ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM September 14th 2012 REGULAR MEETING

A meeting of the ICC was held on Friday, September 14th, 2012 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Sixteen members participated.
 
Remote participants: David Bauldree, Bill Black, Dennis Brown, Dan Christophy, Dan Cromer, Kevin Hill, Al Ibanez, Marvin Newman, Mike Ryabin, Nick Smith, John Wells, and Gary Wilhite.
 
On-site participants: Steve Lasley, Chris Leopold, Wendy Williams, and Alex York.
 

STREAMING AUDIO: available here

NOTES:

Agendas were distributed and the sign-up sheet was passed around.

Report from the chairman

Member news:

Steve noted that Robert Peck has been hired as a Web Developer in IFAS Communications. Robert was unable to make it today, but Steve would like to welcome him to IFAS and hope we can meet with him at some upcoming meeting.

Bill Black had mentioned to Steve that he had invited Andrea Dunlap to our meetings. She usually helps Bill with minor IT work for the Range Cattle REC in Ona and Bill takes care of the rest. Bill thought it would be good for her to attend and be aware of things going on in IFAS IT. Bill noted that the Ona Rec has grown quite a bit in the last few years both in people and buildings.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

Video Services support fronted by the UF Computing Help Desk

Updates not available...

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

Updates not available...

Other standing VC topics

End-user Scheduling (previous discussion)

Updates not available...

Movi (previous discussion)

Updates not available...

Lync updates (previous discussion)

Kevin Hill noted that some students at Immokalee had experienced clipped audio and frozen video issues using Lync to connect to a seminar class being held via bridged videoconference. Kevin said that they had been trying to get students to use Lync rather than their limited Polycom resources for such things; apparently that is not working too well, however.

Dennis Brown asked if anyone else had experience issues with receiving content from bridged VCs. He said that he has recently had some remote sites report not being able to see the content they were pushing from Fifield and was told it might be due to "inclement weather" at those locations. While weather might conceivably cause network issues secondarily in some cases, no one else at the meeting reported a similar experience and/or explanation of cause.

As mentioned last month, Microsoft Office Communicator (OCS) will stop working for UF by Monday. Dan Cromer and Chris Leopold had emailed a list to the ICC-L of individuals still on MOC.

Nick Smith mentioned that he has 32-bit and 64-bit Lync install sequences configured in SCCM if anyone is interested.

WAN (previous discussion)

Updates from James Moore

Updates not available...

Policy

IT Reporting Relationships (previous discussion)

Updates not available...

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

Is training coming?

Dan Christophy said that David Essex is preparing training materials and suggested that perhaps David might be able to present on this at the next ICC meeting in October.

Kevin Hill reported frustrations with the new Remedy, saying that the interface is very slow and sometimes will not accept input. Dan responded that David should be able to help by providing specific instructions on how to perform various tasks as quickly and efficiently as possible while ignoring those parts of this massive interface that really don't apply to us.

Kevin thought training would be helpful but noted that he has decided to contact folks directly rather than using Remedy in the meantime. Dennis Brown asked if Remedy could be customized so that he could assign tasks to his technicians. Dan suggested that Dennis raise that question to David Essex at his next opportunity.

Migration of DNS and DHCP Services to New BlueCat Platform (previous discussion)

Updates not available...

UF File Express now in live production (previous discussion)

Updates not available...

UF FAX server project (previous discussion)

Updates not available...

Implementing the Mobile Computing Security policy (previous discussion).

Updates not available...

Wake on LAN support coming to campus: (previous discussion)

Updates not available...

New Secunia site license (previous discussion)

Kevin Hill asked if anyone else was using Secunia to push patches because it had been broken for him for some time. Steve said that he believe only Kevin and Wayne Hyde had that capability and that only Kevin had investigated doing that as far as he knew.

KACE agent deployed to IFAS (previous discussion)

Updates not available...

Domain Policy and redirect duration (previous discussion)

Updates not available...

CNS working to implement NAC for UF wireless (previous discussion)

UF wireless still too hard?

Jimmy Anuszewski had pointed us to an Alligator article that covered some of the frustrations being felt by returning students. Steve echoed that frustration a bit noting that he had been experiencing all sorts of different issues in getting UF wireless installed for folks. It seems that each install has a different issue. While Steve has always managed to get the job done, it is frustrating how difficult it is to do in general.

Dennis Brown said that he had difficulties and even took one laptop over to UF's Help Desk for resolution. They didn't really do anything he hadn't tried, but it worked for them for some reason while it hadn't for Dennis.

Wendy Williams mentioned seeing installations stop working for no apparent reason with the only solution being to delete the connection and start over. Al Ibanez said that he was having issues with Macs where the connection would have to be redone to get it to work again; he has been getting those on a daily basis. Al also has seen this with Windows machines. Mike Ryabin said that he has been seeing the same thing as Wendy and Al. He also mentioned that access to resources seems to be unstable; one day folks can get to the file server via wireless, later they can't get there at all, then even later they can get there if they run a VPN. There seems to be no consistency to the problem, but Mike did say that people are getting very frustrated with the whole thing.

Dennis related that he had successfully used msconfig to find third-party wireless managers that rumor has it can interfere with installation of UF wireless. Steve noted that he has ignored those warnings and still successfully installed UF wireless on laptops using Intel wireless management software; consequently, Steve isn't sure how important that is to the whole process; perhaps this is only for certain makes of machines as per this list.

Steve also anticipates issues at password change time when folks have multiple devices--especially, perhaps smartphones-- connected to wireless. Unless the passwords are changed on all devices promptly, account lockouts are likely to result.

UF Exchange updates (previous discussion)

attachments.mail.ufl.edu maintenance

James Oulman announced: "Beginning Friday September 14th at 5PM CNS-OSG will be migrating the infrastructure hosting attachments.mail.ufl.edu to vSphere 5. Due to the large volume of data to be moved, we expect this work to be completed by 12PM on Sunday September 16th. During the maintenance period, stubbed e-mail attachments will be unavailable. Stubbing attachments was discontinued in early 2011."

Outsourcing of student email?

Dan Cromer related that Office 365 has been confirmed as the plan. A pilot will take place in the Spring term with the goal being full implementation in the Fall of 2013. Faculty/staff still using Gatorlink for email will need to move to UF Exchange. There will be an issue with students who are also employees and it has been decided that such individuals will be able to have two email addresses--one for UF Exchange and another for Office 365.

Outlook asking for re-authentication

Kevin noted that this continues to occur for certain people at certain times and asked what the "party-line" was on solving that issue currently. Steve said that this is apparently caused by load on the server whereby it can't respond quickly enough (see earlier discussion here and here), but he isn't sure it will ever be completely resolved. Steve had reported incidents to Scott Owens prior who would relay those to James, but Steve heard nothing back.

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Updates not available...

Split DNS solution for UFAD problems (previous discussion)

Updates not available...

Projects

New web cluster (previous discussion)

Updates not available...

Windows 8 Deployment? (previous discussion)

It will take a while to get all the auxiliary functions working well with this new platform. Chris Leopold mentioned issues with Windows Update Service that prevents turning on new features once a machine is joined to the domain. They are looking into workarounds.

Steve noted that the beta version of McAfee's at \\ad.ufl.edu\ifas\software\VSE880LMLRP2(Win8) seems to work but the agent does not. Steve has had to download dat files manually to update the virus definitions so far. Maybe there is a way around that but Steve hasn't had time to investigate.

We should likely start testing Windows 8 but using it in production will have a few issues until all the bugs get worked out.

SCCM for IFAS

Work continues on the central SCCM plans.

Dennis said that his unit is continuing to explore the use of SCCM for patching and OS deployment. They are slowly working through the various issues they are finding.

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Re-enabling the Windows firewall (previous discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (previous discussion)

Updates not available...

Operations

Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection?

Updates not available...

Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Patrick Pettus had provided via Mike Ryabin an update on where UF is with Mediasite Desktop recorder. It is supposed to be released in late August (status uncertain), which would mean that it will most likely be available for us sometime in the spring semester when we are able to do the next server update. Video Services is looking into the possibility of a site license for Mediasite desktop.

In the meantime, they are using Camtasia Relay for desktop recording and importing those recordings into the Mediasite catalog.

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (previous discussion)

Updates not available...

Moving away from the IFAS VPN service (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

Updates not available...

ePO updates (previous discussion)

Virusscan Enterprise 8.8 Patch 2 was released.

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

Patching updates... (previous discussion)

Microsoft

Mark this down as a first...most will get no patches at all! The September Microsoft patches will include only 2 bulletins (both "Important") addressing multiple vulnerabilities in Developer Tools and Server software.

McAfee provides podcasts on the highlights of each month's offerings.

Adobe

Flash ActiveX 11.4.402.265 was released in late August. It addresses yet more security vulnerabilities.

Adobe also released security updates for Reader/Acrobat, and Shockware in August.

Java

The recent patch situation with Java is quite disturbing. We need to move away from JRE release 6 before long because it is reaching end-of-life, but Oracle doesn't seem capable of patching JRE Release 7 for some reason. There are known exploits for the latest release. It is a shame we have so many things that are dependent on JRE, but it may be time to figure out ways to stop using it.

Apple

A new version of iTunes (10.7) was released that addresses a wide variety of security vulnerabilities.

Cyber Self Defense Class Via Videoconference

You are reminded about this upcoming class:

MS Office News update (previous discussion)

Updates not available...

Job Matrix Update status (previous discussion)

Updates not available...

Remedy system status (previous discussion)

Updates not available...

Other Topics

Microsoft Risk and Health Assessment Program (RAP)

UFAD was evaluated under the Microsoft Risk and Health Assessment Program (RAP) and a number of issues were discovered. One of those issues involved DC replication; about half of our remote DCs were reporting directly back to Gainesville but the other half were in a "full mesh" scenario. That is an issue for UFAD to resolve and they are working on that. Chris doesn't see any off-campus writable DCs being allowed, but they will certainly fix things so the proper hub/spoke topology is reinstated with Gainesville being the hub. There were some other issues that IFAS will need to address.

ITSA has used Ordway as a test site to make sure that their scripts are written in a fashion such that should a network failure occur between Ordway and Gainesville, that local services still work. That investigation was eye-opening and they found a host of issues of which they had previously been unaware. Those have now been fixed.

Chris said that IFAS has 77 unlinked GOs that we need to locate and deal with. We also had token size issues with some if-admx accounts where the maximum token size was exceeded due to group nesting of accounts. Steve mentioned having noticed that the default MaxTokenSize has been increased with Windows 8 and Server 2012.

It was also found that RODCs need to be pointing to campus rather than themselves; local clients will still point to the local DNS server first, however. Chris also said that he will be removing the tertiary DNS entries for DHCP at remote sites because IFAS DC01 is going away by the end of the month.

Evaluating HP as possible replacement vendor for Dell

Chris said that he wants to at least look at HP as a potential alternative to Dell for the next DC/MPS refresh which is one year away. He had already lined up Mike Ryabin to try out one of the test systems and Kevin Hill volunteered to try the other. The Dell for testing will be a PowerEdge 720xd. The HP equivalent looks to be a bit more expensive, but Chris wants to take the time to investigate other solutions to see if we might be missing out by not looking around a bit.

Using netdom.exe to change your computer password

Nick Smith shared a command-line trick that avoids having to rejoin a computer to the domain when trust is lost. This time-saving trick involves utilizing netdom.exe. nslookup without any parameters will determine the FQDN of the domain controller, which is the "/s" parameter that must be passed with the netdom command.

When Steve mentioned that he hadn't noticed this problem Chris Leopold said that he didn't think trust was really being lost. Chris thinks that this issue has to do with WINS having been discontinued but people are still using ufad instead of ad.ufl.edu when specifying the domain to join machines.

Steve said that ufad\username still seems to work for access to protected web sites. Chris said that this won't be the case much longer; he recommends using the UPN (i.e., username@ufl.edu) instead. Kevin Hill asked if the GlobalNames Zone was enabled on the domain so that UFAD can be mapped to ad.ufl.edu. Chris Leopold didn't think it was, but it seemed to be the consensus that doing that would solve many problems and we could still start pushing folks to use the UPN format down-the-road.

Mark Minasi returning to UF

Mark Minasi is returning as a presenter in UFIT's "Technically Speaking" series on February 6-7, 2013. Mark's talk will focus on Windows 8 and Server 2012. More details, including registration information, will be posted as soon as possible at http://www.facebook.com/GoGators.UFIT.

Listserv upgrade

Chris Leopold recently upgraded our Listserv to version 16.0 -- now with Anti-Virus Protection. There were some initial issues which Chris quickly resolved related to where listserv mail was delivered.

WINS removal

WINS is gone, may it rest in peace.

WebDAV and VDI announcement pending (previous discussion)

Updates not available...

The meeting was adjourned early a bit after 11 am.