Latest Postings
October 28 2008
Thanks to everyone who attended our Microsoft SharePoint 2007 Seminar. If your organization has any questions about how ISInc can help you learn, deploy, upgrade or manage your Microsoft SharePoint 2007 implementation, please contact us.
The slides from the presentation can be downloaded here:
Microsoft SharePoint 2007 Seminar by ISInc
If you are interested in our many training options, please look at our Microsoft SharePoint Training page for a list of available courses.
October 23 2008
Microsoft just released an alert to provide you with an overview of the new security bulletin released (out of band) on Thursday, October 23, 2008. Microsoft has released security bulletin MS08-067, Vulnerability in Server Service Could Allow Remote Code Execution (958644), to address a vulnerability in all currently supported versions of Windows. This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers. We request that you take action immediately by first assessing and preparing your own systems and networks and applying the security update, then reaching out to your customers to assist them in securing their systems and networks by applying the update.
Details about this security update are below, but here are your key resources:
· The full bulletin for MS08-067 is available at http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
· We recommend that you use the Microsoft TechNet Security TechCenter as a source of security information: http://technet.microsoft.com/security
Summary
This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests.
Recommendations
Microsoft recommends that you assess your systems and networks and apply this security update to secure your systems and networks and to help ensure that your computers are protected from attempted criminal attacks.
New Security Bulletin Technical Details
|
Identifier
|
MS08-067
|
|
Severity Rating
|
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008.
|
|
Impact of Vulnerability
|
Remote Code Execution
|
|
Detection
|
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
|
|
Affected Software
|
All currently supported versions of Windows
|
|
Restart Requirement
|
The update requires a restart.
|
|
Removal Information
|
· For Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility
· For Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
|
|
Bulletins Replaced by This Update
|
MS06-040 is superseded on these operating systems: Windows 2000 SP4, Windows XP SP2, Windows XP X64, Windows Server 2003 SP1, Windows Server 2003 X64, Windows Server 2003 SP1 for Itanium-based Systems.
|
|
Full Details:
|
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
|
Regarding Information Consistency
We recommend that our customers use the Microsoft TechNet Security TechCenter as a key source of security information: http://technet.microsoft.com/security, and that you sign up for comprehensive alerts at http://www.microsoft.com/technet/security/bulletin/notify.mspx. We strive to provide you with accurate information in static and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.
ISInc Support Options
If you are interested in ISInc support to keep your networks up to date, please contact us at 916-920-1700 to hear about our Managed Services options.
October 10 2008
One of the interesting issues I have found when building reports in Crystal is the nature of their record selection on blank data. More »
October 3 2008
As I’ve learned to build website layouts purely in CSS, I have come across many hacks or workarounds for debugging browser inconsistencies. One that I never quite understood was the declaration
zoom: 1;
I knew that if I applied zoom: 1 to certain elements, a layout that once looked like the elephant man in Internet Explorer 6 would miraculously turn into prince charming. But what is zoom: 1? And why does it fix my broken layouts? This post is meant to shed some light on these issues without getting into the nitty gritty details.
To understand zoom: 1, we must understand the proprietary property hasLayout, courtesy of Internet Explorer (IE). The hasLayout property is an internal flag in IE that tells the browser whether or not a particular element is a “layout” element. IE makes a distinction between a layout element and a non-layout element in more ways than I can enumerate here. Suffice it to say that layout elements and non-layout elements are treated differently when IE renders the page. I have found that layout elements will interact differently with their floated and positioned neighbors. This usually manifests in strange vertical and horizontal spacing between the elements.
The hasLayout property cannot be altered by the style sheet author. It is internal. It is flagged as true by default for certain elements (like <table>, <body>, and <img>). It can also be triggered by the style sheet author by changing certain properties (like width, height, float, and zoom).
The zoom property is one of Internet Explorer’s proprietary CSS properties that allows the style sheet author to enlarge something.
zoom: 2;
The above zoom declaration does as you would expect, it makes something twice as big. So since the zoom property will trigger hasLayout, we can use it to force IE into giving certain elements “layout” which can help us with spacing issues between elements. In order to add zoom but avoid any detrimental effects, we just use
zoom: 1;
This keeps the element at the same size while still triggering hasLayout behind the scenes.
To use zoom: 1 to my advantage, my general rule of thumb has been to code my layouts by testing primarily in Firefox (or another standards compliant browser like Safari or Chrome). During the process of coding it, I will periodically test it in IE7 to make sure there are no major hiccups. Usually, I can get the layout working in both browsers without too many hacks. Once the layout is finalized in Firefox and IE7, I test in IE6. If the layout is way off in IE6, I immediately apply the declaration:
* { zoom: 1; }
which gives “layout” to all elements. This will often fix the major issues in IE6, and the rest is just pixel tweaking with conditional comments.
For a complete reference of hasLayout (much more complete than I have attempted here), read this article on having layout.
September 25 2008
Have you ever linked to another web page using the phrase “click here“?
If you are a webmaster, a web author, or a web content editor and you answered yes to that question, keep reading because this blog post is for you.
Why is “click here” the enemy? Let me start with a little anecdote about a phenomenon known as Google bombing.
One of the methods that Google uses to determine what your page is all about is to look at the link text (or anchor text) that others have used to link to your website. So, if there are a million links that say Amazon and link to Amazon.com, there is a good chance that a Google search on the word Amazon will return a first hit to Amazon.com. Seems logical, right?
Google also has a button called “I’m feeling lucky” that is often overlooked. Try it out. Go to Google and search on “Innovative Solutions Inc.” Instead of clicking the “Google Search” button, click the button to the right that says “I’m feeling lucky.” This will take you straight to our home page. Why? Because the “I’m feeling lucky” button takes you to the first search result that you would have seen if you had done a regular Google search.
How does this relate to Google bombing? Once upon a time, somebody decided to use their knowledge of Google’s indexing system to further their own political objectives. In particular, I remember being introduced to the George Bush Google bomb when I was in college. What happens is, a particular blogger, website, or internet community puts out a request to their readers to create a link to George Bush’s bio on the white house website with the link text of “miserable failure.” Eventually, as the scheme gains momentum, there are so many “miserable failure” links to the president’s bio that the Google bots integrate those links into their knowledge base. Eventually, you could type “miserable failure” into Google, click “I’m feeling lucky,” and there was George Bush’s smiling face on your computer screen. Pretty knifing, yes?
The point of this anecdote is to teach you that link text matters. If Google uses your link text to determine what a website is about, why not provide more useful information than a generic “click here”?
This is a helpful link to our website:
Our favorite technical training center in Sacramento, CA – Innovative Solutions Inc.
This is not as helpful:
Click here to go to our favorite technical training center in Sacramento, CA – Innovative Solutions Inc.
That is why I call it altruistic linking. You are doing your neighbor a favor, you are going to help their search ranking by linking to them with appropriate keywords. And hopefully, in turn, they will do the same for you.
It’s often we have requests from customers on Proclarity, but few know that it is part of a much more complete Business Intelligence (BI) package from Microsoft called Microsoft PerformancePoint Server. This solution encompasses more than just traditional charts and graphs. It provides modules that integrate with the applications you use on a daily basis. Microsoft PerformancePoint Server 2007 is built from Microsoft’s Proclarity Analytics product.
Traditionally we think of BI as just the reports we run off of our database. While this model works, it is a limited view of what it can provide your organization. This is why Microsoft has invested heavily in this space and came up with PerformancePoint. Their goal was to provide a tool that can become a framework for delivering reporting across your organization. Without a standard tool it is difficult to see trends in your data outside of your group.
How many excel reports do you get? Do you use more than 1 tool to perform reports within your company? Do you have Microsoft SQL Server and Microsoft Reporting Services but only have a few reports to show for it? PerformancePoint is a solution that can give you a consistent, common data model to work from for monitoring, analytics and planning.
Key Performance Indicators (KPI’s) are tools you can use to make quick decisions. The challenges are getting all of this information in a format that can be used for reporting. The other challenge is how to disseminate this information to the masses in a way that is secure, easy to understand and highlights the right information. This is one of the many features such as dashboards and scorecarding built into PerformancePoint. You can deliver this information via SharePoint Web Services to your employees, also incorporating security from the various sources such as Microsoft SQL Server and Microsoft Reporting Services.
Finally, if your business has to do financial reporting, this is a tool that can help you with the planning and delivering of these reports.
ISInc has recently put together a number of PerformancePoint courses that will help you get up to speed on all of the available features in this application. We have courses on just the planning modules, or on the end-to-end solution. This is a great compliment to SharePoint Training.
September 17 2008
Running an Enterprise IT Environment has more cost than just the equipment and power that is used. Now we need to keep in mind the entire eco-system to run our infrastructure, from the power each machine uses to the amount of time people need to support it. Running a “Green” IT will not only help the environment, it will often relieve some of the stress on your IT staff.
Here are some steps your IT group can take to make your company more environmentally friendly. More »
Did you plan on how you would train your employees for an upcoming software migration/upgrade?
More »
September 10 2008
Learning web design can be easy with a WYSIWYG (what you see is what you get) editor, like Dreamweaver or Microsoft’s Expression Web. You create a new document and edit it like a PowerPoint slide or a new file in Microsoft Word. You add text, tables, and pictures. Voila, you have a web page.
More »
September 9 2008
ISInc is now proud to be providing our customers access to the SANS Institutes 401 course this December!
More »
