J Wolfgang Goerlich's thoughts on Information Security
Delegating to Strengths

By wolfgang. 20 May 2008 22:05

Let's talk about weight training. My son Joe has been in weight training for two years now. This is one hour per day spent in a fully equipped gym. I started working out with Joe this January. I do this about a forty-five minutes every day with our home weight set. When we started, Joe could bench about 100 pounds. He is now around 150. I finally hit 100 pounds. He has the advantage of working out twice as much as me on a given week and having a eighteen month head start.

No matter how good of a coach Joe is, no matter how inspiring his speech or actions, there is no way he could delegate me lifting 150 pounds. I just do not have the physical strength at this point. Shifting gears to mental strength, there are some tasks that require years of experience and practice to execute. These I need to do rather than delegate. The trick is in determining which tasks these are.

Tags:

SQL Tip: Last Update Time

By wolfgang. 17 May 2008 06:18

How do you get the time a table was last updated?

SELECT OBJECT_NAME(OBJECT_ID) AS DatabaseName, last_user_update FROM sys.dm_db_index_usage_stats WHERE database_id = DB_ID( 'MyDBname'') AND OBJECT_ID=OBJECT_ID('MyTableName'');

Tags:

WinBoot/I -- Check it Out

By wolfgang. 9 May 2008 16:45

My top priority is delivering IT services in a flexible and agile fashion. This means shifting services from one site to another, from one computer to another, or even from one computer to a virtual machine. WinBoot/I plays an important role in achieving this vision.

The services' performance and business value dictate the hardware resources we commit. WinBoot/I then enables us to seamlessly move servers between iSCSI and FC, or between lower and higher capacity server hardware. WinBoot/I also enables seamless moves between physical hardware and virtual machines. At Munder, we put this flexibility to use in our disaster recovery planning for smooth transitions between production and recovery equipment.

WinBoot/I, in conjunction with our SAN, maximizes the value of my hardware investments. Check them out.

Tags:

Storage

Preventing scanning in paper

By wolfgang. 6 May 2008 08:41

Check out "Document security processes", US patent application 225,214. This details using a glossy mark technique wherein Xerox prints a glossy coat onto the paper. The coat prevents copying and scanning from the paper back to computers.

Tags:

Security

SSRS reports work on the server but not on the clients

By wolfgang. 1 May 2008 22:16

Symptom: reports work from the server. They do not work from client machines. "An error has occurred during report processing. (rsProcessingAborted). Cannot create a connection to data source 'MyData'. (rsErrorOpeningConnection). For more information about this error navigate to the report server on the local server machine, or enable remote errors."

Step 1: Set the server as trusted for delegation

  • Active Directory Users and Computers
  • Right-click SSRS Server, Properties
  • Delegation tab
  • (o) Trust this computer for delegation to any service (Kerberos only)

Step 2: Enable the service account to impersonate

  • Check the service account
  • Microsoft SQL Server 2005 > Configuration Tools > Reporting Services Configuration
  • Windows Service Identity
  • Web Service Identity
  • SSRS is generally running under Network Service (NT Authority\NetworkService)
  • Set the permissions
  • Administrative Tools > Local Security Policy
  • Add Network Service to: Act as part of the operating system; Impersonate a client after authentication 

 Step 3: Add the service principal name (SPN) for web services

  •  Install Support Tools
  • List the active SPN
  • CD C:\Program Files\Support Tools
  • Setspn -L SSRSServer
  • If HTTP SPNs do not exist, add them.
  • Setspn -A HTTP/SSRSServer SSRSServer
  • Setspn -A HTTP/ssrsserver.mydomain.com SSRSServer

 Step 4: Add the service principal name (SPN) for databases

  •  Check the service account
  • Check to see what service is running "SQL Server (Instance)"
  • Microsoft SQL Server 2005 > Configuration Tools > SQL Server Configuration Manager
  • SQL Server 2005 Network Configuration
  • Protocols for Instance: TCP/IP
  • Scroll to the bottom, IPALL
  • TCP Dynamic Ports: 3418
  • setspn -L DOMAIN\serviceaccount
  • If MSSQL SPNs do not exist, add them
  • setspn -A MSSQLsvc/SSRSServer:port DOMAIN\serviceaccount
  • setspn -A MSSQLsvc/ssrsserver.mydomain.com DOMAIN\serviceaccount

 Step 5: Modify the Data Sources

  • http://ssrsserver.mydomain.com/Reports
  • Data Sources
  • Edit the data source
  • Connection string: Data Source=ssrsserver\instance;Initial Catalog=MyDBname;Integrated Security=SSPI
  • (o) Windows integrated security

From the desktop, open SQL Server Management Studio. Create a new connection

  • Server type: Reporting Services
  • Server name: http://ssrsserver.mydomain.com/ReportServer
  • Authentication: Windows Authentication
  • Click Connect and it will now open up reporting services.

Tags:

Troubleshooting

    Log in