Why am I a Sharepoint Cheerleader?

Guest Author: Amy Gabaldon

I have been in the fortunate position of working for a manager who saw an AA SharePoint presentation about 3 years ago, came back to work and said, �Amy, this SharePoint thing could be a really good thing for our group and I think you can figure it out.�  It took a bit of convincing before I was really on board. I had in my head that this really should be handled by our local IT group.  But their plate was already full and my boss thought I could do it—so I requested a site and started down the road of trying to figure this out.

I work at TAESL (joint venture between Rolls-Royce and American at AFW) and we are an overhaul facility for the Rolls-Royce engines on the 777 and 757.  We work on AA engines as well as third party customers.  When a customer gives us an engine to work on, we take it apart to see what the problem is.  Our customers spend a lot of money on our services and want an Engine Condition Report from the Engineering team detailing what was found during the tear-down process.

This was my challenge� figure out a way to use SharePoint for our Engineering team to have one place to log all of their findings (pictures, text, and document attachments) and basically, hit a button and get a report at the end.   In our shop at any given time we have approximately 35 engines (10 of one type and 25 of the other) in various stages of tear-down, repair, build and test/ship, 10 Engineers working various shifts�and working on a Condition Report is probably at the bottom of each of their �to-do� lists.

It�s been tough, I will admit. My background is probably the furthest from IT that there is. Very early on, I managed to completely delete our SharePoint site. (Just shows how little I really understood about it).  I�ve tried many different variations to get a good system in place for us to do what we need to do.  Our Engineering group has had to suffer through my learning curve but have been really good sports.  I have done a lot of research (Google, YouTube, blogs and books are your friends with this guys!) and have had the opportunity to attend some outside training sessions as well.

I have been very lucky in that we have had some great young Engineers that have come to TAESL through Rolls-Royce with no SharePoint experience but who �get it� �and have an understanding of programming/logic.  They have helped me bridge the gap in what I want to be able to do with our site and how to make it a reality.  With their help, my knowledge has expanded by leaps and bounds just by collaborating and troubleshooting.  I don�t think I could have gotten where we are without their help.

For people just starting out with SharePoint I think the �overwhelming-possibility-ness� of it can be intimidating.  Really, the sky is the limit on this.  Looking back, I think we tried to climb Mount Everest with our Engine Condition Report project.  It was pretty complex�involved designing 2 different multipage InfoPath forms (one for each engine type) that have data connections to pull some information from a SharePoint list and some information from an Access database, allowing Engineers to add their findings (text, pictures, document attachments) and then have a very snazzy �Print View� (which is actually a .pdf) so we can send/email it to our customers.

Oh, did I mention we track the progress of completion of this report automatically through our SharePoint site?  Our customers want this in a timely fashion�so that is a big piece of this as well.

I recently had the opportunity to attend the TEC2010 conference in Los Angeles and found out we are not alone! In fact, AA is actually further down the SharePoint road than some other big companies.  I know Ash Mughal and his team is preparing for AA to move to the SharePoint 2010 environment early next year and that is really exciting.

For us, our Engine Condition Reports were just the beginning; we�ve added many additional reports, workflows, alerts, status bars, charts and an external (outside the firewall) �Partners� site to our SharePoint repertoire. Other TAESL teams have launched sites (I think I am a participant or owner of 12 different sites) as a result of the work we�ve done.

For any group just starting out with SharePoint�I would have to make the following suggestions:

  1. Don�t be afraid to ask for help from our HDQ team.  They have implemented a really cool tool �Report a SharePoint Issue� and this has been my lifeline.  Their responses are timely and if needed, they can remote into your set to see what it is you are trying to do.
  2. Have a team of people working on this! Don�t just ask the one staff assistant to �go figure it out�.  SharePoint is all about collaboration and I firmly believe it takes that collaboration to get it going!
  3. Start small. Don�t try to climb Mount Everest.

Guest Author: Amy Gabaldon

Amy Gabaldon has a Bachelor’s degree in Social Work but has worked for American Airlines (in a variety of different roles) for 13 years. For the last 2.5 years she has had the opportunity to spend a lot of time trying to figure out SharePoint!


SPWebCast 017 - Build SharePoint 2010 Solutions with Visual Studio 2010

In this web cast Michael Hanes demonstates the new features for developers in Visual Studio 2010 for SharePoint 2010 developers.

Click here to view web cast on screen
Click here to download it to watch on iPod
or add the SharePointDevWiki.com feed to iTunes

SPWebCast 016 - Annual Leave Form - InfoPath 2010 BCS SPD 2010 Workflow and SP2010

In this web cast Matt Menezes demonstrates an Annual Leave Form using InfoPath 2010, BCS, Visio 2010 and SPD Workflow in SharePoint Server 2010.

Click here to view web cast on screen
Click here to download it to watch on iPod
or add the SharePointDevWiki.com feed to iTunes

The Science of Motivating SharePoint Usage

I do a lot of thinking about what it takes for people to join a community. EndUserSharePoint.com is one of the biggest on-line SharePoint communities in the world and the video embedded below explains how that can happen to your in-house projects.

Understanding motivation is a critical factor when it comes to changing people’s habits. How can we make it so that people will not only use what we have, but participate in the process. Dan Pink, presenter of The Surprising Truth that Motivates Us, says if we’re trying to incentivize, trying to "buy" motivation, it won’t work. He validates his theory with scientific research. I find what he has to say edifying on two fronts.

First, people who write for EndUserSharePoint.com don’t get paid. There must be some other incentive that drives their participation. It’s not just recoginition either, although they do get a large audience to view their ideas. The critical aspect that motivates people to write is that they get to choose the time, the place and the subject. It becomes a passion and we are just the outlet for that passion. That can be through becoming a regular contributor on the site, or through participating in Stump the Panel. The motivation is that it’s a choice and it’s fun to see your ideas exposed.

The second interesting part of the community is why people participate through the comments. Research shows that 90% of your (blog) audience will NEVER leave a comment. You can offer rewards, you can offer incentives, you can buy them dinner… nope, thank you, I’m not going to make a comment in public. 9% of you audience will occasionally comment if the subject is something so close to their own interest they can’t help but participate. The final 1% of the audience is what I like to term "evangelists". These are the people that help spread the word, that will stick with you when things go a little wrong, and even criticize on the back channel if they see you going astray. That’s how I found out that EndUserSharePoint.com was losing focus.

The evangelists for EUSP started coming to me, saying things like "I send people to your site all the time, but recently they’ve been coming back saying that can’t find anything that’s relevant for them." Ouch, that hurts, but it’s making a huge difference in how I’m starting to manage content on the site. What would make people who don’t even know me offer help and encouragement? What motivates them to participate in the community we’re building here? That’s what I think about everyday.

As a SharePoint Site Manager, you might start thinking along the same lines: What am I doing to motivate people to use my site? How am I encouraging them to participate, not just be consumers? Is there a project I can ask for help on that will be interesting enough that people will want to participate?

As an example, in an upcoming article, I’m going to ask for community participation in creating a SharePoint Community Wiki that will define all of the default web parts. I’ve tried, and a couple other people have tried, to create this alone, but it is just too big a job for one or two people. It seems much more reasonable to let the community help build the project. We all use the web parts in different ways, so not only will we get generic descriptions of the web parts, but the community will help supply use cases on how they’ve used them for internal projects.

Motivation for participating? "Hey, look what I was able to do!"

Let’s get back to the playfulness of building community, of discovering solutions. Let’s create a playground that has enough space for everyone who wants to play, and large enough to hold anyone who wants to stand on the sidelines and watch. Lurkers, which I don’t consider a derogatory term, are part of the community, too. In fact, they are the largest part. I’m putting this video up for two reasons. Dan’s message is solid and I really believe it. Also, TheRSA.org way of presenting information is pretty inspiring. When you watch this, think about how much more powerful the message is than if they’d used a simple PowerPoint deck.

TheRSA.org team has a series of videos like this, that are just knockout ways to present information. This alone is worth an entire post… creating compelling presentations, but I’ve got to get back to building my community.

Thank you for participating, and I mean that sincerely. It’s what keeps me, and the contributing authors, going.

Regards, Mark Miller Founder and Editor EndUserSharePoint.com

SharePoint, Data Security and Privacy Information. Why should it matter to you?

According to the Identity Theft Resource Center (ITRC) since 2005 there have been approximately 2,342 data security breaches affecting 479,550,937 records. These breaches took both paper and electronic form and were the result of a broad range of actions including hacking, physical theft, disgruntled employees, and accidental exposure just to name a few. In just 5 months this year there have been 264 breaches exposing 7,004,405 records. Scary, and interesting to be sure but I bet you’re sitting there asking yourself either; "What difference does this make to me?" or "Why should I care?" Well friends and neighbors that’s what we’re going to talk about today.

First of all let’s start out by defining what a data breach is. According to the ITRC a breach is defined as an event in which an individual name plus Social Security Number (SSN), driver’s license number, medical record or financial information/credit/debit card is potentially put at risk in either electronic or paper format. (ref - ITRC - Data Breaches) The information I have just listed is often known as Personal Information (PI) or in the environment I support Personally Identifiable Information (PII).

Ok, we know what a data breach is now, but so what? If you look at the list of breaches you don’t see SharePoint mentioned anywhere so why should this matter to me?

Here’s why…

On 01 March of this year the new Massachusetts data security law went into effect and the client, customer or company you support could be held financially responsible if your SharePoint farm is compromised. The gist of the new law is that if you are storing any type of PI/PII on an individual that resides in the state of Massachusetts within your system, regardless of where the databases are located, you are required to follow the guidelines as they have been set forth in 201 CMR 17.00. Fail to do so and suffer a breach where the POTENTIAL for that information to be exposed exists and your client, customer or company risks being fined $5,000 per violation and record lost. Suppose you have 100 employees working for you in an office in Boston and your database server in Reston, VA gets hacked and you find that PI/PII related to those employees was potentially exposed, that’s only $500,000. You might want to touch up that resume!

What steps does this new Massachusetts law require of you? Let’s take a quick look at a few of the stipulations as I understand them:

  • Companies must maintain a comprehensive Written Information Security Program (WISP) that includes technical, administrative and physical safeguards to protect any stored PI/PII.
  • The WISP must be appropriate to the size of the business. Obviously the construction company down the road that has 20 guys working for it is going to have a WISP that is vastly different from the financial management company that has several thousand people working for it in downtown Boston.
  • The law mandates encryption of all data in motion and at rest including on laptops, hard drives, smartphones, MP3 players, USB drives etc..
    • Data in motion - traveling across the network in case you were wondering.
    • Data at rest - stored on some form of storage media.
  • There must be an individual or team that functions as the official data security coordinator.
  • You are required to take normally accepted steps to secure your data; password protection, up to date anti-virus protection, firewalls, keep patches up to date on your server etc…

"So what!" you say, "We don’t have anyone in Massachusetts!" Maybe not, but as of this writing there are approximately 46 states that have data security breach related laws in place. Most of those revolve around what to do after the fact or after a data breach has been discovered. The new Massachusetts law is among the first to be proactive and address prevention as opposed to reaction. Conventional wisdom should lead us to believe that PREVENTING a breach would be considered a best practice as opposed to reacting to a breach after one has occurred. That being said it’s only a matter of time before states and/or the federal government wake up and see this fact for what it is and begin to move in that direction. I don’t know about you but I would like to be way ahead of that curve when it starts rolling down the road towards us.

Lo and behold there are currently at least 3 bills on the floor of the Senate or House that cover the topic:

What has all of this got to do with SharePoint? Well, think about how your client, customer or company is using SharePoint. Are they doing any of the following?

  • Using SharePoint to manage internal job openings, applications and referrals.
    • Resumes and job applications are going to store personal contact information such as home address and phone numbers. These would be considered PI/PII
  • Using SharePoint for "Open Enrollment" and managing health or retirement benefits
    • Managing health and/or retirement benefits would generally require social security numbers of not only the employee but perhaps family members as well.
  • Managing Continuity of Operations efforts (COOP)
    • Contacts lists used in managing COOP efforts would generally require home phone numbers and/or addresses.
  • Allowing photographs to be associated with an individuals profile
    • Photographs are considered PI/PII because they associate a piece of information (the picture) with an individuals name.
  • Managing travel requests or maintaining travel profiles for employees.
    • Managing travel requests may require that credit card numbers, hotel rewards cards and frequent flyer miles be tracked. All of these would most likely include names, billing addresses, home phone numbers etc…
  • Human Resources functions
    • HR could possibly be your largest focal point of concern if you manage employee records, resumes, external recruiting, onboarding documents, etc…
  • Accounting
    • Payroll activities will include every piece of PI/PII you can imagine.
  • Contractor verification
    • If your client, customer or company does any kind of bidding on work you may have a system in place to evaluate potential partners and/or contractors. It’s a pretty good bet that the system will include resumes of people being considered for potential positions on the contract being bid on.

This list could go on…and on….and on…

In reality this should all be part of your governance policy but it’s probably not something a lot of SharePoint Administrators think about because it either doesn’t occur to them, the organization they support hasn’t put a governance plan in place or they aren’t fully aware of what their SharePoint farm is being used for. Another thing to think about is this….how many SharePoint Administrators are COMPLETELY up to speed on how their SQL servers are configured, what the backup schedules/plans are, are the drives encrypted?

Looking at how individual states are reacting as more and more data breaches occur and how it appears that the federal government is beginning to get involved and I think that it’s safe to say that it’s just a matter of time before we have laws in place at both the state and federal level that address data security from a prevention stand point as opposed to being reactionary as most current laws are now. As you move forward with planning your migration to SharePoint 2010 or are going through the yearly review, assessment and update of your policies (or lack thereof) this might be something you want to take into consideration.

Some fast facts regarding data breaches between 2005 and 2009 (there were not a lot of statistics before 2007):

  • In 2009 74% of all data security breaches were electronic, 26% were paper.
  • In 2009 of 498 reported breaches only 6 reported that they had encryption or other strong security features protecting the exposed data.
  • In 2008 reports of breaches jumped almost 46%
  • Financial, banking and credit sectors were the most proactive in terms of data.
  • In the government/military sector breaches have dropped almost 50% between 2007 and 2009.
  • In 2008 only 2.4% of all breaches had encryption or other strong security measures in place
  • In 2008 only 8.5% of all breaches involved password protected systems.


# of Breaches

Effected Records






















Breach Type Percentages by category














Educational Institutions







General Businesses







Health Care Facilities














SharePoint: Extending the DVWP � Part 5: Doing Stuff Before Save on Submit - PreSaveAction()

Author: Jim Bob Howard

Sometimes a user clicks OK before we want them to. Whether we want to validate data before saving it, or grab some other information, or create an alert to let the user know something, SharePoint has a built-in feature that allows you to intercept a click of the OK button before the save is committed.

In fact, you can use it even on a standard default form (NewItem.aspx, et.al.) where you don’t otherwise edit the page at all.


The default save (or OK) button in SharePoint calls PreSaveAction() before it does anything else. Out of the box, it doesn’t do anything: it’s an empty function. So, we can use it to do things before the item is saved, and can even keep it from saving if we so desire.

Simply add the PreSaveAction() Javascript function to a Content Editor Web Part (CEWP) on the page, like this:

<script language="javascript" type="text/javascript">
function PreSaveAction() {
    // do some stuff - See future articles for some "stuff" suggestions
    return true; // if things go well�
    // or
    return false; // if they don't�

Using PreSaveAction() in the DVWP

If you’ve been following the Extending the DVWP series, you may wonder what this function has to do with the DVWP. Form actions in a DVWP don’t call PreSaveAction(), but we can make them call it, which comes in very handy here as well.

To call PreSaveAction()  from a form action link, we simply have to add a call to it before the GenFireServerEvent call:

So, this…

<a href="javascript: {ddwrt:GenFireServerEvent('__commit')}">save</a>

Becomes this …

<a href="javascript: if(PreSaveAction()) {ddwrt:GenFireServerEvent('__commit')}">save</a>

By placing the call inside an if condition, we can make sure the rest doesn’t fire if we determine in our function that it shouldn’t. And it means we get the same functionality as the out-of-the-box OK button.

Next time:  We’ll take a look at using Workflows with DVWP form actions.

Author: Jim Bob Howard

Jim Bob Howard is a web designer / webmaster in the healthcare industry. He has been working with SharePoint since March 2009 and enjoys sharing what he has learned. He is a moderator and frequent contributor to Stump the Panel, and answers SharePoint questions on Twitter (@jbhoward) and via email (jimbobhoward@gmail.com).


SharePoint: Web Part Pages - Making Your Own (Screencast)

When creating Web Part Pages in non-publishing sites, the Quick Launch navigation on the left is lost.  This can be quite an annoyance, especially when you want end users to have the same fluent interface sustained no matter where they are on the site.

In this screencast, Laura Rogers shows a quick way to create your own blank web part page using SharePoint Designer, which allows you to KEEP the Quick Launch on the page.  This method also gives you an extra bonus� the ability to create a custom layout for your web part zones.  The step by step process is written in Laura’s blog post called Create a Web Part Page WITH a Quick Launch Menu.

Web Part Pages - Making Your Own

Note about creating a table with web part zones in it:  Go into the code and set each table cell so that it is vertically aligned to the top.  The following is an example of the code to include in each "TD" in code view:

<td valign="top">

Add Simple Widgets to Your SharePoint Page

When I teach beginning SharePoint users, I describe web parts as "little widgets you can drop on your page". That usually does the trick. However, what if you REALLY want to put some widgets on your page? How would you go about doing that?

I sent out a link to the SharePoint World Cup Template demo site I created from Andy Dale’s framework template. I tweaked it a little with some widgets to make it a little less geeky. I then received this message from Ray, one of the EUSP Weekly Newsletter Subcribers:

"I’ve never added a widget to a page. Where can I find instructions on adding one of the FIFA widgets to MySite?"

Hey, EndUserSharePoint, right? We’re supposed to be able to show people how to do this stuff, so here you go, Ray. Thanks for the suggestion.

Get Started

First thing we have to do is go find some widgets worth putting on the page. FIFA has a media page setup that has about half a dozen available. Go to Google and type in FIFA Widgets. The first thing that shows up in the search is a direct link to the widget page.

Look over the widgets and see which one you like. My favorite is the Ranking widget, since it shows a lot of colors and actually might be useful. Click the widget on the page and a modal window will pop up. Double click the "ADD WIDGET+" button and some code will be exposed. (Sometimes there’s a request to "Choose your favorite team". I ignore that and close it.)

 Embed Code

Copy the code from the widget. Here’s the one for the Rankings:

<img style="visibility:hidden;width:0px;height:0px;" border=0 width=0 height=0 src="http://counters.gigya.com/wildfire/IMP/CXNID=2000002.0NXC/bT*xJmx*PTEyNzQ4MTc*ODIyMzQmcHQ9MTI3NDgxNzY5ODY*MCZwPTExMjQxMjEmZD13b3JsZHJhbmtpbmdfZW4mZz*yJm89ZGZk/YjE*OWQyYjU3NGYwMzg1NDlkN2UwNmFkZDNiNWMmb2Y9MA==.gif" /><object  classid=clsid:d27cdb6e-ae6d-11cf-96b8-444553540000 codebase=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0 width="300" height="400" align="top" id="WFHost"> <param name = "FlashVars" value = "Partner=1124121&theme=New Classic&widgetW=300&widgetH=400&widgetX=0&widgetY=0&stickyType=&WFBtnX=0&WFBtnY=0&defaultPreviewURL=http://www.fifa.com/flash/widgets/worldranking/images/image_en.png&useFacebookMystuff=false&buttonURL=http://www.fifa.com/flash/widgets/worldranking/images/button.png&URL=http://www.fifa.com/flash/widgets/worldranking/app.swf%3FteamId%3Darm%26lang%3Den" /><param name="wmode" value="transparent"/><param name="allowScriptAccess" value="always" /><param name = "movie" value = http://cdn.gigya.com/wildfire/swf/WildfireHost3.swf /> <embed name = "WFHost" id = "WFHost" width = "300" height = "400" src = http://cdn.gigya.com/wildfire/swf/WildfireHost3.swf 	flashvars="Partner=1124121&theme=New Classic&widgetW=300&widgetH=400&widgetX=0&widgetY=0&stickyType=&WFBtnX=0&WFBtnY=0&defaultPreviewURL=http://www.fifa.com/flash/widgets/worldranking/images/image_en.png&useFacebookMystuff=false&buttonURL=http://www.fifa.com/flash/widgets/worldranking/images/button.png&URL=http://www.fifa.com/flash/widgets/worldranking/app.swf%3FteamId%3Darm%26lang%3Den" AllowScriptAccess="always" quality="high" wmode="transparent" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" /></object> 

Embed the Widget Code

Go to the page where you’d like to place the widget. You must have at least Site Manager permissions because you will need to add a web part to your page. Open the page for editing (Site Actions -> Edit Page). Click "Add a Web Part" at the top of the web zone where you’d like the widget to appear. Scroll through your web part gallery and find the "Content Editor Web Part". If one isn’t available, it means you administrator has removed it from the gallery.

Open the Tool Pane in the web part (Edit -> Modify SharePoint Web Part), and choose the "Source View" button. This will allow you to embed HTML, javascript and other stuff into the backend of the page. Paste the code you took from the FIFA site into the source view. Click Save.

 Content Editor Web Part Source View


That’s it! What? You expected more? Nope. Find some cool stuff, cut and paste it into a Content Editor Web Part and you’ll be a hero in no time.

I would really like to see what other people are doing with their SharePoint World Cup template page. Leave a link below and we’ll check it out.

Happy widget-ing.