IFAS COMPUTER COORDINATORS
Message to the ICC-L from Santos:
Print spooler was stopped on the old print server. If users have issues printing please have them log off and logon. If users are still having trouble please follow usual steps to troubleshoot printer issues. A good starting point is using “cscript \\ad.ufl.edu\netlogon\ifas\printers.vbs if-srvv-print /debug” this should list the printers the user have access to.
Please email us if you have any issues
Most people reported having only minor glitches in moving to the new print server. Steve had one printer that needed host-based drivers and did not work with the universal drivers. Naturally, this was the only printer Steve had failed to get a test print on prior, but Santos resolved the issue quite quickly. Winnie had a single issue as well and Wendy reported that one of her printers was working better than ever. Some of the default settings needed to be tweaked, as Santos has warned earlier, but overall things went well.
Santos later told Steve that some units had more difficulties. Animal Science was using its own login scripts and no one was apparently aware--consequently, thing broke when the old server was shutdown and it took a while to figure out why. Environmental Horticulture also had numerous issues, but they seemed to be mostly due to lack of testing and support at the local level in spite of Santos's frequent and detailed notifications over the past many weeks.
Membership of ". IFAS-ICC" email distribution group to be narrowed to ICC members only
Steve had been using this agenda entry for many months to remind folks that the ". IFAS-ICC" email distribution group does not include the broader audience which the ICC-L will reach. Plan your e-mails accordingly. This month Dan Cromer said that he didn't see the need for this and felt that we should be using the ICC-L list because that was archived.
Steve pointed out that the distribution list is archived as well--to a public folder--so archiving wasn't really an issue. Wayne needed a way to reach only ICC members rather than the larger audience subscribed to the ICC-L, however; he often needs to target his e-mails more closely. Steve had always wished for that as well as has been please with how this separation has worked out.
Dan reported that the Green IT plan is now being documented on the UF IT Wiki. You can find that by going there and searching on "Green IT". The plan is described there by a list of eleven bullet items.
Dan said that in discussions with the IT Leadership Team, the next step is to discuss the "who, where and how" of implementing each of these items. Dan believes that some of these items will be set by policy from above and others will be offered as guidance/encouragement. Dan said that he would appreciate feedback either through him or via the ICC so that our views on the matter might be heard and taken into consideration.
Steve asked which of these items might have the largest impact on units and Dan responded that the "Turn equipment off or use power management when not in use" item would require the most local effort in coordinating. We will need to implement local Wake-On-LAN controllers within each subnet because broadcasts of those have been disallowed for security reasons.
Dennis asked how this Wake-On-LAN worked for those wanting to RDP into their work machines from home. Steve recalled that Santos had implemented an opt-out for such cases as it did not otherwise fit into the scheme; Santos had described the overall scheme at a previous ICC meeting.
Dan also mentioned that Elias is working with Dell to try to come up with four packages that would include energy conserving configurations. Dan believes the plan would be to require justification should one wish to buy something different. Dan pointed out that one problem with that is the packages would need to be updated frequently (every 2 weeks to 1 month perhaps) to keep up with progress in hardware innovation.
Wayne Hyde mentioned that Windows 7 will wake up to install updates and other scheduled tasks. A "powercfg -requests" may be performed to see what caused a Windows 7 machine to wake up.
Steve had left this on the agenda in case further discussion was deemed warranted.
Steve wants to keep this topic on our radar.
Moving away from the IFAS VPN service (previous discussion)
Steve assumes that moving our VPN to private IP is waiting on Wayne Hyde finding the time to implement.
VDI desktops as admin workstations (previous discussion)
This is another cool service that Wayne has in progress and which is awaiting sufficient time to pursue further.
There was nothing new to report this month.
OU Technical Contact email groups now in use
You should now be getting automatic FSR reports concerning file server space usage (duplicate/large files/etc.).
Computer compliance tool in production (previous discussion)
Update as available...
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey has a good plan for dealing with this which he simply has had no time to address. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Andrew Carey was out last week and has been trying to catch up, but he did report that Francis Ferguson had deployed six servers last week. Ben still has a few left to put out in district two, but he was tied up with other issues and Fergie has been anxious to replace a number of his boxes (as has Bill Black). Andrew referred here to physical deployments only, however. The greater portion of the work is still yet to do, in configuring the machines and pulling over the data, etc. Fergie has a few more to put out before they start on Bill's district.
There were a few issues with the physical servers, mostly related to ventilation. These units draw considerably more power than the old models and therefore produce more heat as well. Some closets needed to be modified in order to keep the new units sufficiently cool.
Milton and Fisheries are the two sites that are completely live on the new server platform using the MPS for print and file services. Early next week Andrew intends to continue to migrate more folks to the new hardware that has been deployed so far.
Core Services status (previous discussion)
Data Protection Manager planning
Andrew reported that Wayne has been very busy setting up the new DPM servers which arrived last week. These are going to be utilized for remote backup of the MPS servers that are now being deployed. Fisheries is backing up currently and Wayne has been tweaking exactly what will be backed up and how often that will happen.
Andrew believes that most all of the remote MPS servers will be able to be backed up to Gainesville via this plan. DPM allows for controlling the rate and timing of such backups to fit around other bandwidth needs. The system is capable of backing up at the block level as well so that when a file is changed only the changes must travel over the wire rather than the entire file; that makes the process considerably more efficient. Utilizing DPM in this manner promises to make IFAS considerably more "hurricane proof".
Wayne Hyde reported via email to the ICC that McAfee had released an emergency DAT to address the "VBMania" mass-mailing worm. Wayne has checked that into ePO and set it to be pushed out to the clients.
Dennis Brown said that he has been getting a lot of complaints from various users that their computers are very slow Monday mornings. Dennis assumed that this was due to the scheduled scans but Steve had thought those Friday night fulls had not been set to "run if missed". Wayne investigated and found that they are indeed being run after a 1 hour delay, so Dennis's assumption was indeed correct. Wayne has provided some methods via tagging within the ePO console to console the timing of scans somewhat, but it is a fact that on-demand scans is going to butt heads with Green initiatives in that machine must be left on in order to scan during off-hours.
Wayne reported that McAfee uses its own internal task scheduler and probably can’t do this, but MSE uses the built-in task scheduler for the end-user scans which can wake up a Windows 7 machine. He guesses it is time to setup FEP 2010 and see what it can do. Here’s how MSE can be configured to wake up from sleep:
Status of SharePoint services (prior discussion)
IFAS migrating to centralized MOSS
Steve asked Ben Beach if he could provide an update on this topic. Ben responded that IFAS still plans to move over but they have not yet had those discussions with the UF team. Ben said that the majority of those wishing to migrate have already done so as most are small with less than 200 users. IFAS has more than an order of magnitude more users than that, however (~3500). Ben also mentioned that what we have in place currently doesn't necessarily fit well into their design model.
Steve asked about the funding model. Ben understands that each unit involved is expected to provide $6K per year towards funding the central SharePoint infrastructure. Since the size of units varies greatly, however, Ben isn't completely sure how that is all going to pan out for IFAS.
Ben believes that the best way to handle a migration for IFAS is for us to first upgrade our system to the latest version and then migrate over afterwards. Doing that would require that we get an MSSQL upgrade, however, and that means $$$. Ben mentioned also that he believed UF's design includes a public facing aspect while IFAS currently has intranet access only; Ben isn't clear on how that matter will be addressed but for now plans on our presence remaining intranet only.
Nothing further was available on this topic at this time.
The September Microsoft patches will include nine bulletins (four Critical and five Important) addressing thirteen vulnerabilities in Windows, Office and IIS.
McAfee provides podcasts on the highlights of each month's offerings.
Additionally, there has been quite a bit of discussion on the "DLL-preloading remote attack vector". Quite a number of common applications are vulnerable. Actual patching will depend on updates from the many vendors involved, but Microsoft has a mitigation plan that includes installing a tool that enables a new registry key setting to control how applications load DLLs. We could deploy the tool in preparation w/o effect, but will have to very carefully consider things before playing with the registry settings that enable the mitigation. Some applications will be broken apparently, and how serious that might prove vs. the risks of these vulnerabilities is yet to be determined.
There is a new critical vulnerability in Adobe Reader and Acrobat; no patch is yet available.
MS Office News update
Job Matrix Update status
This is here as a standing topic--no discussion this month.
Steve wants to keep this item on the agendas in order to address potential future concerns.
Steve noted that Micah Bolen had posted a question regarding the folder at \\ad.ufl.edu\ifas\scanners. Steve had been unaware of that folder and its purpose, so he asked Andrew to provide an explanation. Andrew explained that this DFS share is used for departments with multifunction devices (copy machines generally) that needed to scan to the network. The printers themselves generally do not understand DFS, as they are often based on a Linux kernel. To get around that they had created a share on the print server with a folder for each department; the scanners could then drop files there directly. The drive mapping for users to pick up their scans was then done via DFS so future changes wouldn't affect the login script mappings--rather only the copiers themselves would need to be updated with a new path.
Steve asked if these departmental scanning folders included subfolder structures or if everyone's scans were generally dumped in the one pot. Andrew said that most used a single folder but added that Daniel Solano (no longer with IFAS) had developed a more detailed structure so that various individuals would have a private location for their scans to reside.
Andrew added that space is limited and those areas need to be kept clean; that has been stressed to the users. Steve asked Winnie Lante if she had ever gotten her copier to scan to the network and she responded that she had tried without success. The copier in question is a Minolta out at Fisheries. Andrew said that scanning to the Fisheries MPS might be a better solution--apart from the issue of not being able to connect at all that is.
Steve noted that the manuals are awful on how to do this and Winnie added that the technician from the copier vendor was clueless in her case. Andrew responded that part of the issue is that every department in IFAS buys a different brand of copier and in many cases doesn't even consult with local IT staff when doing so. In Andrew's experience Ricoh's were about the best; he would recommend considering that make for any future purchases if possible.
Kevin Hill offered to Winnie that he has a Minolta in Immokalee that he has successfully connected. He utilized FTP via a web server, however, so the model he used is a bit different from others within IFAS. The connection is fairly secure, however, because it is locked by IP. Andrew said that they had been creating a service account for copiers on campus and entering those credentials into the copier for access. That account would only have access to that one folder on the print server.
Dennis Brown said that they had their copier configured to send scans via e-mail. The technician for his vendor (CopyFax) has actually been quite helpful in getting and keeping that running. Dennis mentioned that their copier is a Ricoh. Andrew asked if this guy was from CopyFax and Dennis responded he was. Andrew said that this guy was indeed among the best techs that he has dealt with--most are mainly salespeople with minimal technical knowledge.
Phishing e-mails continue
John Wells said he had received a couple of reports from county users regarding phishing attempts; he asked if there was a lot of that going around. Steve responded that this pop up on a regular basis and some are more finely crafted than others. Steve notes that he himself got one later that day from "email@example.com; on behalf of; firstname.lastname@example.org" with a subject line of "PLEASE UPGRADE YOUR ACCOUNT" and a body containing "All GatorMail Account needs to be Revalidated by Clicking this link". This is basically a matter of end-user education. They must continually be reminded that such messages will never be legitimate.
PDF-Xchange (prior discussion)
Updates as available...
Interest in Wordpress blog systems, and photo gallery systems that require PHP and MySQL
Updates as available...
The meeting was adjourned early at about 11:30 AM