Archive for the Computer Stuff Category

Sharepoint Master Calendar

Posted in Computer Stuff with tags on March 18, 2009 by hotpoo

As you probably know (or don’t care), Sharepoint 2007 does not allow for list data to be easily ported across site boundaries. I think this is silly, especially not being able to share list data from a parent site to a child site. I’ve been obsessed lately with finding the supposed holy grail of Sharepoint 2007: the Master Calendar. There are commercial solutions to to this (BambooSolutions supposedly has the best list roll-up and master calendar web parts), but I wanted to find a way to do this for free. Much to my surprise, there are some solutions that even a neophyte like me can digest. As a result, I have been able to create a master calendar (note: not a roll-up calendar) for our MOSS site structure. It was doable pretty much out of the box, with the exception of needing SharePoint Designer for customizing views and filtering the DataForm WebPart.

I’m not a Sharepoint Guru by any stretch of the imagination. I did a lot of research to find a solution for this, and happened upon a small amount of information I could actually understand. My particular take on the Master Calendar is simply a combination of different solutions:

  1. Created a “Team Calendar” on the parent site.
  2. Created a series of filtered views (based off of event types and other specific columns) for each of the different regions and teams. Note, you will need to remove the “_hidden” flag from the event content types to filter in the manner.
  3. Remove all calendar lists from each of the sub-sites.
  4. Link to the specific filtered master calendar view lists on each of the sub-sites.

Endusersharepoint.com has an interesting take on this strategy, using LyteBox to display a pop-up of the Master Calendar. Unfortunately, I don’t care for the LyteBox interface (too processor consuming on older systems), and would prefer to have something I could just look at by going to a main page (rather than clicking on a link). Mark Miller did host a pretty good online class on the LyteBox solution, that wasn’t particularly expensive. He explains event type content filtering extensively, and hooks you up with the LyteBox java script. If you are new to this, it might be worth the $70 (provided that they are still hosting the classes).

Rather than using LyteBox, I opted to use the DataForm WebPart, and just filter the views of the different pages. Ironically, in my search to find different ways to filter the list data, I ran across Susan’s Blog. This is similar to what I set up, and she has some very easy to follow instructions and screen shots.

An alternate to this would be to merge several different calendars together, and view the list in a DataForm. Corro’ll Driskell has a simple to follow page on this. The only downside is that the data from the multiple lists is just merged into a data source, rather than updating each other. So, it’s not really a “Calendar Roll-Up” solution, but would allow one to poll specific calendar data from multiple sources. Might be good enough to appease a manager somewhere.

The only thing I’m not really satisfied with is the default List View of the DataForm. Due to amount of data we port into our team calendar, it’s actually a good view for the main page of the parent site. However, I would prefer the standard “Calendar View” for the main pages of the team sub-sites. By default, this is not an option unless you link the SharePoint List Toolbar to the DataView WebPart. This doesn’t work, though, if you are pulling a list from a parent to a sub-site. You’ll get some “error rendering control” messages where the toolbar should appear. This effectively kills your site until you remove the toolbar.

Neil Richards apparently discovered the cause of this issue, and has isolated a simple solution. Unfortunately, I have no idea what he is talking about.

It’s simple enough to copy the parameter from the subsite dataview into the masterpage dataview.

<WebPartPages:DataFormParameter Name=”WebURL” ParameterKey=”WebURL” PropertyName=”ParameterValues” DefaultValue=”/”/>

Can any of you interweb eggheads out there make sense of this? Where does one find the elusive “masterpage dataview?” Search as I may, I cannot find it. Alternatively, could one convert a standard list view into a calendar view? I’m assuming you could apply the correct css stylesheets, but I’m not smart enough to figure this out on my own. I will reward 40 virgins to the first person that can come up with an acceptable solution (that I can comprehend).

15 Comments »

Analysis of Conficker

Posted in Computer Stuff with tags on February 20, 2009 by hotpoo

In case you were curios, SRI has an excellent analysis of Conficker’s Logic and Rendezvous Points. Again, a brilliant piece of software.

Leave a comment »

Conficker Fix Script

Posted in Computer Stuff with tags on February 18, 2009 by hotpoo

The conficker worm is a remarkable piece of code. I’ve been impressed with its ability to spread and re-infect, and the drastic number of changes it makes to a system once infected. The scary part is that this particular botnet is pretty much inactive at the moment. Whatever code it was supposed to retrieve and run has not yet come online yet. Either it grew too fast and frightened the developers into keeping it inactive (there is a lot of speculation that it was supposed to be a “botnet for sale.” organized crime has been buying a lot of these of late.), or the sleeper has not yet awakend. If the latter is the case, it is going to cause some serious trouble. No one company is certain of the number of infected systems globally, but estimates range from 15 million to 50 million. I suspect the middle-ground is a safe estimate.

Anyway, it’s been kicking my ass at work for a couple of weeks now. Part of our environment is pretty well locked down: domain joined systems with strong alpha numeric admin passwords, auto updates, and regular dat updates. The other part of our environment (that which deals with the test computers, build systems, and demo microscopes) has never really been regulated. As a result, there has been nothing enforced on the systems… computers are out of date, AV isn’t updating, admin passwords are unknown (but probably blank or super-simple passwords like “password”), and a lot of the same user accounts and passwords used on all systems. This is pretty much the environment the worm was designed to exploit. The systems would be cleaned, then reinfected within minutes. Good times.

I spent a lot of time studing solutions, trying different fix utilities, and trying to elimiate common variables. It didn’t help that there is a lot of conflicting information online about this. Nor does it help that none of the removal utilities can revert the changes that the worm makes to the system (removing infected system restore points, removing scheduled tasks, re-enabling services, etc). Since we needed to roll a solution to the field that didn’t involve less than saavy service tech tinkering around in the registry, I chose to draft up a quick little “fix” batch script. It’s not perfect, but it automates some of the fix utilities and reverts a bit of the changes made to the systems. It’s not perfect, but our reinfection rate has dropped to ZERO. I’ll add some notes in italic… you may not want to use all of these… all depends on your environment.

net stop server /y (temporarily stops the server service to prevent re-infection while the system is being cleaned)

KidoKiller.exe -y (runs the sophos kidokiller and automatically removes memory resident / file resident infection… in our testing, seemed to work just as well as the MRT)

AT /Delete /Yes (deletes all AT-created scheduled tasks)

net stop “Task Scheduler” (temporarily stops the task scheduler to prevent further AT task creation until the virus has been cleared from the system)

sc stop “srservice” (stops the system restore service)

sc config “srservice” start= disabled (perminently disables the system restore service… sorry, but it sucks just for this reason)

cacls “c:\System Volume Information” /E /G %username%:F (grants full access to the “system volume information” folder on c: to the current user)
rd “c:\System Volume Information” /s /q (deletes the “system volume information” folder and any contents)

sc config “wuauserv” start= auto (resets Windows Update service to “automatic”)
sc config “bits” start= demand (resets BITS service to “manual”)
sc config “ersvc” start= auto (resets Error Reporting service to “automatic”)

net user administrator ****** (changes the admin password… use a strong alpha numeric instead of ******, of course)

reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 0x1 /f (disables the policy that the virus adds at infection… you will be able to reselect “show hidden files / folders” after the policy is disabled)

reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDriveTypeAutoRun /t REG_DWORD /d 0xff /f (completely disables autorun / autoplay from all drives… might be a bit overkill, but you can change the reg dword value to something that suits your environment better. more information below)

reg.exe add HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareWks /t REG_DWORD /d 0x00 /f (this is dangerous, and probably will not be a good idea for domain environments. this will kill all the administrator shares on the system… c$ may not get much used, but admin$ is very important… it may be better to take this out of the script unless you absolutely cannot clean the virus from your network environment)

WindowsXP-KB958644-x86-ENU.exe /passive /norestart (passive install for MS08-067)

WindowsXP-KB957097-x86-ENU.exe /passive /norestart (passive install for MS08-068)

WindowsXP-KB958687-x86-ENU.exe /passive /norestart (passive install for MS09-001)

windows-kb890830-v2.7.exe (runs the microsoft malicious software removal tool… quick scan is probably fine for conflicker removal… may not find anything as kidokiller already ran)

cls

echo off

echo You need to restart your computer as soon as possible!

pause

You’ll need to put the following files in the same directory:

KidoKiller.exe (from sophos)

WindowsXP-KB958644-x86-ENU.exe (MS08-067 patch)

WindowsXP-KB957097-x86-ENU.exe (MS08-068 patch)

WindowsXP-KB958687-x86-ENU.exe (MS09-001 patch)

windows-kb890830-v2.7.exe (microsoft malicious software removal tool)

This script will only work for Windows XP. You can modify it a bit for Windows 2000… just pull the System Restore junk, and get a copy of reg.exe off the workstation cd. I don’t think the SC commands will work in 2000, so you’ll need to modify the services via reg.exe (should be pretty easy to figure out). Obviously, you’ll need specific patches for windows 2000.

Now, I know that the only patch that is supposed to be needed is MS08-067. I’ve seen some documentation that also claims that the other 2 should be installed as well. Can’t hurt, and definitely seems to have solved some of our reinfection problem.

Some other information of note about the “auto run” issue: US-Cert Security information, and a Knowledge Base article on different ways to disable via the registry and policy. Just disabling flash drives should be enough.

Good luck!

-edit-

SC.exe will work on a 2k system. Just copy over the file from an XP system.

4 Comments »

Testing… testing… is this thing on?

Posted in Computer Stuff with tags on January 7, 2009 by hotpoo

I’m trying out a new app that should allow me to update the blog via my phone. I am such a geek…

Leave a comment »