Security Checklist

Similar Messages

• Windows 2012 server security checklist for corporate company standard/recommended check-list

  Hello All,
  Good Day.
  I am looking for Windows 2012 server security checklist (standard hardening
  settings), would you kindly assist me by providing Wintel 2012 standard/recommended check-list ASAP?
  Thanks in advance.

  Hi,
  The Microsoft Security Compliance Manager 3.0 tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows Server 2012 in your environment.
  For more detailed information, please refer to the articles below:
  Windows Server 2012 Security Baseline
  http://technet.microsoft.com/en-us/library/jj898542.aspx
  Security Hardening Tips and Recommendations
  http://social.technet.microsoft.com/wiki/contents/articles/18931.security-hardening-tips-and-recommendations.aspx
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SOLARIS 9 - Security checkList

  1.     Is it possible to use dictionary files to validate passwords changes via Patch or manual configuration?
  can be done, if you upgrade to Solaris 10 and edit /etc/default/passwd (see man passwd) this is the asnwer I have got from this forum, I appreciate however i need a solution in solaris 9 itself, in this particular scenario upgradation is not possible.
  2.     Is it possible to set an historic record of passwords in order to avoid that users re assign previous values, using patch?
  I know by Default No, by using additional Softwares, Yes! Can it be done.
  can be done, if you upgrade to Solaris 10 and edit /etc/default/passwd (see man passwd)
  3.     Is it possible to set passwords inactivity period for automatic deactivation, using patch or manual configuration?
  It is possible; we don�t need any additional software for that. I guess its etc/shadow (pls let me know if im wrong)
  well, should work. At least you can set how long a password is valid (see man passwd).
  4.     .-How can we set, the password mandatory option? By default solaris accepts blank password, is there anyway we can make it mandatory?
  (if some one can help me in this, that will be great.)
  5.     How can it be configured, that initial passwords are valid only for one session?
  Can be done with if you use something like MS AD or LDAP for your naming service, don't think Standard Solaris can do it. Even if you of course can use the PAM framework to create a PAM module which does this, or search the net to see if someone have done it already.
  Thinking of it, it might be possible in pure Solaris as well, but if it is haven't done it. Perhaps someone else knows.
  6.     Is it possible to set the retry limit for denied access, if so how? How can we set the block interval when the access denied threshold is reached?
  Possible, again, if you upgrade to Solaris 10. In Solaris 10 you can lock an account after X amount of failed login attempts by editing /etc/security/policy.conf and make sure that LOCK_AFTER_RETRIES are set to "yes".
  By default this feature allows the user to try and login 4 times, after 4 bad login attempts the account is locked. The amount of retries can be set in /etc/default/login .
  The time can also be set in login, sort of.
  The latter file can also be used to specify when to log the failed attemt to syslog. See (on Solaris 10): man login : man policy.conf
  7.     How can we set the administrator passwords policy?
  If you are refering to the root account; in the same way as any other account i'ld suppose. Even if you have to be more careful. The root accounts might not be used very frequently, and when you have to use them its probably an emergency..[/b
  Please update this, I want help in solaris 9, not 10. If some one can contribute, I appreciate.
  Thanks,

  You should also look into the JASS package from Sun.
  http://wwws.sun.com/software/security/jass/

• Best Practice paper for SSO Security CheckList

  Is there any white papers or guides on how to secure the SSO? THKS

  also, try:
  SSL + certificate (will login automatically)
  Portal Security and Login Server Forum

• Weblogic Security Checklist

  Does anybody have any documents or links that cover "hardening" a Weblogic server?
  We are putting together a security plan and we are trying to list the steps that
  one would take to secure a default Weblogic install. Any help would be appreciated.
  Thanks

  instead of import weblogic.security.SubjectUtils; use import weblogic.security.spi.WLSUser; and get the username as below
  Set users = subject.getPrincipals(WLSUser.class);
            Iterator iter = users.iterator();
            while (iter.hasNext()){
                 userName = ((WLSUser)iter.next()).getName();
                 System.out.println(userName);
  this returns you the username

• Webologic solution for below question (security checklist)

  how to disable multiple session in weblogic?
  Edited by: 946501 on Jul 15, 2012 6:15 AM

  Hi,
  What you mean by disabling multiple session in weblogic ?
  can you brief with your query?
  Regards,
  Kal

• Oracle 8 security risks

  ISS Security Advisory
  May 6, 1999
  Multiple File System Vulnerabilities in Oracle 8
  Synopsis:
  Internet Security Systems (ISS) X-Force has discovered that
  multiple vulnerabilities exist in Oracle 8 that may allow local
  attackers to exploit weaknesses in Oracle administrative tools.
  Oracle is the market leader in enterprise database solutions.
  Attackers may use these vulnerabilities to amplify their
  privilege to that of the foracleF user. By default, the oracle
  user controls the entire Oracle database system. Attackers may
  launch local denial of service attacks against the database as
  well as alter or manipulate data.
  Affected Versions:
  ISS X-Force has determined that most current versions of Oracle
  8 for Unix are vulnerable. These versions include 8.03, 8.04,
  8.05, and 8.15. Oracle 8 for Windows NT is not affected by
  these vulnerabilities.
  Description:
  The Oracle 8 distribution is shipped with many administrative
  utilities that are owned by the oracle user with the setuid bit
  enabled. Several of these utilities implement insecure file
  creation and manipulation. These utilities also trust Oracle-
  related environment variables. The combined effect of these
  vulnerabilities may allow local attackers to create, append to,
  or overwrite privileged oracle files. Certain vulnerabilities
  exist that may allow local attackers to execute arbitrary
  commands as the oracle user. Attackers may also be able to
  permanently elevate their privilege to that of the oracle user.
  Temporary files that follow symbolic links are a common source
  of vulnerabilities in setuid executables. Administrators should
  remove or restrict access to setuid executables if possible.
  Developers of setuid programs need to take special precautions
  to prevent
  the introduction of vulnerabilities of this nature. ISS X-Force
  recommends
  that all Unix developers become familiar with Matt BishopFs
  secure
  programming guide, available at
  http://olympus.cs.ucdavis.edu/~bishop/secprog.html
  Fix Information:
  ISS X-Force has worked with Oracle to provide a patch for the
  vulnerabilities described in this advisory. Oracle has provided
  the following FAQ to answer any questions concerning these
  vulnerabilities.
  Q: IFve heard about a setuid security issue with the Oracle
  database? What is this all about?
  A: On Unix platforms, some executable files have the setuid bit
  on. It may be possible for a very knowledgeable user to use
  these executables to bypass your system security by elevating
  their operating system privileges to that of the Oracle user.
  Q: Which releases are affected by this problem?
  A: This problem affects Oracle data server releases 8.03, 8.0.4,
  8.0.5, and 8.1.5 on Unix platforms only.
  Q: Can I correct this problem or do I need a patch?
  A: This problem can easily be corrected. The customer can
  download the patch from the Oracle MetaLink webpages at
  http://www.oracle.com/support/elec_sup. The patch is a Unix
  shell script. This shell script should be run immediately, and
  also run after each relink of Oracle.
  Q: What is Oracle doing to fix this problem?
  A: Effective immediately, Oracle will provide the patch on
  OracleFs Worldwide Support Web pages. Oracle will ensure the
  patches are incorporated into future releases of Oracle8i
  (8.1.6) and Oracle8.0 (8.0.6)
  Q: What is Oracle doing to notify users about this problem now?
  A: Oracle is notifying all supported customers, via the Oracle
  Worldwide Support Web pages, of this issue so they can address
  it as required.
  ISS X-Force also recommends that all administrators complete a
  proactive survey on the use or potential misuse of setuid bits
  on privileged executables on their systems.
  Credits:
  These vulnerabilities were primarily researched by Dan
  Ingevaldson of the ISS X-Force.
  Copyright ( 1999 by Internet Security Systems, Inc. Permission
  is hereby granted for the electronic redistribution of this
  Security Alert. It is not to be edited in any way without
  express consent of the X-Force. If you wish to reprint the
  whole or any part of this Alert Summary in any other medium
  excluding electronic medium, please e-mail [email protected] for
  permission.
  About ISS
  ISS is the pioneer and leading provider of adaptive network
  security software delivering enterprise-wide information
  protection solutions. ISSF award-winning SAFEsuite family of
  products enables information risk management within intranet,
  extranet and electronic commerce environments. By combining
  proactive vulnerability detection with real-time intrusion
  detection and response, ISSF adaptive security approach creates
  a flexible cycle of continuous security improvement, including
  security policy implementation and enforcement. ISS SAFEsuite
  solutions strengthen the security of existing systems and have
  dramatically improved the security posture for organizations
  worldwide, making ISS a trusted security advisor for firms in
  the Global 2000, 21 of the 25 largest U.S. commercial banks and
  over 35 governmental agencies. For more information, call ISS at
  678-443-6000 or 800-776-2362 or visit the ISS Web site at
  www.iss.net.
  Disclaimer
  The information within this paper may change without notice. Use
  of this information constitutes acceptance for use in an AS IS
  condition. There are NO warranties with regard to this
  information. In no event shall the author be liable for any
  damages whatsoever arising out of or in connection with the use
  or spread of this information. Any use of this information is at
  the userFs own risk.
  X-Force PGP Key available at:
  http://www.iss.net/xforce/sensitive.html as well as on MITFs PGP
  key server and PGP.comFs key server.
  Please send suggestions, updates, and comments to:
  X-Force <[email protected] <mailto:[email protected]>> of Internet
  Security Systems, Inc.
  null

  http://metalink.oracle.com has all the Oracle documentation online. If you search for Security, you'll get plenty of documents. The Oracle Administrator's Guide has a Security Checklist that it probably a good starting point.
  This is a huge topic, though.
  Justin

• How to secure our database

  Please,
  Working with standard Edition as well as Enterprise edition on oracle 10g, I need to come up with some security recommendations to my boss, so, does someone give me a nice link or something else where I can grab some information to prepare the documentation?
  The environnement is on windws.
  Thanks a lot for your valuable help

  3360's second link is to a security checklist in the Oracle docs...
  If you're looking for third party books, if you can get it, Pete Finnigan's Oracle Security Step-by-Step or David Knox's Effective Security by Design are excellent.
  Be aware, though, that "securing a database" can be a huge topic depending on the precise attack vectors you're trying to thwart. I could easily rattle off a dozen different database features, products, and add-ons that are designed primarily to secure your database. Plus plenty of principles to keep in mind when you're designing secure applications. And plenty of configuration issues to deal with...
  Justin
  Message was edited by:
  Justin Cave

• Best practice for select access to users

  Not sure if this is the correct forum to post, if not then let me know where should I post.
  From my understanding this is the best forum to ask this questions.
  Are you aware of any "Best Practice Document" to grant select accesses to users on databases. These users are developers which select data out of database for the investigation and application bug fix.
  From time to time user want more and more access to different tables so that they can do investigation properly.
  Let me know if there exists a best practice document around this space.
  Asked in this forum as this is related to PL/SQL access.

  Welcome to the forum!
  Whenever you post provide your 4 digit Oracle version.
  >
  Are you aware of any "Best Practice Document" to grant select accesses to users on databases. These users are developers which select data out of database for the investigation and application bug fix.
  From time to time user want more and more access to different tables so that they can do investigation properly.
  Let me know if there exists a best practice document around this space.
  >
  There are many best practices documents about various aspects of security for Oracle DBs but none are specific to developers doing invenstigation.
  Here is the main page for Oracles' OPAC white papers about security.
  http://www.oracletechnetwork-ap.com/topics/201207-Security/resources_whitepaper.cfm
  Take a look at the ones on 'Oracle Identity Management' and on 'Developers and Identity Services'.
  http://www.dbspecialists.com/files/presentations/implementing_oracle_11g_enterprise_user_security.pdf
  This paper by Database Specialists shows how to use Oracle Identity Management to limit access to users such as developers through the use of roles. It shows some examples of users using their own account but having limited privileges based on the role they are given.
  http://www.dbspecialists.com/files/presentations/implementing_oracle_11g_enterprise_user_security.pdf
  And this Oracle White Paper, 'Oracle Database Security Checklist', is a more basic security doc that discusses the entire range of security issues that should be considered for an Oracle Database.
  http://www.oracle.com/technetwork/database/security/twp-security-checklist-database-1-132870.pdf
  You don't mention what environment (PROD/QA/TEST/DEV) you are even talking about or whether the access is to deal with emergency issues or general reproduction and fixing of bugs.
  Many sites create special READONLY roles, eg. READ_ONLY_APP1, and then grant privileges to those roles for tables/objects that application uses. Then that role can be granted to users that need privileges for that application and can be revoked when they no longer need it.
  Some sites prefer creating special READONLY users that have those read only roles. If a user needs access the DBA changes the password and provides the account info to the user. When the user has completed their duties the DBA resets the password to something no one else knows.
  Those special users have auditing on them and the user using them is responsible for all activity recorded in the logs during the time the user has access to that account.
  In general you grant the minimum privileges needed and revoke them when they are no longer needed; generally through the use of roles.
  >
  Asked in this forum as this is related to PL/SQL access.
  >
  Please explain that. Your question was about 'access to different tables'. How does PL/SQL access fit into that?
  The important reason for the difference is that access is easily controlled thru the use of roles but in named PL/SQL blocks roles are disabled. So those special roles and accounts mentioned above are well-suited to allowing developers to query data but are not well-suited if the user needs to execute PL/SQL code belonging to another schema (the app schema).

• Is it possible to digitally sign a jar file that will be used to install CF in WebSphere?

  I am currently working for a contractor for the DoD. We are maintaining a project that uses CF installed as an application through WebSphere. We are currently going through a security checklist and being asked to provide evidence that the CF application has a digital signature. From what we can gather they are looking to see that the jar file installed into WebSphere is digitally signed. We have reached out to IBM, and have received a response that digital signatures are recognized by WebSphere.
  Unfortunately, it seems that those that are looking for the evidence do not know much more than what the checklist requirement states. They cannot provide more details or expand on what they need. Any assistance or advice in this matter would be appreciated.
  Thanks,

  Masterkeedu wrote: !! It worked.
  Congratulations. :-)
  Masterkeedu wrote: So it's not certified, but is signed.
  So as I understand this, it means the end-user has no way to know it was me that truly signed it. But relies on their common sense I suppose.
  That is correct. The CA has verified, and is certifying, that you are who you claim to be. If you or I use a 'self signed' certificate, it does not carry the same level of trust. As you might understand already, the dialogs are different between the two certificate types, and some users cannot accept trusted code from an unverified (self-signed) certificate.
  I have been meaning to write a page on the differences between the two certificates. It is well worth looking into getting a cert. from a CA.
  There was a stage when one of the major CAs were offering 'freemail' certificates that came emblazoned not with your name, but 'free mail' itself. I did not like them because of that, and continue to use a self-signed certificate.

• How we can create Oracle 9i Database through Commands.

  How we can create Oracle 9i Database through Commands.
  We need step by step process and all the scripts.

  CREATE DATABASE
  Caution:
  This statement prepares a database for initial use and erases any data currently in the specified files. Use this statement only when you understand its ramifications.
  Note Regarding Security Enhancements:
  In this release of Oracle and in subsequent releases, several enhancements are being made to ensure the security of default database user accounts.
  To provide guidance for configuring Oracle9i in a secure manner, Oracle Corporation provides a security checklist. Oracle Corporation recommends that you read this checklist and configure your database accordingly. The security checklist can be found at the following URL:
  http://otn.oracle.com/deploy/security/oracle9i/pdf/9iR2_checklist.pdf
  Examples
  Creating a Database: Example
  The following statement creates a database and fully specifies each argument:
  CREATE DATABASE sample
  CONTROLFILE REUSE
  LOGFILE
  GROUP 1 ('diskx:log1.log', 'disky:log1.log') SIZE 50K,
  GROUP 2 ('diskx:log2.log', 'disky:log2.log') SIZE 50K
  MAXLOGFILES 5
  MAXLOGHISTORY 100
  MAXDATAFILES 10
  MAXINSTANCES 2
  ARCHIVELOG
  CHARACTER SET AL32UTF8
  NATIONAL CHARACTER SET AL16UTF16
  DATAFILE
  'disk1:df1.dbf' AUTOEXTEND ON,
  'disk2:df2.dbf' AUTOEXTEND ON NEXT 10M MAXSIZE UNLIMITED
  DEFAULT TEMPORARY TABLESPACE temp_ts
  UNDO TABLESPACE undo_ts
  SET TIME_ZONE = '+02:00';
  http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96540/statements_55a.htm#SQLRF01204
  Joel P�rez

• Checklist for secure pdf ebooks

  Does anyone have a good checklist for making secure ebooks that can't be easily copied or transmitted over file sharing networks? I think I have most of it figured out but before I offer my book to the internet gods I just want to make sure I did not miss anything.
  Thanks to anyone with helpful info!
  Billy

  You cannot prevent files from being copied, you cannot even make it
  difficult. A file is a file, and anyone can freely copy, share, email
  it etc.
  PDF ebook security is not based on stopping copying, but on DRM
  (Digital Rights Management) which limits who, or what computer, can
  open the file.
  Aandi Inston

• SUIM security-audit checklist....

  hello, i found a check list SAP security-auditing in SUIM. i searched some of them in internet but my mind confused.
  i think it can be very helpful checklist for people working in SAP security-auditing.
  if you have time, can you tell me please what these reports mean? with 1-2 sentences.
  ( i know they are a bit much but i think it can be realy good source for people wants to work in SAP security- auditing like me.)
  Thank you very much
  Regards..
  SUIM--->>>>
  1)  S_TCODE = SM36,Authorization Object 1: S_BTCH_ADM = Y; Authorization Object 2: S_BTCH_JOB = * for Job Operations and * for Summary of jobs for a group; Additional selection criteria – Unlocked users only
  2)  S_TCODE = SM37; Authorization Object 1: S_BTCH_JOB JOBACTION = *; Additional selection criteria – Unlocked users only
  3)  S_TCODE = SM35; Authorization Object 2: S_BDC_MON1=*, Additional selection criteria – Unlocked users only
  4)  S_TCODE = SE18; Additional selection criteria – Unlocked users only
  5)  S_TCODE = SE19; Additional selection criteria – Unlocked users only
  6)  S_TCODE = SM69; Authorization Object 1: S_RZL_ADM= 01; Additional selection criteria – Unlocked users only
  7)  S_TCODE =SM49; Authorization object1: S_LOG_COM, COMMAND Value: #*; POSYSTEM Value: #*; R/3 Value: #* additional selection criteria: unlocked users only
  8)  Authorization object 1: S_RFC; RFC_TYPE: FUGR; RFC_NAME: #*; activity: 08; additional selection criteria: unlocked users only
  9)  S_TCODE = SECR;” “authorization object1: S_IMG_ACTV, Project no: 900; ACTVT = 02; IMG Value = #*” “authorization object2: S_PRO_AUTH Project no: 900 ACTVT: 03” “additional selection criteria: unlocked users only
  10)  S_TCODE=SU01: Additional selection criteria – Unlocked users only
  11)  S_TCODE=SU01; 2: Authorization object 1: S_USER_AUT; ACTVT Value=03 or 08” Additional selection criteria – Unlocked users only
  12)  S_TCODE=SU02; Additional selection criteria – Unlocked users only
  13)  S_TCODE=SU03; Additional selection criteria – Unlocked users only
  14)  S_TCODE=SU10; Additional selection criteria – Unlocked users only
  15)  S_TCODE=RZ10; Authorization object 1: S_DATASET, ACTVT Value = *; Authorization object 2: S_RZL_ADM ACTVT Value = 01 or 03; Additional selection criteria – Unlocked users only.
  16)  S_TCODE =SE16; Authorization object1: S_TABU_DIS, Authorization group = SC, ACTVT =02; Additional selection criteria: unlocked users only
  17)  S_TCODE = SNRO; authorization object1: S_NUMBER, Value = #*, ACTVT = 01, 02, 11; 3: Additional selection criteria – Unlocked users only
  18)  S_TCODE = SCC4; authorization object1: S_TABU_DIS Table Maintenance (via standard tools such as SM30), ACTVT = 01, 02, 03; authorization group = SS; Additional selection criteria – Unlocked users only
  19)  Authorization object 1:S_ADMI_FCD, Value: SP01 or SPOR; authorization object 2: S_SPO_ACT Value = ATTR (change attributes of protected spool request) or BASE (see protected spool requests in the output controller [determine whether the spool request exists], display request attributes) and DELE (delete request manually) or REPR (output protected spool request more than once); authorization object 3: S_TMS_ACT (Actions on TemSe objects); STMSOWNER Value  = GRP (external TemSe objects in own) or OWN (own TemSe objects) authorization object 3 = S_TMS_ACT: Additional selection criteria – Unlocked users only
  20)  S_TCODE = SCCL; authorization object 1: S_CLNT_IMP, Activity = 21, 60; authorization object 2: S_TABU_CLI, Cross Client Indicator = #*; Additional selection criteria – Unlocked users only
  21)  S_TCODE = SCCL; authorization object 1: S_CLNT_IMP, Activity = 21, 60; authorization object 2: S_TABU_CLI, Cross Client Indicator = #*; Additional selection criteria – Unlocked users only
  22)  S_TCODE =SM31;” “authorization object 1: S_TABU_DIS, ACTVY =01,” authorization object 2:  “S_TABU_CLI CLIIDMAINT =x”: “additional selection criteria: unlocked users only
  23)  S_TCODE =SM30;” “authorization object 1: S_TABU_DIS, ACTVY =01 or ACTVY =02,” authorization object 2:  “S_TCODE =S_TABU_CLI, CLIIDMAINT =x”: “additional selection criteria: unlocked users only
  24)  Authorization object 1: “S_TCODE =SA38 or SE38;” “2: authorization object S_PROGRAM Value =SUBMIT: “additional selection criteria: unlocked users only
  25)  S_TCODE =SA38 or SE38;” “2: authorization object S_PROGRAM Value =SUBMIT: “additional selection criteria: unlocked users only.
  26)  Authorization object 1: S_TRANSPRT Value = 43
  27)  S_TCODE = SE01; authorization object 1: S_TRANSPRT Value:1, 2; authorization object 2: S_DATASET Actvt: 06,33,34
  28)  S_TCODE = SE03; authorization object 1: S_TRANSPRT Value: 06,43 ; authorization object 2: S_CTS_ADMI Value: TABL
  29)  S_TCODE = SE10; authorization object 1: S_TRANSPRT Value: 01, 02; authorization object 2: S_DATASET Value: 06, 33, 34.
  30)  S_TCODE = SCC4; authorization object 1: S_CLNT_IMP Value: 21, 60: Additional selection criteria – Unlocked users only
  31)  S_TCODE: SM12; authorization object 1: S_C_FUNCT Value = *; activity value = 16; authorization object 2: S_ENQUE; S_ENQ_ACT Value = *.

  i want to learn what all these authorization objetcs stand for. 1,2,3,4... because each one asks a different report..
  for example, lets talk about first one.
  1)  SUIM---->   S_TCODE = SM36,Authorization Object 1: S_BTCH_ADM = Y; Authorization Object 2: S_BTCH_JOB = * for Job Operations and * for Summary of jobs for a group; Additional selection criteria – Unlocked users only
  in this report. why does it ask this? what does it mean to to choose S_BTCH_ADM to Y ,S_BTCH_JOB, to * and choosing ..or Job Operations and * for Summary of jobs for a group; Additional selection criteria – Unlocked users only..
  i wonder this. why is this report it important and what does it ask?
  Thank you for your messages.

• Checklist for SAP BI 7.0 and BO XI 3.1 integration - Challenges

  Hi Users who have successfully configured SAP BO XI 3.1 with SAP BI 7.0,
  We are preparing to install SAP Integration Kit and follow through on the steps (..that I have come across in some of the docs on these forums ) that would enable our users to report using BO - Webi.
  I would like to know what are the major challenges you have faced ? How did you resolve them or get around them?
  I would like to know who are all the mandatory technical people  (eg., sap security guy, BO admin,... ) that needs to be a part of this effort. What would be their specific role ? When would each of these guys come into the scope without whom we cant do this successfully?
  What would be the basic checklist of things , hardware /software (eg., Service Pack #, SAP Notes, Universe version,..) that would go along with SAP BO XI 3.1 and SAP BI 7.0 that we would have to do before/while installing Integration Kit make our job as smooth as possible?
  What are the DONT's and DO's of this work?
  How to make sure the this process is optimized / justified (performance wise, ..)?
  Are there any specific documents which shows the screenshots of this whole process end to end (i.e.,successfully install, configure, create/design the 1st Universe in BO based on BEx query, create the 1st query in BO, create the 1st report in BO, let the user view/edit/modify the report)?
  Responses from anyone who has gone through all these steps smoothly & successfully (which might include tips, tricks) are greatly appreciated.
  Thank you in advance.

  SP18 should be OK.  We're at SP19.  Again, a fair number of MDX related OSS Notes in SP20 and 21.  Some integration enhancements are only being made to EHP1, so if you do apply SP, you might as well go to EHP1, e.g. Thomas Zureks has a couple of blogs on some of the enhancements
  /people/thomas.zurek/blog/2009/03/06/better-performance-for-universe-based-access-to-bw
  /people/thomas.zurek/blog/2009/03/16/faster-universe-based-access-to-bw-via-mdx
  There are good things coming in WebI later in 2009. Of great interest to BW / WebI customers I think will be a feature called Query Stripping that is supposed to come in WebI SP3.  In BEx, you can create a query with many free characteristics, which really provides the query user with a guided ad-hoc capability, where they can pull any of the free characteristics into a report.  BEx does not include free characteristics in the generated SQL until the user specifically adds it to their report, so there is there is no performance impact of having several free characteristics available for use.  This lets you have one BEx query that is extremely versatile.
  A WebI document on the other hand, includes all objects in the query in the generated SQL, even though they are not actually used in a report.  With query stripping, if the object is not used in the report, WebI can (as an option) remove references the the object(s) from the generated SQL.  This gives you the same potential in WebI, to create a query with many objects in it, abd the user can drag them in / out of the report, providing you the ability to create one WebI query that can be the basis for for much more reporting.

• Checklist for daily tasks with multiple rows submitted at once

  The goal is to have a list like this.  I can pull these in with webparts and List Views, I am sure.  The issue I have is submitting these "Tasks" at once with InfoPath.
  I have a request for a daily checklist.
  I was going to setup some views in InfoPath to get the information for them to fill out, Daily, Weekly, Monthly, Quarterly, Annually.
  You select Daily, and a page view in InfoPath shows up with the selections for the checklist.  These would be pulling from a SharePoint List.
  The issue I have is that I don’t know how to get all the information for, say to be submitted or presented to the form at once.
  THe user select Daily from the checkbox on the first / default view, and they are taken to the Daily View and have these checkboxes for items to "check off" once complete:
  Daily:
  SCOM Health Explorer - Check/Fix
  Backup Check/ Fix
  Data Center Walkthrough
  Security Cameras
  VPN's are p
  Audit logs on production
  Wireless Check
  SPAM
  Antivirus
  AD
  My issue is that I would like to have all that information be submitted into a list in the row in which it is submitted.
  I know how to submit item ONE at a time, but to have the submit button go through each row in my form...I am at a loss on how to do so.  I am looking to make it as easy as possible with the same,
  hopefully for the user.  I would like to present all the information to them and have them tick off the information, without a drop down to go ... drop down, check, drop down, check, drop down, check.
  I just don’t know how to set the items to go into the list in the row in which they're presented after a user "completed" the checklist.
  What I have so far:
  So I have a custom list that has all these in a single column, title, and I can create a variable, etc.  But I am trying to link that information (I am NOT tied to the custom list if it’s not the
  best plan!)
  But I am trying to take the other custom list, where you submit, that has (from my custom list)
     TaskName   Daily   Weekly   Monthly   Quarterly   Annually   Issues Issues1  
  TaskName is the SCOM through AD list item (single line of text), Daily, Weekly, etc. through Annually are checkboxes, for “Yes / No" for "is the selection Daily or Monthly, etc.” and the issues
  that people may have with the checklist "the issue for AD is that it was corrupted", issues and issues1 are tests to see about putting in “issues1” single line of text and “issues” multiple lines of text (I can NOT pull in multiple lines of text
  as an option in Get External Data in InfoPath for the Receive Data.  Issues1 shows up (Single line of text)
  But NOT Issues (Multiple lines of text) Not earth shattering, if they have to have 255 characters, so be it!
  But for me, what I think I want / what would be good, would be to have multiple items show up when they select Daily and the Daily options populate in the view for them to submit, with check for OK or
  their putting in any issues into the Issues1 field.
  They hit the submit button and are “done!”
  The TaskName field is filled out MULTIPLE times, one row for each Daily “task.”  The table below would then show the information with Task Name and other rows being filled in over and over again. 
  I just don’t know how to get the Submit to go line by line and fill in line 1, 2, 3, 4…. From SCOM down to AD.
  When the form is presented, it will look something like this to the user, they select the checklist items, (Weekly, Monthly, etc. would be "hidden" if they didn't select that "View") and they'd put in the Issue, IF any.
  They'd hit submit and it would submit JUST LIKE THIS!  Each row would be a separate row in the SharePoint List, with each value going into it's own option with the TaskName being the name of the task.
       TaskName   Daily   Weekly   Monthly     Quarterly   Annually   Issues Issues1  
  SCOM   Health Explorer - Check/Fix   X
  Backup   Check/   Fix                              
    X
  Data   Center   Walkthrough                  X
  Security   Cameras                              X
  VPN's   are   p                                    X
  Audit   logs on production             X
  Wireless   Check                              X
  SPAM                                            X
  Antivirus                                      X
  AD                                            X                                                           
    Issue - User not show
  Thank you!

  Sadly no, I haven't gotten to this, it has fallen through the cracks and other items have come up. I apologize, would be nice to tell you I have had a solution!