Speedy Forum and Help

Reprinted from Smithosian Archives

Checklist of Good Filing Practices

Does your filing system reflect the activities of your office and how they are conducted?

Is your filing system easy to understand and use?

Is there an up-to-date manual for filing procedures?

Do you have a “controlled vocabulary” for all file categories (or series) and all subject titles?

Do you have an index or listing of all folder titles?

Does your file plan also take into account your electronic records?

Does your file plan set rules to determine when to print a record and when to maintain it electronically?

Do subject categories and folder titles for your paper records match those for your electronic records when records in both media relate to the same subject or category?

Are all folders titled and clearly labeled?

Do folder titles include dates?

Are your records of common interest centralized?

Do all office staff know where central files are located and what should be filed?

Are records coordinated so that duplicate copies are not kept elsewhere?

Do you use “out cards” to keep track of borrowed files?

Are your file drawers uncrowded so that papers can be easily filed or removed?

Do you use color coding to provide physical division among file categories (or series), or fiscal years?

If using hanging folders, are papers kept in easily-removable, labeled folders within the hanging files?

Return to Top

File Plans

A file plan is a written procedure for organizing files based upon a specific system (e.g., alphabetic, numeric, subject, functional, etc.). It provides structure to unorganized or inadequately arranged records for better control, maintenance, and access. A plan provides a broad perspective of unit activities and reflects what and how a unit conducts its business. At the same time, the file plan should address the unique needs of an office, and should be clear and consistent.

General Recommendations

Intellectual Control: Standardize Terminology

•Establish a policy of a “controlled vocabulary” for all file categories (or series) and all subject titles. Use the SI phone directory or a similar comprehensive source document to standardize facility and unit names.
•Assign a staff member with the responsibility of creating a “thesaurus” of file terminology. Once this is established, place the information in a Master File in electronic format for staff reference. The same staff member should be responsible for maintaining and updating the Master File, as necessary.
•Assign a staff member with the responsibility of creating and maintaining a “Location Index to File Subjects” in electronic format and place it in the Local Area Network (LAN). The index will be used to assist all staff in identifying the correct location of office files. The index should also be used when filing and retrieving records.
Intellectual Control: Standardize Filing System

•Routine administrative files should be filed by process, and thereafter, chronologically by fiscal or calendar year. For example, travel, personnel, and requisitions are to be filed in distinctive series.
•Avoid use of large A-Z filing systems.
Intellectual Control: Adopt Central Files

•Central files are files created and/or accumulated by several staff members or organizational units and are maintained in a central location so that they can be used and accessed by more than one person.
•The central files are the official set of records (record copy).
•Assign a staff member to be the file administrator, and he or she should create rules and procedures for filing.
•Rules and procedures should be widely distributed and accessible to all staff. They should also be in an electronic file, and placed on the LAN.
•Staff members should not amass unique files in their individual offices. They should file all unique documents into the central files.
•Use “OUT” cards when removing files from the central files. An “OUT” card will identify who has taken a file and when. Search and retrieval time will then be minimized and the chances of losing/misplacing files will be reduced.
•Not all central files need to be maintained in the same physical space, but individual series should be kept together.
•A well maintained central filing system will become a valuable and reliable source of the most complete set of records if all staff members routinely exercise good filing practices.
Physical Control: Storage Methods

•Use color coding to provide a physical division among file series for easier identification and classification (e.g., red folders for travel files, yellow files for personnel, etc.)
•Establish a policy of good files maintenance practices throughout the office. For example, reduce “bulky” files by using more folders, file alphabetically or chronologically, label the files consistently, etc.
Staff Responsibilities

•Assign one or more staff members in your office as file administrators. Include file management responsibilities in the appropriate annual performance plans for designated staff members. Such responsibilities include: establishing filing policies and procedures for central files; establishing and maintaining standard terminology for SI facilities, museums, bureaus, and offices; establishing and maintaining a location index to subject files; establishing and maintaining terminology in electronic file(s); and working with SIA to retire appropriate files.
Retire Files to the Smithsonian Institution Archives

•Assign one or more staff members with the responsibility of retiring files to SIA or to its Records Center. These staff may also be the file administrators. Have staff work closely with the Archives on implementing and refining the disposition schedule so that records may be regularly retired or destroyed according to the schedule.
Return to Top

Weeding Records

When preparing records for transfer to the Archives, please discard the categories of materials listed below. The result is significant savings in storage space, and faster and more efficient retrieval of information for research purposes. Extensive weeding is necessary when the records contain large numbers of information or duplicate copies of documents. Transfer only those materials that are original to your department or that you play an active role in creating. Before transferring the records, please contact a Smithsonian Institution archivist at (202) 633-5870. The archivist will conduct an appraisal of the records to determine whether they should be permanently maintained in the archives, temporarily stored in its Records Center, or discarded immediately.

The records listed below will not be transferred to the Archives unless your office is the “office of record” (i.e., the originating office).

•Drafts: Archives should receive only the final version of a document. Transfer draft copies only when significant comments or annotations appear.
•Routine Correspondence: Including letters of transmittal or cover letters that merely forward an enclosure and add nothing to the content of the item transmitted; meeting announcements; address changes; invitations; acknowledgments; reservations; confirmations; travel itineraries; and routine requests for general information, such as brochures and catalogs.
•Memoranda: Only those memoranda sent by your department bearing on your programmatic responsibility should be transferred to the Archives. Discard those concerning routine matters, such as holidays, vacation schedules, etc. Retain those concerning policies, procedures, and collections.
•Routine Administrative Records: Including purchase orders, travel vouchers, requests for building services and maintenance, time sheets, applications for leave, training files, etc.
•Faxes: Copy all significant communications received on thermal fax paper to regular bond paper. Thermal copies will be virtually unreadable in a few months. Discard them.
•Research Material: Clippings; photocopies of published materials; and photocopies of archival materials collected as background, informational, or research material. Maintain research material until administrative or reference need no longer exists, or offer to registrarial staff.
•Object Photographs: Original and copies of images of objects in the museum collections; objects borrowed from other collections; and objects considered for use in exhibitions. Maintain object photographs with the collection or offer to registrarial staff.
•Miscellaneous: Multiple copies of documents or photographs; supply and vendor catalogs; envelopes (unless annotated); blank forms; advertisements and promotional materials; and obsolete equipment manuals and warranties.

http://technet.microsoft.com/en-us/library/ms345149.aspx

SQL Server 2005 Express Edition Technical Articles
Securing Your SQL Server 2005 Express Edition Server

William Vaughn
Beta V Corporation

Applies to:
Microsoft SQL Server 2005 Express Edition Beta 2
Security

Summary: Get introduced to SQL Server Express, learn how to install and configure it in a secure manner, plus get information on the basics of SQL Server security. (15 printed pages)

Contents
What is SQL Server Express?
What Is a “Secure” System?
What Are the Issues?
How Does SQL Server Express Address These Issues?
Installing SQL Server Express Edition
Connecting (Gaining Access) to SQL Server Express
SQL Server Security General Guidelines
Summary

What is SQL Server Express?
The SQL Server 2005 Express edition is the replacement for the Microsoft Desktop Engine (MSDE) edition of Microsoft SQL Server. Its architecture has been completely redesigned to enable you to install and use it as you would Microsoft Access/JET databases—but without the problems associated with that approach. SQL Server 2005 Express Edition goes a long way toward building a better solution for applications that need:

A replacement for JET databases. That is, a DBMS that can be taken over by an IT department if needed, one that meets HIPA security requirements, one that uses all of the power of SQL Server to protect data and referential security and do all of this regardless of how the user mistreats it. (HIPPA or HIPAA (often shortened to HIPA) refers to federal legislation that requires robust security and access protections be placed on databases storing personal healthcare information.)
A DBMS that can scale from a single user to several dozen users without upgrading to SQL Server Standard edition—and without having to worry about a governor degrading performance when it’s needed most.
A DBMS that can work as easily on a small Web site as well as in a client/server configuration.
A DBMS engine that can be easily installed and updated in place when service packs are made available. This means setup routines that are easily integrated into your application’s deployment scripts.
A DBMS that can be accessed by simply pointing to a DBMS file installed with, or passed to, an application. Because SQL Server Express is designed to permit databases to be attached on the fly, it’s easier than ever to use “loose” SQL Server MDF database files and deploy them with your application. This makes it far easier to deploy a stand-alone SQL Server Express database .MDF file, as could be done with JET databases.
A standard way to refer to a shared instance of SQL Server. When SSE is installed, by default it’s installed with the same instance name: SQLEXPRESS. This means your application’s connection string can more easily target SQL Server Express whether it’s installed on the local system or on the local area network, assuming the application setup routines take advantage of this feature. I’ll talk about instance issues a little later.
My new book, Hitchhiker’s Guide to Visual Studio and SQL Server 2005 (Addison Wesley), will have an entire section on SQL Server 2005 Express Edition, but for this article, I’ll limit my focus to managed security using SQL Server 2005 Express Edition Beta 2. Along the way I’ll discuss:

What is a “secure” system? What does security mean for a small system?
What issues are MSDE developers facing?
How does SQL Server Express address these issues?
How do applications gain access to SQL Server Express databases?
How do you protect your SQL Server Express database?
Note At the time of this writing, the SQL Server 2005 Express Beta 2 should not be used in a production system, exposed on the Web, or used outside the EULA restrictions.
What Is a “Secure” System?
Before we wade hip-deep into a discussion of the technical merits of SQL Server 2005 Express Edition and how to configure its security features, I think it makes sense to define what security really means. Sure, for a small business or departmental system, when the data server is compromised or its data is lost or corrupted, the company is just as vulnerable to failure as a large one. SQL Server Express can reside on a Web server to provide SQL Server services for ASP applications. Therefore, uptime, reliability, and security also mean the ability to expose information to Web server applications, but not be vulnerable to Web-sourced attacks. SQL Server Express is also ideal for the “paradeveloper” who writes code and builds applications as a sideline. These doctors, lawyers, receptionists, and taxicab drivers all need a simple, safe and reliable way to store and retrieve data without having to worry about what’s being done for them behind the scenes.

Security also includes those steps the application designer and developer take to prevent data loss, whether that loss is due to accident, neglect, or malicious attack. Security means keeping out those that should not have access to the data, and protecting the physical files and the system itself. It means making backups and being able to perform restores seamlessly. With SQL Server Express systems, this is especially challenging, because as often as not, there won’t be a dedicated systems administrator or IT department to step in and perform periodic backups or put the system back together from the pieces when it falls over. Having a secure system means you keep your job (and perhaps get a promotion) when problems occur and your application recovers quickly, quietly, and efficiently. I’ll point out a number of things you can do to make your applications more durable, less prone to attack, and easier to maintain.

What Are the Issues?
I’ve been extolling the virtues of the MSDE edition of SQL Server for quite some time. That’s because I’m convinced that MSDE is a far better solution for applications that need a “few-user” data store, or where an application does not have access to a remote DBMS engine. While MSDE has been widely adopted by a large number of serious businesses, they often have to deal with a number of issues on their own—implementing non-standard solutions that sometimes conflict with other companies’ attempts to solve the same or other issues. These include:

Deployment: How is SQL Server installed along with an application? There is a litany of related issues here. For example, what if SQL Server is already installed? What if the instance name collides with other existing instances? Should the application share an existing SQL Server instance or create a unique instance? What happens when the application that installed the shared SQL Server instance is uninstalled—should it also uninstall the SQL Server instance? If so, what happens to the other databases that instance is hosting?

Security: If you choose to share an instance of SQL Server, what password should be used for the SA? How can user accounts be setup? Should the application simply use integrated security managed by the domain controller? What if there is no Active Directory? How are databases installed on the target MSDE server? After installation, is the database visible to other applications on the server? How can applications hide proprietary data?

Performance: MSDE uses a governor that limits the number of simultaneous operations on the server. What if your single-user application needs to perform several operations at once but the governor kicks in and slows it down? Frankly, I’m not sure this issue is that widespread. I’ve heard very few people complain that the governor kicked in and made their application run too slowly. Sure, I’ve heard of applications not running particularly fast, but these were (generally) caused by brute-force queries or “challenged” database implementations.

Scalability: MSDE databases are limited to 2GB. What if you need to store more data than that? Does it mean you must upgrade your target systems to use a SQL Server Standard Edition that might cost more than the systems that expect to use it? Again, most of the complaints I’ve heard about involve when people stored binary large objects (BLOBs) like documents or pictures in the database. Once they replaced the BLOBs with a path to the BLOB file, their databases shrunk down to a reasonable size.

Tools: The MSDE version of SQL Server is the “deployment” configuration. As such, it does not include any tools needed to administer the server or the databases it manages. I usually recommend that developers buy the $49 (SRP) Developer Edition that includes the full suite of tools to manage their MSDE databases. However, due to licensing restrictions, these tools cannot be deployed with an application. This means developers have to build their own client-side tools or simply build needed functionality into their deployed applications.

Administration: Regardless of how it’s done, applications must take on quite a few administrative responsibilities. This is especially true for SQL Server Express systems where there is no “SA” (system administrator) at the keyboard. These admin responsibilities include managing the Login Account(s), permissions, backup, restore, and log maintenance. Your end user is not usually capable of, and should not be trusted to perform, these operations—it’s up to your application to do so. While JET databases needed periodic compression or repair, MSDE (and any SQL Server database) needs to periodically back up (and dump) the logs and database. This issue becomes fairly significant when the database is not managed centrally, where administrative and maintenance tasks can be more easily managed. Again, this is up to your application to do.

Service Packs: Since MSDE is often embedded in applications, users might not know that they have an instance of SQL Server installed. As such, they aren’t aware that they might need to post a SQL Server service pack to protect their data and systems from attack even if they see it on the 5 o’clock news. To help prevent some of the problems caused by worms and other attacking viruses, MSDE SP3(a) disabled network connectivity so applications are unable to connect to the server over the intranet (or Internet). The problem is that the service pack was not applied to many systems because users did not know it was necessary, nor did they know how to apply the patch. This issue notwithstanding, posting SQL Server updates to MSDE installations is problematic, as the Microsoft upgrades don’t always work with custom setup scripts used to deploy MSDE applications and databases.

How Does SQL Server Express Address These Issues?
Developers, architects, and IT managers all over the world have been discussing the aforementioned issues for several years. While there aren’t solutions to all of these problems, SQL Server Express has addressed many of them by making some fairly fundamental changes. Before you get caught up in the differences, it’s important to know what hasn’t changed. SQL Server 2005 Express Edition is still free (with the usual licensing and use restrictions), it still supports subscriber replication and virtually all of the same features as MSDE. The new SQL Server Express version cannot host Reporting Services, but it can be a data source for a server hosted on SQL Server 2000 Standard Edition. (For more information on SQL Server Reporting Services, see the Boost.net Web site.) By default, setup still disables the ability to expose the SQL Server Express instance to the network (as was first implemented in MSDE SP3). Let’s take a closer look at SQL Server Express to see how it addresses each of the issues

Deployment
SQL Server Express is designed to be downloadable over the Web and installed on a user system just like any other systems software. (This assumes that the system administrator installs SQL Server Express.) You can use the interactive Setup program (as I describe later), or run a command-line Setup executable. With the “quiet” mode, the user need not see any SQL Server Express setup dialogs at all.

When you install SQL Server Express, by default the Setup program attempts to create a common SQLEXPRESS instance. If it’s already in place, you’ll be given the choice of abandoning the Setup or choosing another instance name. The idea here is to get applications that use SQL Server Express to share a common instance, not create one of their own. This makes application configuration easier and reduces the memory and disk footprint on the user system as well.

If you uninstall your application, it’s also a good idea to uninstall any unique SQL Server Express instance you installed. However, Microsoft recommends that you leave any SQLEXPRESS instances in place unless you’re sure the system does not have any other dependent applications that use it. One way to determine this is to search the Master database for other databases that other applications might have attached or created.

Security
By default, SQL Server Express is configured to protect your data. As you install, you’re given the opportunity to further tighten security or loosen it depending on your requirements. One of the first decisions you’ll have to make is to choose how the setup utility configures the SQL Server Express instance. An “instance” is simply a copy of the program. Starting with the SQL Server 2000 version, SQL Server permits you to install several independent instances of the server. Each instance is treated like a separate entity: each has its own Master database, its own security configuration, and its own place on disk and in memory. When SQL Server Express is set up, each application (or you) must to decide if it can coexist with other applications using a shared instance of the server, or whether it requires its own independent instance. There are security issues associated with each configuration, as I outline below. Note that SQL Server Express permits you to install up to 15 instances, but I don’t expect folks to install more than one or two except in very special circumstances.

Installing a common instance
By default, SQL Server Express assumes that you want to create (or use) a common instance named “SQLEXPRESS”. You can also name a “common” instance, but this assumes that all programs you install know this unique name. If you keep the default name (SQLEXPRESS), other applications can automatically share this common instance. With this approach, all databases are managed by a single, shared Master database, and there is one SA password, which need never be revealed. When using a common instance, you might be able to see other installed databases and other applications might be able to see your database—unless you make sure that appropriate permissions are put in place. Generally, for home, hobbyist, or small office implementations, you don’t usually have to worry about one application disturbing data in another database. If you install a single common instance, only one set of SQL Server DLLs, caches, and other memory-resident structures are loaded into memory. This means only one SQL Server instance consumes CPU resources.

Installing an independent instance
During setup, if you set the instance name to your own value, the installation program creates an entirely independent version of SQL Server Express. This instance has its own Master database, its own files, DLLs, and memory footprint and its own SA password. Each independent instance starts a separate SQL Server service (program) that consumes CPU cycles, in addition to any other instances that might be installed. While this approach gives you more security in the sense that only those granted access to this instance can see the databases it manages, it’s more expensive to implement and maintain. That’s because each instance duplicates DLLs, caches, and other in-memory structures.

Installing the default instance
Another approach is to remove the instance name during setup. In this case, SQL Server Express is installed as the default instance, assuming there isn’t already a default instance installed. Only one server instance can be installed in this way. Again, if this is the only instance installed on your system there is very little difference between the other configurations, except when it comes time to connect to SQL Server Express, as I discuss later.

Choosing the System Administrator’s Password
The SA password is the key that unlocks the entire database. The system administrator is permitted to do anything with or to the databases or the information they contain. The SA can add, change, or remove databases—all without anyone knowing the changes have been made. It’s critical that this password be set correctly and protected.

When you install SQL Server Express using a common instance, there is only one SA password to worry about. Since the SA account is only accessible when you choose to install using Windows Authentication, the SA password need never be revealed. In any case, when you install SQL Server Express you’re asked to provide an SA password, but this could be set to a random (hidden) value in the released versions.

Microsoft recommends that you configure your SQL Server Express instance to use Windows Integrated Security Authentication. This means the computer and Windows domain system administrator accounts are granted full SA access to the SQL Server Express instance. Sure, you’ll need to be a computer or domain administrator to perform maintenance, install databases, and perform operations as simple as changing the database table values. This does not mean everyone who uses SQL Server Express should be an administrator. It does mean that, as part of the setup regimen, you’ll need to create a “user” or application Login and set appropriate permissions on the tables, views, functions, and stored procedures that your application needs. I discuss this in more detail later.

Performance
SQL Server Express has abandoned the concept of a “governor”. Frankly, I’ve rarely seen the governor slow any MSDE system down, but by dropping the governor, Microsoft has removed a point of confusion about the scalability of the SQL Server engine. SQL Server Express has ways to limit scalability. As configured in the Beta, SQL Server Express can only address 1GB of system RAM in the buffer pool. This limits the number of data pages and procedures in the RAM cache. Any SQL Server pro can tell you that the easiest way to improve performance is to add memory to the cache. Limiting visible RAM to 1GB means that you’ll (eventually) run out of performance as you add load to the SQL Server Express instance. Does that mean SQL Server Express can support 1000 users? Sure, if the load placed on the SQL Server Express instance is not that great. In the same way, 10 users could bog down SQL Server Express, especially if the application is not written very efficiently.

SQL Server Express is also limited to a single processor instead of being able to run threads on additional processors (up to two) if your system supports it. This limitation also tends to scale back the upper limit of the performance you can expect from SQL Server Express.

When an application using SQL Server Express ends, SQL Server does not shut down. There is no auto-shutdown option in the SQL Server Express version. Because of this, the SQL Server engine is left in memory and continues to consume system RAM and CPU resources even after your application has ended. It’s possible to write SQL Management Objects (SMO) routines to shut down the SQL Server Express instance, but this needs to be done only when you’re sure it’s not being shared by other applications.

Scalability
While MSDE databases were limited to 2GB, SQL Server Express database files are “limited” to 4GB. This means you can store twice as much data as before. Frankly, this puzzles me. I’ve worked with large corporate databases on a mainframe that fit nicely on a single 40MB disk pack. I guess people like to use the database to store a lot of documents and pictures of their pets. As with MSDE, the log file size is not limited—at least artificially. You still need to back up and truncate the logs periodically as I discuss later.

Tools
Microsoft has changed its approach to the tools as well. Even if you don’t count the new GUI setup, when you download the SQL Server Express Beta 2, a new version of OSQL, SQL Computer Manager (MMC snap-in) and SQLCMD command-line tools are included to help manage the SQL Server Express instance. In addition, Microsoft plans to have a new GUI tool (tentatively named SQL Express Manager) to perform the initial configuration and periodic maintenance of SQL Server databases. This tool, which will soon be available as a separate download, is basically a tool not unlike SQL Query Analyzer to do user account setup and maintenance and help write, test, and debug SQL queries. You won’t be able to connect to SQL Server Express with any other tools, including Management Studio or SQL Enterprise Manager. However, I expect that by the time it ships, SQL Server Express will be accessible from any of the current tools.

Administration
All of the tasks you had to do to administer MSDE have to be done with SQL Server Express, just as they have to be done with other versions of SQL Server. I would love to see an automated log backup script that periodically dumps the database and logs, and then truncates the log. Perhaps that’s something that an enterprising third party needs to create. Until then, I recommend developers build these admin tasks into their applications and use SMO to perform these needed maintenance functions and use Windows Scheduler to help.

Service Packs
SQL Server Express can only be installed using the Windows Installer (MSI) installation package files. Unlike MSDE, you won’t be able to create custom MSM setup scripts. In other respects it’s the same as MSDE, so you’ll still need to be prepared to update the SQL Server engine via the traditional Service Pack means. The folks at Microsoft are acutely aware of the issues in this regard and are still formulating a better strategy.

Installing SQL Server Express Edition

Unlike MSDE, which does not support any form of a GUI Setup utility, SQL Server Express permits both command-line setup as well as a GUI version. This version of setup is familiar to developers who use the Standard Edition version or greater. However, early in the process, the SQL Server Express GUI Setup program exposes the dialog (as shown in Figure 1) that asks if the user wants to set the Advanced Configuration options. By default, Setup configures the SQL Server Express instance being installed to use Integrated Security and disable all access to the TCP ports and external protocols. This means you won’t be able to access the SQL Server Express instance from other systems, or by using SQL Server credentials, unless you change the advanced configuration options.

Figure 1. Capturing registration information for the SQL Server Express GUI Setup utility

Choosing the security mode
The SQL Server Express Setup utility permits you to set the type of security used by the server in the Authentication Mode dialog (as shown in Figure 2). As I discuss later, the default mode is Windows Authentication, which validates user credentials against the Domain Active Directory database. It’s a good idea to leave the default until you understand the security implications of switching to SQL Server Mixed Mode security. For example, mixed mode (SQL Server) security forces developers to figure out ways to hide the SQL Server credentials used by their application to prevent their use by unscrupulous hackers. Even then, it’s still a good idea to stick with the default setting unless your design makes this configuration impossible.

Interesting Aside Where do hackers come from? At a Diligence Information Security conference in London, one study found that most “hackers” (those trying to gain unauthorized access to protected data) were from individuals within the corporate firewall—and most (by far) were on the company payroll.
Regardless of the type of security you choose, the Setup utility demands that you provide an SA password. While it says that you’ll need to provide a “strong” password, this is really a function of the Domain Password strength settings. I encourage you to use a well-formed strong password, but it’s not that important if you stick with Windows Authentication Mode. The utility won’t let you leave it blank.

Figure 2. Setting the Authentication mode used by the SQL Server Express instance

Installing the SQL Server Computer Manager extension
The one and only tool that is installed with SQL Server Express is the SQL Server Computer Manager MMC snap-in. This tool can be used to manage the SQL Server services and enable SQL Server to be seen on the network. To install this component, select it while installing your SQL Server Express instance using the Features Selection dialog (as shown in Figure 3).

Figure 3. Installing the SQL Server Computer Manager extension.

Once your SQL Server Express instance is installed, the SQL Server Computer Manager can enable the TCP ports or appropriate network protocols by navigating to the “Protocols for SQLEXPRESS” node, right-clicking and then choosing Enable, as shown in Figure 4. In this case, I enabled the Named Pipes (Np) protocol. You’ll also have to start the SQL Browser service to provide server name resolution.

Note Remember, the “Slammer” worm exploited the fact that most SQL servers are exposed on UDP port 1434. This means SQL Server Express won’t be prey to this type of attack unless you enable the SQL Browser service.

Figure 4. Using the Computer Manager MMC snap-in component to enable network visibility

Once Setup is completed, the Setup files (which can contain plain-text or weakly-encrypted credentials, and other sensitive configuration information—basically the keys to your server) should be deleted or secured.

Connecting (Gaining Access) to SQL Server Express
Microsoft and I want you to break your dependencies on COM and the OLE DB providers in favor of using managed code. The SqlClient .NET Data Provider is still the best choice. If you must connect to SQL Server Express from COM-based applications using MDAC and OLE DB, you can do so, but you can’t connect over shared memory providers, and you’ll need to ensure that the SQL Browser service is started.

Since the default security setting is Integrated Security, you’ll need to use Integrated Security=SSPI in the connection string, unless you change to mixed mode security. You still need to specify an initial catalog or Database in the connection string to point to the specific database your SQL is targeting. I also recommend use of the Application Name connection string parameter to uniquely identify your operations when you use SQL Profiler to monitor the operations your code executes.

Connecting Using AttachDBFilename
A new approach recommended by the SQL Server team is to add the keyword AttachDBFilename to your connection string. This is an unusual approach for typical SQL Server client/server front-end applications and is rarely if ever used for Web applications. As with any connection string addressing SQL Sever instances, you must point to the server by name (or IP address) and provide an instance name. In addition, when you point to a filename in the connection string using the AttachDBFilename keyword, ADO.NET (or ADO) tells the targeted SQL Server instance that you want to “attach” the referenced file to the server—thus registering the database in the SQL Server Master database in the process of opening the connection.

Once a database is attached, from that point forward, the server accesses the referenced file (.MDF) and its companion log file (.LDF) when you reference the database. Be careful because there’s a catch here. You must specify the Database keyword in the connection string. If you don’t, the server has no way to identify this newly attached database. Code Listing 1 shows an example of an ADO.NET Sqlclient.SqlConnection object being configured to attach and open an .MDF file.

Code Listing 1. Connecting to a SQL Server .MDF file using the AttachDBFilename keyword.

Try
cn = New SqlConnection(”Data Source=.\SQLExpress;” _
& “Integrated Security=True;Database=Biblio;” _
& “Timeout=60;” _
& “Application Name=SQLExpress Test;” _
& “AttachDBFilename=” & strFn)
da = New SqlDataAdapter(”SELECT AU_ID, Author, Year_Born from authors”, cn)
ds = New DataSet
da.Fill(ds)
DataGridView1.DataSource = ds.Tables(0)
Catch ex As Exception
MsgBox(ex.ToString)
End Try
Tip The process of attaching a new database to Master can take far longer than simply opening it. Make sure you set the connection string Timeout keyword to account for this increased time.
Managing the attached .MDF database file(s)
Even though the process of opening the connection attaches a database, the database is not detached when your application closes the connection. Once attached, it’s permanently installed in the SQL Server instance. This means the database itself is visible to any application with sufficient rights after your application ends. It also means you’re responsible for maintaining a database file in the same directory with other application files. While the file is protected by Windows while SQL Server is running, it should not be overlaid with an “updated” version without first detaching the database. Again, detaching is not difficult. You can use the following command from SQLCMD, or use the SQL Server 2005 GUI management tools. Another approach is to use the AutoClose option that automatically closes the database file when all applications using the database have ended.

EXEC sp_detach_db ‘MyDb’
GO
Remember to save your database file on a local hard disk, not on a shared network server. It’s dangerous to force SQL Server to perform physical I/O over the wire (if it’s even supported at all) and it really hobbles your performance.

Unlike JET databases, it’s easy to back up SQL Server database files (and there could be several), but the backup process involves sending a T-SQL command to SQL Server through OSQL, one of the tools, or through SMO. The database can be backed up at any time with any number of users logged on (and active).

Connecting directly to a named SQL Server Express database
A more typical approach to connecting to a named database on a named SQL Server Express instance (or any SQL Server instance) is to simply address the computer name followed by the instance name as shown in Code Listing 2. This approach assumes the Database being targeted is already registered with the SQL Server Master database.

Code Listing 2. Using “direct” access to a registered SQL Server database.

cn = New SqlConnection(”Data Source=.\SQLExpress;” _
& “Integrated Security=True;Database=Biblio;” _
& “Timeout=60;” _
& “Application Name=SQLExpress Test;” _
& “AttachDBFilename=” & strFn)
Note SQL Server Express still supports the connection string notation of “(local)” or “.” to refer to the “default” instance of SQL Server, but only if you install the “default” instance as I described earlier. I don’t recommend this approach, as your SQL Server Express server might not be the original “default” instance on the server.
Using an alternative instance name
You don’t have to install SQL Server Express using the default “SQLEXPRESS” instance name. I can envision several situations where using the default instance name is not a good solution. In this case, you’ll need to use the Advanced Configuration options during Setup to choose another instance name and use that instance name in the connection string. A problem with this approach is that if your application setup utility does not know what databases are installed on the target server, your name might collide with an existing name—just as some other application installing SQL Server on your user’s system might collide with the name you choose. That’s why the common instance name of SQLEXPRESS is such an important innovation.

Using an alias
Another approach to connecting to a “common” server name from your application is to use an alias. That is, you can use the SQL Computer Manager to specify an alias for your SQL Server instance (as shown in Figure 5). In this case, I created an alias called “George” that I can use in my connection string. If the underlying server changes (as when I change from a test to production server), I simply change the alias and the application is redirected to the correct server.

Figure 5. Using the Computer Management utility to create an instance alias.

Managing integrated security with Windows Authentication Mode
When your connection string contains the keyword Integrated Security=SSPI, ADO.NET (or the data access interface you’re using) uses Windows Authentication Mode. Behind the scenes this mode uses the NTLM (NT LAN Man) Windows NT Challenge/Response authentication protocol to validate the account credentials which uses encryption for secure transmission of passwords to prevent “snoopers” from picking your credentials off the wire. Each time a connection is opened (or reopened), the user credentials are re-verified against the domain controller (Active Directory) database. Microsoft recommends Windows Authentication Mode for most applications.

Note For more information on Security Support Provider (SSP) packages (like NTLM and Kerberos), see the SSP Packages Provided by Microsoft in the Platform SDK.
The test application I wrote to validate this code works fine (the bulk of the code is shown in Code Listing 1). That’s because I’m logged in as an administrator, and as such my Windows account is granted system administrator rights on SQL Server. This is why you don’t need to use the SA account or know what the SA password is when working with SQL Server Express. However, I certainly hope your end users won’t be given admin accounts. When anyone logs into a Windows domain, they are granted rights determined by the domain’s administrator. This information is stored in the Active Directory. These rights are not passed on to SQL Server unless you specifically grant them. This means non-administrators are (by default) not granted rights to the server or its contents and you’ll need to set up users, groups, and roles to manage the database and its contents. The mechanisms for doing this have not changed in some time, and they are well documented in SQL Server Books Online. (More details are found in SQL Server 2000 SP3 Security Features and Best Practices on TechNet.)

Basically, there are four layers of security you’ll need to establish and configure.

The Windows domain account: Your system administrator needs to establish a domain account that includes a Login name and (strong) password—the user “credentials”. This account is (by default) a member of the “Domain Users” group. Your administrator can set up other groups and assign users to these groups as needed. I usually set up “classes” of users that categorize them by the type of work role within the office they are assigned to. For example, I’ll setup “Accounting Admin1″ and “Accounting Admin Lead” groups and add specific Windows domain accounts to these groups. A single Windows user can be assigned to several roles.
Physical security of the workstation and the user. If the workstation is left logged in while the user is away, or the user permits others to use their Windows account credentials, your security has already been penetrated. This layer is often overlooked. This is why Microsoft uses a key-access system to prevent access to systems when the user is not physically present.
SQL Server Login: This is an account setup on SQL Server that’s used to screen attempts to connect to SQL Server. Each account you add to this list dilutes the server’s ability to protect the data as it permits additional Windows users to gain access to the server. When using Integrated Security (as we suggest), you’ll still need to setup a Login account on SQL Server to permit access to the targeted database by a specific user or to a Windows Domain group (such as Domain Users). Each Login account is granted rights to one or more databases and is assigned a default database that is referenced if the initial catalog (Database) keyword is not used in the connection string.
Database Users: The final layer of protection is managed in the database itself. In this case, you need to set up one or more database users that are granted rights to specific tables, views, functions, and stored procedures. You can even grant rights to specific columns if the need arises.
One approach to managing security accounts on any SQL Server database is to use SQLCMD. However, unless you’re a database administrator (DBA) and are experienced with T-SQL, this can seem a bit daunting. Fortunately, you can use the SQL Server 2005 Management Studio that is equivalent to SQL Enterprise Manager to create database users, groups or roles. This tool is not included with SQL Server Express, so you’ll need to use the Standard or Developer Editions for Microsoft-provided tools, or use one of the third-party tools. Once these roles are created, you can get the SQL tools to export these T-SQL commands to a script file.

Using mixed-mode security
Mixed Mode Authentication is an alterative to using Windows Integrated Security. In this case, the connection string UID and PWD keywords are validated against a SQL Server Login name and password. Since this technique bypasses Windows Authentication, it’s seen as less secure. To use this security mode (and ignore our advice), you’ll need to enable this Mixed Mode security during setup. To do so, when using setup batch files, you can set the SECURITYMODE command parameter to “SQL”. This option is also available with the SQL Server Express interactive setup program and the SQL Server Express Manager (XM), of which a preview version should be available soon.

SQL Server Security General Guidelines
Security breaches on any system, whether it’s a million-hits-per-hour corporate server or a million-hits-per-millennium small office system, can mean the demise of the company—or just your job. Since SQL Server Express systems assume that the application takes on many security roles, it needs to be prepared to manage SQL Server logins, perform periodic maintenance such as data and log backups, move backup stores off-system (and hopefully off-site), and other maintenance tasks as appropriate for your database use. Your application also needs to take steps to monitor the health of the server log, and report problems it encounters.

Developers not familiar with SQL Server often overlook a more fundamental approach to security, such as SQL Server’s ability to protect objects right down to the column. In most serious office systems, the DBA (if there is one) immediately restricts access to the base tables. After that, the DBA establishes specific user and role accounts that have focused access to the database, enabling appropriate permissions on specifically applicable views, stored procedures, and functions. This way, if the user credentials are hijacked, the only way the data can be accessed is through these very easily constrained mechanisms.

Summary
This article introduces you to the new and improved version of SQL Server 2005 known as the Express Edition. I touch on the differences in SQL Server Express that make it easier to use and easier to protect, and discuss several security issues ranging from protecting the data, protecting the server, and protecting the physical system. I hope this overview encourages you to migrate your existing JET applications to the more secure and more stable SQL Server 2005 Express Edition.

© Microsoft Corporation. All rights reserved.

Manage Your Profile | Contact Us | Newsletter
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement

Reprinted from
http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202424535933

Perks and Perils of a Paperless Office
By Jeffrey D. Roberts and Nina Wadhwa
Pennsylvania Law Weekly
September 16, 2008

After much hype and anticipation, the age of the paperless office is finally here. As technology has improved, an increasing number of businesses are choosing to store their original paper documents electronically by scanning and destroying the originals. Given this growing trend among businesses to move to purely electronic storage of day-to-day business documents and other records, one important question remains: Do business documents have to be stored in hard copy form after scanning?

The answer to this question rests in two key inquires. The first is whether the electronic version of the paper record satisfies retention requirements imposed by federal and state statutes and regulations, so that the document can be used if the organization is audited by a federal or state agency. The second is whether the electronic copy can be admitted into evidence during litigation. Of course, the latter inquiry is of particular significance to counsel who may subsequently face questions of the admissibility and authentication of the scanned documents.

Traditionally, under the common law best evidence rule, parties were required to produce the original writing or document into evidence. Thus, copies of documents were not routinely admissible in court proceedings unless the original was shown to be unavailable through no fault of the proponent. This archaic view, however, dated to the time when copies were made by hand and were therefore subject to inaccuracy.

As technology has improved over time, an increasing number of businesses are moving to electronic storage of documents without retaining the originals. As a result, courts and legislatures are now creating exceptions to the common law rule, which allow for the routine admission of electronic copies of original documents.

The option for providing copies of records is specifically addressed in existing federal and state statutes. Generally, the admissibility of electronic records into evidence depends on the laws and rules of evidence that affect the admissibility of duplicate records. Existing statutes and rules of evidence overcome the presumption of the best evidence rule that the original is best, and all duplicates will be considered inferior. Thus, as a practical matter, all state and federal courts will admit duplicate records into evidence, provided that they accurately reproduce the original.

Two major uniform laws have modified the best evidence rule by establishing the admissibility of duplicate records into evidence, regardless of whether the original records have been destroyed in the regular course of business. The Uniform Photographic Copies of Business and Public Records As Evidence Act has been adopted by the federal government and the majority of states, including the commonwealth of Pennsylvania. This law permits duplicate records to be admissible into evidence provided that they were prepared by a “process which accurately reproduces … the original.” The UPA also permits the original records to be destroyed after reproduction, and provides for use of the duplicate record in court proceedings.

The second major uniform law, The Uniform Rules of Evidence, has been adopted by the federal courts and a majority of states and defines a duplicate as a counterpart produced by any technique “which accurately reproduces the original” and allows a duplicate to be admissible in evidence “to the same extent as an original.” Although Pennsylvania has not adopted the Uniform Rules of Evidence, it still permits a duplicate to be admissible to the same extent as an original unless a genuine question is raised as to the authenticity of the original, or in the circumstances it would be unfair to admit the duplicate in lieu of the original.

Given these laws, from a litigation perspective, there is nothing to prevent a business from scanning and destroying original documents. If, in fact, litigation were to arise following the document scanning and destruction process, the “best evidence” may turn out to be a print out of what was scanned. Even so, it bears emphasizing that issues regarding whether a document is the “best evidence” arise only if the other side objects to the document and meets their burden of showing that there is a genuine issue as to the authenticity of the original, or as to the trustworthiness of the duplicate.

If indeed there is a genuine question as to authenticity or trustworthiness, counsel might also have to explain the safeguards of the scanning system to authenticate that the scan was a faithful replica of the original. Thus, if it is critical to the success of your case to admit into evidence computer stored records, it would be prudent to plan to authenticate the record by the most rigorous standard that may be applied.

If the exceptions to the best evidence rule are not comforting enough, then consider that the federal courts and many state courts have now adopted e-filing, which allows attorneys to upload PDF copies of pleadings, instead of filing paper documents. Unless questions regarding authenticity of original documents are raised, these federal and state courts do not require the attorneys to file the paper originals, instead considering the PDF copies as originals.

Nevertheless, despite the advances of technology, the permissibility of e-filing and the various exceptions to the best evidence rule, the rule may sometimes still apply. Despite the broad latitude of courts with regard to most original documents, there are still some documents that should always be kept in original form. Some examples are corporate formation documents such as charter, certificate of incorporation, articles of incorporation and other documents that affect identity or organization; certificates of title not recorded; negotiable instruments that have not been paid; and stocks, bonds, underwritings, mortgages, notes, vouchers, and stock and bond certificates that have not been canceled, redeemed, retired, sold, de-registered or otherwise disposed of. Accordingly, before advising your client that they can scan and destroy all records, you should periodically consult applicable state and federal regulations to ensure compliance with specific agency requirements.

While the ultimate answer as to whether business documents have to be stored in hard copy form after scanning will depend on each organization’s particular circumstances, generally, paper originals can be destroyed after scanning if counsel believes that they can answer any challenges to authenticity that might arise. Ideally, the records custodian should clearly document in a statement why the organization has decided to destroy the records, and that it has created an alternative system for preserving the information.

This should include that the records were made and received in the regular course of business within a reasonable time of the transaction involved; the records were kept in the regular course of business; the electronic duplicates have been compared to the originals and are true and correct; the destruction is being performed in good-faith and in the regular course of business; and that to the company’s good-faith knowledge and belief, no litigation is pending or anticipated that would involve the records being destroyed.

If the business implements such procedures, it should be able to retain the records identified in its document retention policy in electronic form, have those documents accepted by various federal and state agencies for audit purposes and have the duplicate documents admitted into evidence as though they were original documents.

Jeffrey D. Roberts is an associate in the Pittsburgh office of Burns White & Hickton. Roberts focuses his practice on the firm’s business and litigation groups and heads the firm’s electronic discovery team. He has been with the firm since 2004 and previously spent four years serving in the U.S. Navy Judge Advocate General’s Corps as military defense counsel and as a special assistant United States attorney. Nina Wadhwa is an associate in the firm’s Pittsburgh office. Wadhwa practices in the business and transportation groups with an emphasis on occupational illness defense and health care law. She is a member of the firm’s electronic discovery and risk management teams.

Resolved QuestionShow me another »
Problem Excel Data in vertical and horizontal cells?
Hi guys

I have a number of spreadsheets that i am trying to sort into one sheet.

They all have the same data however some of them have the information going vertical and some have it horizontal, i would like to have all the data reading one way.

Any ideas
2 years ago
Report Abuse
by bonusgra… Member since:
June 07, 2007
Total points:
344 (Level 2)
Add to My Contacts

Block User

Best Answer - Chosen by Voters
Do copy and paste special from the edit menu and select Transpose and you can flip vertical data to horizontal or vice versa
2 years ago
100% 1 Vote
Report Abuse Is this what you are searching for?Rating: Good Answer Rating: Bad Answer
0 stars - mark this as Interesting! Who found this interesting?
Be the first person to mark this question as interesting!
Email
Comment (0)
Save
Add to private Watchlist
Save to Yahoo! Bookmarks

Add to My Yahoo!

Add to Del.icio.us

RSS
There are currently no comments for this question.

* You must be logged into Answers to add comments. Sign in or Register.

Other Answers (3) Show: All Answers Oldest to Newest Newest to Oldest Rated Highest to Lowest
by bustedta… Member since:
January 08, 2007
Total points:
1804 (Level 3)
Add to My Contacts

Block User

Highlight the data you want to copy and right click and select ‘COPY’
click on the area you want to paste the data and then right click to select ‘PASTE SPECIAL
select TRANSPOSE and then click OK
this will change your rows to columns
2 years ago
0% 0 Votes
0 Rating: Good Answer 0 Rating: Bad Answer Report Abuse by Mooseles Member since:
June 21, 2006
Total points:
2314 (Level 3)
Add to My Contacts

Block User

Use Copy, Paste Special, Transpose. You can change your rows into columns or vice versa.
2 years ago
0% 0 Votes

FAT
4GB Max File Size
4GB Max Volume Size
512 Files Per Folder

FAT32
4GB Max File Size
2TB Max Volume Size
65,534 Files Per Folder

NTFS
No limit on Max file size.
256TB Max Volume Size (64KB Clusters)
4,294,967,295 Files Per Folder

http://technet.microsoft.com/en-us/library/bb727008.aspx

Executive Briefing June 30, 1975, 6:43PM EST text size: copyright McGraw Hill Business Week Magazine

The Office of the Future
An in-depth analysis of how word processing will reshape the corporate office
Editor’s Note: This article originally appeared in the June 30, 1975, issue of BusinessWeek.

The office is the last corporate holdout to the automation tide that has swept through the factory and the accounting department. It has changed little since the invention of the typewriter 100 years ago. But in almost a matter of months, office automation has emerged as a full-blown systems approach that will revolutionize how offices work.

At least this is the gospel being preached by office equipment makers and the research community. And because the labor-intensive office desperately needs the help of technology, nearly every company with large offices is trying to determine how this onrushing wave of new hardware and procedures can help to improve its office productivity.

Will the office change all that much? Listen to George E. Pake, who heads Xerox Corp.’s Palo Alto (Calif.) Research Center, a new think tank already having a significant impact on the copier giant’s strategies for going after the office systems market: “There is absolutely no question that there will be a revolution in the office over the next 20 years. What we are doing will change the office like the jet plane revolutionized travel and the way that TV has altered family life.”

Pake says that in 1995 his office will be completely different; there will be a TV-display terminal with keyboard sitting on his desk. “I’ll be able to call up documents from my files on the screen, or by pressing a button,” he says. “I can get my mail or any messages. I don’t know how much hard copy [printed paper] I’ll want in this world.”

The Paperless Office
Some believe that the paperless office is not that far off. Vincent E. Giuliano of Arthur D. Little, Inc., figures that the use of paper in business for records and correspondence should be declining by 1980, “and by 1990, most record-handling will be electronic.”

But there seem to be just as many industry experts who feel that the office of the future is not around the corner. “It will be a long time—it always takes longer than we expect to change the way people customarily do their business,” says Evelyn Berezin, president of Redactron Corp., which has the second-largest installed base (after International Business Machines Corp.) of text-editing typewriters. “The EDP [data-processing] industry in the 1950s thought that the whole world would have made the transition to computers by 1960. And it hasn’t happened yet.”

But everyone agrees that office systems are coming. So the real question is: How does American business get to George Pake’s office of the future when many companies still are having real trouble changing their offices to accommodate the first generation of standalone editing typewriters?

Getting there means finding the answers to a host of very complex questions. Can desk-top terminals be made “friendly” enough so that executives will use them? Should a lot of powerful machines be moved together with central libraries and thus break up traditional working relationships? Will office systems get needed computer power by depending on the machines already in EDP centers doing accounting and financial work? Says Pake’s boss, Jack E. Goldman, Xerox chief scientist: “I don’t think anyone can really know which is the way to go now.”

If the office of the future is a collection of these electronic terminals linked to each other and to electronic filing cabinets, “it will change our daily life,” Pake says. “And this could be kind of scary.” This is what most concerns Pake and a growing number of other researchers and users. “We have just really discovered the enormity of the problem,” Pake admits. “How well we succeed,” he says, “depends on how well we understand the human interface and the thought process as they go through the daily work process.”

To most planners, the task is even bigger than it was in the early days of the computer revolution. “This is a tougher job of planning than data processing,” says Robert B. LaDue, IBM’s marketing director for word processing systems. EDP initially zeroed in on accounting applications, he says, and it did not have the broad effect on people that word processing, which reaches everyone, will have.

Some in the business bridle at such assertions. “This scare talk about drastic changes in the office structure, which is worrying potential users, is an IBM misconception,” declares Robert Hendel, 32-year-old president of LCS Corp., a small supplier of word processing systems. “IBM tries to make word processing complex so that people will think they need an IBM to help them,” he maintains. “But that kind of talk is just gobbledygook.”

Just for the present, Hendel may have a point. Most office automation products are being sold as stand-alone equipment, machines that operate independently and are not connected to other machines. This provides a secretary, for example, with a more productive typewriter. But this hardware is only the first step toward the office of the future. Gaining the most from automation demands that the new office machines be linked together to form integrated systems. And few would argue that setting up such systems without disrupting an office is going to be a simple task.

Undoubtedly it will be Xerox and IBM that will find the way. “The entire industry knows that the office environment is moving toward the integrated system, but it will be hard to define,” says Jonathan Pugh III, marketing head of Lexitron Corp., a builder of display text editors. “IBM and Xerox will dictate the future because of their marketing power,” he says. Timothy C. Cronin, president of Inforex, Inc., an office-equipment supplier, agrees: “With IBM and Xerox pouring out $1.5 billion yearly in R&D, they will control the pace of technology in their interest.”

The long-anticipated battle between the two giants will occur in this market. And it could be difficult for either of them to control the pace of change. “IBM and Xerox are jockeying for position now, and the battleground is the office,” Cronin declares. “How they plan to attack will unfold over the next two years, and it will be one of the most significant factors shaping the office of the future. ”

The Struggle for Cost-Control
Word processing was used originally by IBM as a marketing umbrella for its broad line of office products, and some people still call it a “buzz word.” The definition that makes most sense is that word processing (WP) is the manipulation of words, sentences, and paragraphs by advanced hardware, while data processing (EDP) is the manipulation of numbers. But even if the definition is not sharp, most everyone agrees that WP is sweeping into the office now and will be the springboard from which the office will automate.

Word processing is coming on strong because businesses no longer can afford the custom approach to doing office work. Paperwork is growing explosively, and in the traditional “one-on-one” office arrangement—the secretary-boss combination—productivity is largely dependent on how fast the secretary can move her hands and feet.

“Costs in the office are running uncontrolled,” declares Alan Purchase, senior industrial economist at Stanford Research Institute, who recently made a major study of future office equipment markets. “Where office costs used to be 20% to 30% of the total in a company, they have now grown to 40% to 50% of all costs.” Rising salaries and demands to process more information are growing at geometric rates. IBM says that the average secretary’s salary is 68% higher, and the cost of turning out a business letter is 40% more than it was 10 years ago.

More important, Purchase says, “the current recession has brought a real awareness by companies that they have to identify and control office costs and improve productivity.” A Quantum Science Corp. survey showed that while the recession had forced a cut in overall office spending, it was also responsible for increasing text-editing typewriter installations. Nearly one-fifth of all offices surveyed, and 39% of the larger ones, either planned or had recently added automatic typewriters.

But the office’s productivity problems have been developing for a long time. “Many offices are not even held accountable for productivity,” notes David L. Holzman, Xerox’ market development manager. “In studies we’ve made, 50% of all offices are just a part of the overhead.” Further, the shift of the U.S. economy to service-based industries (they will employ 47% of all U.S. workers by 1980) and the growth of clerical employees are colliding with soaring clerical labor costs, growing shortages of skilled personnel, and changing social attitudes.

“This climate is almost forcing the revolution in the office,” declares Robert E. Verrando, marketing chief for Xerox’ Office Systems Div. But word processing is a tough sell, particularly since it so often changes the traditional secretary-executive relationship. “The biggest problem we face is the office wife,” says Lexitron’s Pugh. “She likes giving total loyalty to one boss, and he likes getting it.”

But increased productivity from the addition of new hardware requires restructuring and reorganizing the office. To many, the willingness of office workers to make such changes and to discipline themselves to a system is the major factor in determining how quickly WP catches on.

But business may not be able to wait. “People will adapt nicely to office systems—if their arms are broken,” says William F. Laughlin, IBM vice-president, only half facetiously. “And we’re in the twisting stage now,” he adds.

Top managements have to look at the cost of handling paperwork in the same way that they view the factory environment and data processing, says Pugh of Lexitron. So far, they have not. And this is why the service sector shows high annual increases in cost—in the 5% to 7% range—while annual unit labor costs in the manufacturing sector steadily decline from a very low base.

Factories achieve their cost savings by investing capital to replace labor in production. “But we haven’t brought technology to bear on the office,” declares Robert J. Potter, president of Xerox’ Office Systems Div. “We have invested only peanuts in capital equipment for the office.” Investment in capital equipment per office worker is only about $2,000 annually, far lower than the $25,000 spent for each manufacturing employee, figures SRI’s Purchase. But he sees the amount being spent annually on the office per white-collar worker growing to $10,000 or more by 1985. This would produce a significant market. “There’s some speculation that WP will be bigger than data processing in 10 years,” says James N. Mills, president of Litton Industries, Inc.’s Royal Typewriter Co.

Lifting Productivity Word processing began quite accidentally and inauspiciously in 1964 when IBM introduced its MT/ST (for magnetic tape, Selectric typewriter). IBM saw it only as an entry into the automatic letter writer market (repetitive typing of form letters), and it bravely forecast that 6,000 would be sold. But what turned the MT/ST into a smashing success was its use instead as a text editor. Secretarial productivity was vastly increased, since a letter had to be typed only once. This was done by capturing keystrokes in electronic form and storing them on the tape for fast, precise replay. Revising or correcting is done by typing over the word or sentence to be changed, with the machine rerecording the tape at that spot. There is also space on the tape to insert words. The mechanical text editors, which cost between $5,000 to $13,000, have most of the market today.

But sales are growing fastest in a second generation stand-alone model, and it is happening without the marketing muscle of a Xerox or IBM. These units, most of them produced so far by Lexitron and Vydec Corp., have a TV screen to display a page of text. The keyboard is separated from the typewriter so that a page can be typed automatically while the operator starts work on the next page.

The display text editor is catching on fast, even though it costs nearly twice as much, because it is much faster and easier to use. What the operator types shows directly on the screen rather than on a sheet of paper. Once the document on the screen is correct, the operator pushes a button to store the document in a tape or disk memory and to print it out on the typewriter.

Shipments of all editing typewriters have been growing at the rate of nearly 50% annually. Estimates of total units in the field vary widely, but it could hit 300,000 by the end of 1975. SRI’s Purchase estimates that by 1981 the total will reach 910,000 or a “very strong average annual growth rate of 23.3%.” The value of annual shipments should triple to more than $1.3 billion.

Before text can be edited on a word processor, it has to be originated, and the best way to do it still is by using dictating machines. But this has been a slow growth business, since most executives either need to write material in longhand or they like the idea of dictating directly to their secretaries for status reasons. “Even today, only 26% of the people who should use a dictating machine actually use it,” says Gene W. Milner, president of Lanier Business Products, a major supplier.

But word processing has focused new attention on dictation because IBM and others feel it is a key to the WP center concept. Because of better new products and the emerging WP market, sales of dictation equipment will grow from $161 million in 1973 to $244 million in 1977, according to SRI.

Other techniques are being worked on to augment or supplant dictation equipment, but these developments seem to be well down the road. Optical character recognition (OCR) equipment, which can already automatically read typed text and convert it into machine-readable data, is getting better all the time. Some WP users already are considering it, but the main stumbling blocks are its high cost and the number of errors that OCR still makes.

Another part of future office systems is information storage and retrieval, which is now “very archaic and the most feeble” of all the office functions being handled independently, says Xerox’ Goldman. “We don’t know how this will shake out,” he says, “but we do know that storage will be other than paper.” The replacement for the filing cabinet could be magnetic or optical disks, and “don’t rule out microfilm yet,” he adds.

The soaring cost of paper has caused a surge of growth in the use of microforms (microfiche and microfilm), an older replacement for the filing cabinet. Bell & Howell Co.’s Richard L. Miller sees this market growing from today’s $700 million to $2 billion by 1980 as companies begin using microforms for active business records as well as archival records.

But ADL’s Giuliano is less sanguine: “In many ways microforms are inferior to paper. Special readers are required, images are poor, and they are hard to manipulate and can’t be erased or annotated.” He sees them as an interim solution.

Most WP equipment developed so far is designed to move information around faster inside the office. But the office also is gaining increasingly powerful links to the outside world via facsimile equipment. “After decades of high hopes and low performance, facsimile finally appears to have taken off in general business communications,” International Resource Development, Inc., says in a recent study. And it estimates that Xerox accounts for 60% of the installed units and has 80% of current shipments. In the past two years, fax installations have more than doubled from fewer than 50,000 to more than 100,000 units.

Xerox expects to keep its momentum going with a new plain-paper Telecopier that combines a laser and xerography to send documents over ordinary phone lines at the rate of two minutes per page. “If you went to the top 100 companies, there would be a 50-50 chance that they’d have some sort of electronic mail—and that’s just Xerox gear,” says David Klein, Xerox’ facsimile marketing head. “Some users have enough Telecopiers now—Washington law firms, for example—that they order one just like a phone.”

Today’s word-processing equipment exists largely as a conglomeration of stand-alone machines, each developed to do a specific task and not linked to other office equipment. Now the first links are just beginning to be made, merging the stand-alone units into embryonic office systems and leading on toward the office of the future.

——————————————————————————–

Microsoft XML Paper Specification Essentials Pack
Brief Description
Version 1.0
The Microsoft XML Paper Specification Essentials Pack, Version 1.0 (XPS Essentials Pack) contains components that enable you to view, generate and index XPS Documents.

Download here

Microsoft Unveils Exchange 2010 With Public Beta
April 15, 2009
Tools

* Email
* Print

REDMOND, Wash. - April 15, 2009 - Microsoft Corp. today released a public beta of Microsoft Exchange Server 2010, part of Microsoft’s unified communications family (http://www.microsoft.com/uc).

Exchange 2010 is part of the next wave of Microsoft Office-related products and is the first server in a new generation of Microsoft server technology built from the ground up to work on-premises and as an online service. This release of Exchange 2010 introduces a new integrated e-mail archive and features to help reduce costs and improve the user experience. A public beta of the server is available for download starting today at http://www.microsoft.com/exchange/2010.

Exchange Server 2010 will become available in the second half of 2009. Microsoft Office 2010 and related products will enter technical preview in the third quarter of 2009 and become available in the first half of 2010.

“Exchange 2010 ushers in the next generation of Microsoft unified communications software as the first server designed from inception to work both on-premises and as an online service,” said Rajesh Jha, corporate vice president of Exchange at Microsoft. “This release raises the bar with new archiving and end-user innovations that will help companies save money and employees save time.”

Exchange 2010 will help organizations reduce costs, protect communications and delight e-mail users with capabilities to do the following:

•

Lower costs with more flexible deployment and management options. Exchange 2010 provides organizations with the same enterprise-grade capabilities whether deployed on-premises or as a service from Microsoft or partners - or as a mix of both. Further, for customers deploying the server, the new release simplifies the way organizations provide always-on communications and disaster recovery, meaning administrators spend less time managing their e-mail system. Exchange 2010 further improves performance running on lower-cost direct-attached storage, enabling organizations to dramatically reduce storage costs by up to 85 percent without sacrificing performance or reliability.

•

Protect information and meet compliance requirements with the new e-mail archive. As e-mail volume grows, companies must address increasing compliance, legal and e-discovery concerns, but today, according to Osterman Research, only 28 percent of organizations currently archive their e-mail content (Osterman Research, 2008). Exchange 2010 introduces an integrated e-mail archive. The new solution makes it easier to store and query e-mail across the organization using the Exchange software that organizations already know and use.

•

Improve user productivity with the ultimate inbox experience. Basex Inc. recently estimated that the average number of corporate e-mail messages received per person per day is expected to reach more than 93 by 2010. In addition, businesses lose $650 billion annually in productivity due to unnecessary interruptions including those from e-mail (Basex, 2008). Exchange 2010, together with Microsoft Outlook 2010, will give people more control over their communications with features such as these:

-MailTips. Warn users before they commit an e-mail faux pas such as sending mail to large distribution groups, to recipients who are out of the office or to recipients outside the organization, helping protect against information leaks and reduce unnecessary e-mail messages.

-Voice Mail Preview. See text previews of voice mail directly in Outlook.

-Ignore Conversation. This e-mail “mute button” allows people to remove themselves from an irrelevant e-mail string, reducing unwanted e-mail and runaway reply-all threads.

-Conversation View. Combine related e-mail messages in a single conversation to reduce inbox clutter.

-Call Answering Rules. Create customized “Press 1 for …” call-routing menus with Exchange voice mail.

-Consistent Experience. Use Outlook on the PC, a mobile phone or a browser for the same experience with enhancements in Outlook Mobile and Outlook Web Access.

First in a Wave

Exchange 2010 is the first product to be introduced as part of the next wave of Microsoft Office-related products. The next wave, which includes Microsoft Office 2010, Microsoft SharePoint Server 2010, Microsoft Visio 2010 and Microsoft Project 2010, is designed to give people a consistent experience across devices, making it easier to create and edit documents and collaborate from any location. In addition, to help businesses reduce costs, the next wave will introduce new delivery and licensing models, improve deployment and management options for IT professionals, and provide developers with an expanded platform on which to create applications.

“The line between home and work has blurred, and people want more choice and flexibility in how, where and when they work,” said Chris Capossela, senior vice president of the Information Worker Product Management Group at Microsoft. “With the next wave of Microsoft Office-related products, people will be more productive across the PC, phone and browser, IT professionals can choose to deploy and manage servers on-premises or from the cloud, and developers get more opportunities to build innovative solutions and grow their business.”

Availability

Exchange Server 2010 will become available in the second half of 2009. Additional Office products including Microsoft Office 2010, Microsoft SharePoint Server 2010, Microsoft Visio 2010 and Microsoft Project 2010 are scheduled to enter technical preview in the third quarter of 2009 and release to manufacturing in the first half of 2010.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.