (Insurance)

In addition there is a CPQ (Configure Price Quote) engine that ties in nicely with the processes above.

Salesforce is an awesomely open platform in terms of learning. Almost all the functionality you need to develop enterprise scale applications is available in a development environment that anyone can provision within a minute, and most of the learning material to use that is available in the learning site (Although just to be clear: although learning is free, using it in production does cost licensing! ).

Vlocity is for the moment behind walls, and you will need either a partner agreement or partake in a training course to get experience. There is a steep learning curve, since you need to understand how the different components work together (dataraptors, omniscripts and cards) before you can do something useful.

I found that the in-person training course is good and gets through a lot of material in 4 days, but you should straight afterwards go back and go through it all again building your own ideas before you truely ‘get’ it. You can follow the steps in the exercise book and not have a good feel for what is actually happening. For example, I wrote a ‘hello world’ card to understand the user interface better, a simple dataraptor that extracted Contact fields to understand the data model better, and finally my own Omniscript that solicited customer feedback to see how it all tied together.

And do bear in mind that after a steep learning curve, it will be a much easier way to implement complex process functionality into Salesforce!

Vlocity Cards “Hello World”

I’ve recently completed a Vlocity Administrator and Developer Essentials course, and am preparing for the final exam.

There is a lot to say about the Vlocity industry accelerators. The official documentation and training certainly throws you in at the deep end. Here are some blog posts that will break each technical component up into ‘Hello world’ components.

What are Vlocity Cards?

Vlocity Cards are visual components that work in the larger Vlocity framework. They can display data and actions. The interface can be customized with HTML, CSS and Javascript (AngularJS).


  • Salesforce org
  • Vlocity app installed (not freely available unfortunately)
  • Knowledge of Salesforce Administration



Display ‘Hello World’ on a Vlocity card to a Contact record page.


Step 1: Create Vlocity Layout & Card

We will create a layout, card and state with a really simple structure (In real life you would likely want lots of cards and lots of states to represent your data).

Screen Shot 2018-11-11 at 3.00.08 pm.png

We will create a simple layout that will query basic details from the Contact record and display them on a simple card. It will look like this:


Note about Data source: I used SOQL to make this as simple as possible. We will have a ‘Hello World’ DataRaptor blog post soon to go into the best way to acquire data into your cards.

Activate the Card and click the ‘Preview’ tab, and you should see a (badly) formatted card with a single ‘Call’ action:

Screen Shot 2018-11-11 at 2.49.47 pm.png


Step 2: Create a new Lightning Page for Contact

We want to see this card in action, so we create a new Lightning Page, and choose the ‘Vlocity Three Columns’ Template:

Screen Shot 2018-11-11 at 1.53.07 pm.png

Screen Shot 2018-11-11 at 3.03.43 pm.png

Activate the card (set as org default if you are just playing around in a sandbox) and then view a random Contact:

Screen Shot 2018-11-11 at 3.31.27 pm

Obviously the formatting is not right yet, so for the next blog post we will get into how to present this correctly.

Salesforce DX CLI Cheat Sheet

The Salesforce trailhead is good, although its verbose style makes it hard to use for a quick reference. This list is just for my benefit to quickly remember the relevant commands, but may be of wider use as well:

Salesforce DX Trailheads:


Action Command
Update the CLI sfdx update
Set the dev hub instance sfdx force:auth:web:login –setdefaultdevhubusername –setalias my-hub-org
Create a new project sfdx force:project:create -n myAwesomeNewProject
Create a scratch org sfdx force:org:create -s -f config/project-scratch-def.json -a GeoAppScratch
Open the scratch org sfdx force:org:open
Pull the configurations & customizations from your scratch org to your local project sfdx force:source:pull
Pull data from your scratch org to your local project sfdx force:data:tree:export -q “SELECT Name, Location__Latitude__s, Location__Longitude__s FROM Account WHERE Location__Latitude__s != NULL AND Location__Longitude__s != NULL” -d ./data
Push your local project back to your scratch org sfdx force:source:push
Create a new Lightning component in your local project sfdx force:lightning:component:create -n AccountListItem -d force-app/main/default/aura
Create a new Lightning event in your local project sfdx force:lightning:event:create -n AccountsLoaded -d force-app/main/default/aura
Create another scratch org sfdx force:org:create -f config/project-scratch-def.json -a GeoTestOrg
Push local project to new scratch org sfdx force:source:push -u GeoTestOrg
Assign permission set to new scratch org sfdx force:user:permset:assign -n Geolocation -u GeoTestOrg
Upload data to new scratch org sfdx force:data:tree:import -f data/Account.json -u GeoTestOrg


Manage Dev Hub and packaging

Action Command
Set the dev hub user name sfdx force:config:set
Create new project sfdx force:org:create -f config/project-scratch-def.json -a TempUnmanaged
Generate new password for scratch org sfdx force:user:password:generate -u TempUnmanaged
Display dev hub sratch org details sfdx force:org:display -u TempUnmanaged
Pull the source sfdx force:source:pull -u TempUnmanaged
Pull in package sfdx force:mdapi:retrieve -s -r ./mdapipackage -p DreamInvest -u TempUnmanaged -w 10
Open resulting package unzip -d
Convert to metadata sfdx force:mdapi:convert -r mdapipackage/
Delete the scratch org sfdx force:org:delete -u TempUnmanaged
Create a new sratch org sfdx force:org:create -s -f config/project-scratch-def.json
Push local project to new scratch org sfdx force:source:push
Assign permission set to new org sfdx force:user:permset:assign -n DreamInvest
Convert to metadata sfdx force:source:convert -d mdapioutput/
List all orgs in dev hub sfdx force:org:list
Deploy to new scratch org sfdx force:mdapi:deploy -d mdapioutput/ -u MyTPO -w 100

Dynamics 365 – Adding an administrator Web Role to an Employee Self Service Portal

In order to edit the content directly in a Portal on Dynamics 365, you need your user (specifically the contact record related to your User record) to have a Web Role with editing privileges.

This can be confusing, because this security setting is set on the Contact and not the User. Portals concern themselves with Contact logins first, and although the Employee Self-Service (ESS) Portal leverages the Azure Active Directory, it still looks for the role on the Contact record.

There isn’t a nice easy way (that I was able to find) to manage web roles for users, and it is all done through Invitations. Again, this is confusing because Users for the ESS don’t need invitations. They just log in if they have a Dynamics 365 license. Nevertheless, we need to go through the motions in order to get the Web Role assigned.

First, create a normal Dynamics 365 User:

Screen Shot 2017-08-06 at 9.17.02 pm.png

I now have a User but no Contact:

Screen Shot 2017-08-06 at 9.20.57 pm.png

We can create our Contact by just letting John log in once:

Screen Shot 2017-08-06 at 9.23.07 pm.png

And that will create their Contact record automatically (related directly to their User record):

Screen Shot 2017-08-06 at 9.24.39 pm

Now go the the Contact record and click ‘Create Invitation’ at the top:

Screen Shot 2017-08-06 at 9.26.05 pm

First thing click ‘Save’ on the Invitation form in order to create an Invitation record for this Contact:

Screen Shot 2017-08-06 at 9.27.03 pm.png

And then in the ‘Assign to Web Roles’ box just add them to ‘Administrators’:

Screen Shot 2017-08-06 at 9.29.30 pm.png

Then go to the ‘…’ button, and select ‘Other Activities’

Screen Shot 2017-08-06 at 9.32.32 pm

And then click ‘Invite Redemption’:

Screen Shot 2017-08-06 at 9.35.27 pm.png

In the following Dialog Box, just enter the Contact record and any username and click ‘Save’:

Screen Shot 2017-08-06 at 9.37.04 pm.png

Now go back to the John Smith’s Portal session and refresh the browser. The toolbar will now appear:

Screen Shot 2017-08-06 at 9.38.26 pm.png

All of this wasn’t very obvious from the documentation at all, and I would hope in future that Microsoft will add an option to manage Web Roles directly on the Contact record. It is possible I missed an easier to do this, and if I find it then I will update this article accordingly.





Microsoft Dynamics 365 Employee Self-Service Portal Access with Azure AD Integrated Apps settings

Microsoft Dynamics 365 Portal is a great new addition, having matured greatly from the ADX acquisition and possible to set up in a few clicks. They don’t offer a massive amount of extensibility, but does the job well (i.e. let a Contact log in, raise a case, check case progress, browse a knowledge base, add simple access to other entities).

I did face an interesting problem in a customer scenario where I set up an Employee Self Service Portal, and found that users could just not log in.

Screen Shot 2017-08-06 at 2.22.47 pm.png

Google didn’t provide any hits for the phrase “Microsoft CRM Portals needs permission to access resources in your organization that only an Admin can grant” – so seemed a good candidate for an article!

After some investigation, we found that an earlier Security Audit had recommended turning off the ‘Integrated Apps’ setting in Azure AD. This meant that users could not consent to have the Portal read their AD profile:

Screen Shot 2017-08-06 at 2.07.41 pm.png

Screen Shot 2017-08-06 at 2.17.25 pm.png

The immediate fix is just to enable this setting back on again. I also had to restart my Portal to get this working.

Screen Shot 2017-08-06 at 3.34.55 pm.png



Mac OS Taskbar Calendar

Calendars are important to consultants, and Windows has a quick and easy to use one when you click on the time. When using a Mac you don’t have this and going into the Calendar view in Microsoft Outlook (or other app) can often distract you from the task at hand (i.e. you are writing an email suggesting to meet next Wednesday, but you want to be really sure that next Wednesday is the 9th). WinCal
Itsycal is a great utility that does this for your Mac, is free and simple:


Start and connect to your Azure VM from the Mac command line

Update 11th October: OK, I didn’t realize is was now very trivial to set a static IP and a DNS name in Azure Public IP Address configuration for Azure. Still I think the commands in this article are still interesting to illustrate how to interact with Azure.

Microsoft Azure is great, but I’m not really a big fan of the Azure portal . I find it rather messy to navigate, and multiple clicks to find the function that you want.

My first simple scenario is to start and connect to one of my Azure developer machines. It costs a great deal to run it 24 hours a day, and I may only use it between 1 and 4 hours each day. It can be started and stopped on the portal, but with some Azure CLI tools and bash scripting I can start and be in quickly.

First let’s check the version installed:

Azure --version


Then login, which will ask you to open and enter the given code. You can then link your subscription through the browser.

Azure login

Screen Shot 2016-10-07 at 8.59.40 AM.png

If succesful, then all your MSDN subscription will get added (in this example I have 3)

Screen Shot 2016-10-07 at 9.03.08 AM.png

So now your environment is ready.

List out all your available VM’s with

azure vm list

Screen Shot 2016-10-07 at 9.26.38 AM.png

and start with

azure vm start -g -n


I was looking for a command that would download the remote desktop file (RDP), but seems there isn’t. No problem because it is easy to create from the VM’s IP address:
azure vm show |grep "Public IP address" | awk -F ":" '{print $3}'

So with a little Bash scripting, you can derive and launch the remote session automatically. This assumes that you have installed Microsoft Remote Desktop for Mac. Just create a new bash script file with the following contents, changing the environment variables to you Azure and local configuration:


echo "RDP Generator"
#Change to your Azure resource group

#Change to your Azure VM name

#Change to the user name on that VM

#Set the location of the temp RDP file

#This should be the default location for Microsoft RDP install
VarRemoteDesktopLocation="/Applications/Microsoft Remote"

VarResult1=$(azure vm show $VarResourceGroupName $VarVMName |grep "Public IP address" )
VarResult2="$(echo $VarResult1 | cut -f3 -d ':')"

VarBegin="full address:s:"

echo $VarRemoteDesktopLocation

touch $VarRDPLocation
#overwrite existing file
echo $VarBegin$VarResult2$VarEnd > $VarRDPLocation
echo "prompt for credentials:i:1" >> $VarRDPLocation
echo "administrative session:i:1" >> $VarRDPLocation
echo "username:s:"$VarUserName >> $VarRDPLocation

#Launch remote desktop session with new file
open -a "$VarRemoteDesktopLocation" $VarRDPLocation

Just run your new script file and it will launch the Microsoft RDP client automatically.