June 2012 - Posts
I just received the the schedule from Randy today and in his words; We're T-minus 12 days away from SharePoint Saturday San Diego, and I want to let you know that we have made a few adjustments to the event schedule.
The event is sold out, and we are expecting a strong turnout! Unfortunately, Randy won't be at the event personally, but he is sure you will all be rocking it! The Weather in San Diego during this time will be sunny and warm.
John Roe, our local SoCal Microsoft Technical Solutions Professional (TSP) for LA and San Diego to be our keynote speaker.
John comes from a rich SharePoint background including terms at Proficient / SpeakTech as a SharePoint Architect. Has been recently named our local TSP for SoCal, John is responsible for the Microsoft relationship as it pertains to Collaboration products including our wonderful SharePoint product line!
John will be presenting a session on User Adoption:
• The Challenge of Adoption
• Must-Haves in Your Adoption Strategy
• Find Your Killer Application
• Crawl, Walk & Run
• Must-Have Resources
A recent, isolated issue was discovered in the SharePoint 2010 Products April 2012 Cumulative Update that could result in an HTTP 500 error when users delete objects to include documents, lists, and Webs and a new object is created using the same path where the original object remains in the Recycle Bin.
The following packages were affected:
KB2598151 - SharePoint Server Package
KB2598152 - Project Server Package
KB2598321 - SharePoint Foundation Package
KB2598304 – Wss-x-none.msp
This issue has been resolved in the revised packages. The revised packages include support for resolving issues related to the originally published updates.
SharePoint Foundation 2010
SharePoint Server 2010
We recommend that you test hotfixes before you deploy them in a production environment. Because the builds are cumulative, each new release contains all the hotfixes and security updates that were included in the previous SharePoint Server 2010 update package releases.
Description of the SharePoint Server 2010 cumulative update package (SharePoint server-package): April 24, 2012 http://support.microsoft.com/kb/2598151
The next SoCal IASA chapter meeting will be Thursday June 21, 2012 at Rancho Santiago Community College District, 2323 N. Broadway, Santa Ana. Meeting starts at 7:00 pm, pizza and networking 6:30 pm. Meeting cost is $5 to help us cover the cost of food and beverages. RSVP by emailing to Mike Vincent if you plan to attend.
Are you afraid of making estimates? You are not alone! Do you know why making quality estimates AND tracking actuals is so important? Can you really estimate how long a football game will be? Learn the importance of accurate estimating and how that skill will help you define and manage your customer’s expectations. Discover the difference between ‘ideal time’ and ‘elapsed time’ and why your estimates need to encompass both. Join others in learning the anatomy of an estimate and lean techniques to make your life easier. Come learn some great tips you can begin using your first day back on the job.
Michael is Vice President of Development at PDSA, Inc. and brings over 32 years of Information Technology experience to bear at his position. Prior to joining the PDSA team, Michael was the Director of Information Technology at the Long Beach division of Boeing. He was responsible for all aspects of computing – strategic planning, architecture, application lifecycle, asset management, and outsource management – where he managed a budget of over $90 million dollars and 140+ people. Michael’s responsibilities at PDSA are to manage all projects and personnel while ensuring quality services are delivered on time and on budget to our valued clients. He has been instrumental in defining and executing a solid internal business and engineering process to ensure quality services. Michael also has been an instructor at UCLA and University of California, Irvine's extension program since 1985. He instructs or has instructed the following courses: Microsoft.NET, Advanced Visual Basic, and Relational/Distributed Database Management and Design. Michael holds a Bachelor's Degree in Mathematics and a Master's Degree in Computer Science from UCLA, and has published several articles on database management, SQL Server and Visual Basic. He has also spoken at industry conferences, such as Advisor’s DevCon and Informant Conferences on Microsoft Technologies and best practices.
- Three Ways to Identify If You are Ready for SharePoint Online
- 6/20/2012 4:00 PM Time zone: (GMT-05:00) Eastern Time (US & Canada)
- Ready or not, Office365 for SharePoint is here to stay. But, is your institution ready to leverage it to the fullest? Join us on this webinar to find out the three key questions you need to be asking yourself. Attendees will also be treated to an exclusive sneak peak of ControlPoint Education Edition designed specifically to enable your organization to embrace the Office365 version of SharePoint with complete control, governance and security.
- Business Intelligence 101
- 6/21/2012 2:00 PM Time zone: (GMT-05:00) Eastern Time (US & Canada)
- This session focuses on building dashboards, reports, and scorecards using the Microsoft Business Intelligence stack (SQL, SharePoint, and Microsoft Office).
- Unleash Your Productivity - Support Executive Decision Systems with Business Intelligence
6/22/2012 11:00 AM Time zone: (GMT-08:00) Pacific Time (US & Canada)
- Are you interested in Microsoft productivity solutions and would like to hear more about the technology directly from Microsoft? Join us for 60 minutes to hear Microsoft technology experts deliver information on the latest Microsoft technologies, solution demos and product tips and tricks.
- Business Intelligence 101 – 2nd Delivery
7/19/2012 2:00 PM Time zone: (GMT-05:00) Eastern Time (US & Canada)
This session focuses on building dashboards, reports, and scorecards using the Microsoft Business Intelligence stack (SQL, SharePoint, and Microsoft Office).
Creating Business Intelligence SharePoint 2010, SQL2012 & Windows Server 2012
- 4:00 PM - Saturday, June 23, 2012 - Location: 161 UCSD
- This session will cover topics such as SharePoint 2010, with Windows 8, and SQL 2012 PowerPivot, Visio Services PowerView PerformancePoint , Reporting Services, Excel Services, KPIs, and much more... Also, receive an 8GB Flash Drive filled with FREE SharePoint content for your participation during the session.
Discover why your next SharePoint project will use SQL Server 2012
Developing List Definitions & Event Receivers with Visual Studio 2012
- 1:30 PM - Saturday, June 23, 2012 – Location 161 UCSD
- This session demonstrates how to create a List Definition with a corresponding List Instance, and then attach an Event Receiver to the list to perform some tasks like rename and archive. The objective of this session is to learn how to build List Definitions, List Instances, and Event Receivers using Visual Studio 2012 with a discussion on the enhancements built into Visual Studio 2012.
Along with how to use the Developer Dashboard in SharePoint 2010. The DEV environment is Windows 8, SQL2012, both Visual Studio 2010 /11 Beta, and SharePoint 2010. Also, receive an 8GB Flash Drive filled with FREE SharePoint content for your participation during the session.
• Create a SharePoint List Definition Project with List Instance
• Customize the SharePoint List Definition and List Instance
• Add an Event Receiver
• Enable the Developer Dashboard
• Use the Developer Dashboard
Search and Enterprise Content Management - Find your content now!
- 2:45 PM - Saturday, June 23, 2012 – Location 161 UCSD
- How many of you have copied contents from File Shares only to find that you can still not find anything just not find it faster?
I will show with a few simple steps how to implement automatic tagging or in place tagging so you don’t have to wait for your next migration or force management to use s spreadsheet to identify every document by using Boolean search not just synonyms as part of your Term Set.
If you choose to only use the Enterprise Keyword Settings on every document library I will give you a script to enable this feature on every document library. If you choose to use your own site columns I will provide a script that will make your Content Type the primary and apply it to every document library, then show how to modify the search result refiners so that you can drill through your search results. You don't have to wait to make search work. Also, receive an 8GB Flash Drive filled with FREE SharePoint content for your participation during the session.
Do it now SharePoint Search ROCKS
Also, don’t forget to register for SoCalCodeCamp in San Diego June 23rd and 24th and SharePoint Saturday San Diego June 30th...AND dont forget to let us know how you like or dislike our sessions using SpeakerRate.com and rating each of our sessions so we can improve them for you!
The Administration Toolkit contains additional programs that Microsoft developers created while working on Windows Rights Management Services (RMS). We found them useful in troubleshooting registry overrides, intended and allowed us to make modifications and get information about the environment.
We have taken great care to ensure that the tools operate as they should, but they are not part of Windows RMS and are not supported by Microsoft. For this reason, Microsoft technical support is unable to answer questions about this toolkit.
Note: The administration toolkit is designed for use on servers with US-English regional options.
The following tools are included in the toolkit. To learn more about a tool, open the Readme file for the tool:
AD SCP Register
Use this tool to register or unregister a service connection point in Active Directory.
- Get RMS SCP
Use this tool to validate the current service connection point registered in Active Directory
- IRM Check
For enterprises that are using RMS with Office System 2003. Use this tool to create an html-based report of the client configuration, Office version, registry keys, and other settings that impact the RMS system.
- RMS Cert Analyzer
Use this tool to check the certificate chain on a given rights account certificate, view rights data and certificate information.
- RMS Config Editor
Use this tool to easily view and edit data in the RMS configuration database.
- RMS Event Viewer
Use this tool to map RMS log entries to events, enabling the logs to be viewed using the Event Viewer.
- RMS Log Analyzer
Use this tool to analyze the log file of your RMS server to track server errors, query for specific users, and other logged events.
- RMS Queue Recovery
Use this tool to recover logged events from the MSMQ dead letter queue.
- RMS Service Locator
Use this tool to provide a report of all the URLs that RMS uses.
Note: For information about implementing, deploying, and administering RMS, see the RMS TechCenter http://go.microsoft.com/fwlink/?LinkID=42498
IRM Check - Configuration Test
As time permits I will continue this series and write about the additional tools… Most if not all of the additional features require .Net 3.5.
Also, the only tool I found that did not work was the RMS Log Analyzer as can be seen from the screenshot below. I haven't had the chance to debug but it looks like a table wasn’t created when you create the DRMS_Log_Admin Db
SharePoint Information Rights Management (Health model) http://technet.microsoft.com/en-us/library/cc560952(v=office.12) Pretty much very EventId associated with SharePoint IRM this link is invaluable
I have included below for your review and use a copy of a document that I recently created for a 3 Server DEV environment for SharePoint IRM
Create Service Accounts
User Logon Name
Server Names Operating System and Role / Applications
Roles / Applications
Windows Server 2012
AD DS, ADRMS, DNS
Windows Server 2012
SQL Server 2012
Windows Server 2012
AD RMS Installation
1. Log on to Domain Controller DSI-DC1 as administrator.
2. Click on Desktop then click Server Manager then click Manage and Add Role and Features
3. Read the Before You Begin section, and then click Next.
Add Role AD RMS
On the Select Server Roles page, select the Active Directory Rights Management Services check box.
Add Required Features
The Add Required Features page appears informing you of the AD RMS required role services and features. Click Next.
Select Additional Features
The Add Additional Features page appears, Click Next
Active Directory Rights Management Services Introduction
Read the AD RMS introduction page, and then click Next.
Select Role Services
On the Select Role Services page, verify that the Active Directory Rights Management Server check box is selected, and then click Next.
Web Server Role (IIS)
Read the Web Server Role (IIS) introduction page, and then click Next.
Select Role Services
On the Select Role Services page, verify that the Web Server Services, and then click Next.
Confirm Installation Selections
Confirm the AD RMS Installation selections, and then click Next.
Active Directory Rights Management Configuration
Create a new AD RMS Cluster
Click the Create a new AD RMS root cluster option, and then click Next.
Select Configuration Database Server
Click the Specify a database server and a instance option type DSI-SQL , and choose Default Instance, then Click Next. If you have any issues connecting to the instance you may have to enable the SQL Brower. This is especially the case if you are configuring AD RMS on Windows Server 2012 that has the AD DS Role.
Specify Service Account Requires Domain Admin User Rights
Click Specify, type DIMENSION-SI\ADRMSSVC, click Next.
Specify Cryptographic Mode
Specify Key Storage Mode
Ensure that the Use AD RMS centrally managed key storage option is selected, and then click Next.
Specify Cluster Key Password
Type a strong password in the Password box and in the Confirm password box, and then click Next.
Specify The AD RMS Web Site
Choose the Web site where AD RMS will be installed, and then click Next. In an installation that uses default settings, the only available Web site should be DEFAULT Web Site.
Specify Cluster FQDN
Click Connection Type Use an SSL-encrypted connection (https://). In the Fully-Qualified Domain Name box, type https://adrms.dimension-si.com, and then click Next
Choose SSL Certificate
Click the Create a self-signed certificate for SSL encryption option, and then click Next.
Name the Server Licensor Certificate
Type a name that will help you identify DSI-DC1-ADRMS in the Friendly name box, and then click Next.
Register Service Connection Point
Ensure that the Register the AD RMS service connection point now option is selected, and then click Next to register the AD RMS service connection point (SCP) in Active Directory during installation.
Confirm Installation Selections
Click Install to provision AD RMS on the computer. It can take up to 60 minutes to complete the installation and Click Close.
Confirm Installation Results
Log off the server, and then log on again to update the security token of the logged-on user account. The user account that is logged on when the AD RMS server role is installed is automatically made a member of the AD RMS Enterprise Administrators local group. A user must be a member of that group to administer AD RMS
By default, the AD RMS cluster server certification pipeline ACL is configured to allow only the local System account. You must add the permissions in order for Office SharePoint Server 2010 to integrate with AD RMS.
Add DSI-SP2010 to the AD RMS Certification Pipeline
1. Log on to DSI-DC1 as DIMENSION-SI\Administrator.
2. Click Start, and then click Computer.
3. Navigate to C:\Inetpub\wwwroot\_wmcs\Certification.
4. Right-click ServerCertification.asmx, click Properties, and then click the Security tab.
5. Click Advanced, click Enable Inheritance, select the Include inheritable permissions from this object's parent check box, and then click OK two times.
6. Click Edit, and then click Add.
7. Click Object Types, select the Computers check box, and then click OK.
8. Type DSI-SP2010, and then click OK.
9. Click OK to close the ServerCertification.asmx Properties sheet.
By default the Read & execute and the Read permissions are configured for the DSI-DC1 computer account object and all other accounts inherited from the parent folder.
10. Click Start, and then click Command Prompt.
11. Type iisreset, and then press ENTER.
Once the AD RMS cluster certification pipeline is inheriting and you have added DSI-SP2010, you must configure Office SharePoint Server 2010 to use the AD RMS cluster:
SharePoint 2010 Information Rights Management Configuration Guidance
Before using IRM, you must have a Windows Rights Management Services (RMS) server to connect to. In addition, you must have installed the Windows Rights Management Services Client Service Pack 2 on every front-end Web server in the farm running SharePoint Server 2010.
SharePoint IRM Configuration Step by Step
1. On the SharePoint Central Administration Web site, in the Quick Launch, click Security.
2. On the Security page, in the Information Policy section, click Configure information rights management.
Central Administration > Security > Information Rights Management
Use the default RMS server specified in Active Directory Select this option if your organization has specified an RMS server in Active Directory Domain Services (AD DS) and Click OK
Event Log Errors and Reference
If you are unable to open a document from an IRM protected library you may receive two similar events
Event ID 5085 (Windows SharePoint Services health model)
Event ID 5065 (Windows SharePoint Services health model)
As the event states the most likely event is the User email Address has not been configured. However, the documentation has not been updated to support SharePoint 2010. The SharePoint 2010 Architecture has change and you now must ensure that the User Profile Service has synced.
If users attempt to open IRM Protected documents prior to the sync, they will NOT open and you will receive the two errors 5065, 5085 listed above in the event log. Unfortunately, the two references I list above do not allow for comment or I would have added the comment to the technet library
Original release date: June 04, 2012 Source: US-CERT Alert TA12-156A
- All supported versions of Microsoft Windows, including:
- * Windows XP and Server 2003
- * Windows Vista and Server 2008
- * Windows 7 and Server 2008 R2
- * Windows 8 Consumer Preview
- * Windows Mobile and Phone
- X.509 digital certificates issued by the Microsoft Terminal Services licensing certificate authority (CA) can be illegitimately used to sign code. This problem was discovered in the Flame malware. Microsoft has released updates to revoke trust in the affected certificates.
- Microsoft Security Advisory (2718704) warns of active attacks using illegitimate certificates issued by the the Microsoft Terminal Services licensing certificate authority (CA). There appear to be problems with some combination of weak cryptography and certificate usage configuration. From an MSRC blog post:
We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.
Security Advisory 2718704: Update to Phased Mitigation Strategy What we found is that certificates issued by our Terminal Services licensing certification authority, which are intended to only be used for license server verification, could also be used to sign code as Microsoft. Specifically, when an enterprise customer requests a Terminal Services activation license, the certificate issued by Microsoft in response to the request allows code signing without accessing Microsoft's internal PKI infrastructure.
The following details about the affected certificates were provided in Microsoft Security Advisory (2718704):
Certificate: Microsoft Enforced Licensing Intermediate PCA
- Issued by: Microsoft Root Authority
- Thumbprint: 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70
Certificate: Microsoft Enforced Licensing Intermediate PCA
- Issued by: Microsoft Root Authority
- Thumbprint: 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08
Certificate: Microsoft Enforced Licensing Registration Authority CA (SHA1)
- Issued by: Microsoft Root Certificate Authority
- Thumbprint: fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97
- An attacker could obtain a certificate that could be used to illegitimately sign code as Microsoft. The signed code could then be used in a variety of attacks in which the code would appear to be trusted by Windows. An attacker could offer software that appeared to be signed by a valid and trusted Microsoft certificate chain. As noted in an MSRC blog post, "...some components of the [Flame] malware have been signed by certificates that allow software to appear as if it was produced by Microsoft."
- It is important to act quickly to revoke trust in the affected certificates. Any certificates issued by the Microsoft Terminal Services licensing certificate authority (CA) could be used for illegitimate purposes and should not be trusted.
- Apply the appropriate versions of KB2718704 to add the affected certificates to the Untrusted Certificate Store. Updates will reach most users via automatic updates and Windows Server Update Services (WSUS).
Revoke trust in affected certificates Manually add the affected certificates to the Untrusted Certificate Store. The Certificates MMC snap-in and Certutil command can be used on Windows systems.
The easiest way to start getting used tg the new features in SQL 2012 and to compare the differences between SQL2012 and older releases is to download the Demo Image XII: SQL 2012 is to download the VHD from here http://www.microsoft.com/betaexperience/pd/BIVHD/enus/ its 21.6GB and around 60 GB when extracted. Its basically download, extract, import into your Hyper-V environment and your good to go
Self Service BI
Telco Contoso Communications
Bing Mapping Tool
Drill Down of the Bing Mapping tool
Please note that this zip file needs to be extracted using either WinZip or WinRar
File Name: SQL Image 2012.zip
Date Published: 5/11/2012
Download Size: 21.6GB
The Base ImageX Server is a virtual machine that can be hosted in Hyper-V that allows a user to test out the latest Business Intelligence features of SQL Server 2012. The virtual machine has been configured to support the use of PowerView reports, PowerPivot Excel documents and various content packs allowing the user to explore the capabilities of SQL Server 2012. Working with the demos that can be installed on the ImageX server the user will have a clear picture of how the SQL Server 2012, Office and SharePoint tools support and enhance the self-service business intelligence environment.
Supported Operating Systems:
Windows Server 2008 SP2 with Hyper-V Role installed
8GB ram allocated to the SQL Image 2012 VM
Minimum 80GB hard drive space – 250GB recommended
Minimum 1 Virtual Processor allocated to the SQL Image 2012 VM – 2-4
BTW as in my presentation in runs on Windows 8 and Windows Server 2012