This site uses advanced css techniques
The Jamaica release (v8.0, in late 2006) of the Evolution™ Payroll Service-bureau software apparently conflicts with a setting of DEP - Data Execution Protection - and it's necessary to disable this setting for any Evolution program that might use it.
Data Execution Prevention is a memory management technique used by some versions of Windows XP and Server 2003 to prevent some kinds of security attacks. It's a technically powerful method that solves a very large host of problems, but it's not compatible with all software for various reasons.
The Jamaica release includes some of these incompatibilities, and it's necessary to partially disable DEP on platforms that show the problem. It manifests itself with a "The RPC operation failed" message during report printing.
DEP has several modes on a system:
Turning DEP off entirely is not really a good idea, because the core Windows services are all designed to work with it, and it really does perform a useful security purpose.
Instead, we only need to insure that Evolution processes don't have DEP set, and this is achieved by the middle two settings above. We'll start with the easiest setting first.
Not all users need concern themselves with this. Service bureaus running Windows 2000 servers won't ever see this problem, and most desktop users (even those with XP) won't either. This lists the two broad categories of systems where this may come into play.
DEP is only a feature of Windows XP and Windows Server 2003, though it's expected to be found in Windows Vista as well. It requires support from both the operating system and the underlying CPU (there are both software and hardware flavors of DEP) — not all instances of DEP-supporting operating systems will actually have the full set of hardware to support it.
|Windows version||DEP ?|
|Windows Server 2003||Yes|
|Windows Vista||Not sure, but probably|
|Windows 2000||No DEP|
|Windows NT||No DEP|
|Windows ME||No DEP|
|Windows 98||No DEP|
|Windows 95||No DEP|
For most users, this is by far the best option: it's something to set one time and then forget about.
Now it's done: DEP is disabled for all programs other than the core Windows services, and this should require no more attention in the future.
Though it's true that these third-party programs won't be protected, machines used for the Evolution middle tier shouldn't have that much exposure to the outside world — this means its "attack surface" will be pretty small.
The demands of the Evolution middle tier servers really insist on enabling DEP only for Windows core services, but Evolution Remote users may not have the luxury of doing this.
These client machines typically run a wider variety of software, in a more hostile security environment, and there may be corporate IT policies that do not permit wholesale disabling of DEP. In these cases, it may be necessary to disable DEP much more selectively, leaving it enabled for all but the Evolution programs.
To do this, navigate to the DEP configuration dialog box as shown in the previous section, but instead select the lower radio button. Then:
This approach is a bit more work, but it more narrowly disables DEP just for the Evolution programs.
Note: we don't know which particular executables are actually troublesome, and it may not be that all must have DEP disabled, but this is the most expedient way to get this done until we can research it further.
Evolution Service Bureaus will have quite a few more programs in the exception list, and we've not yet enumerated them. We're quite sure that PackageServerService.exe is in that list.
First published: 2006/12/19