ICC logo IFAS logo


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM June 13th 2014 REGULAR MEETING


A meeting of the ICC was held on Friday, June 13th, 2014 in the NEW UF/IFAS Communications Building. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Thirty members participated.
 
Remote participants: Tom Barnash, Benjamin Beach, Wei Cao, Dan Christophy, Luis Coll, Kevin Hill, Russell Hunter, DeWayne Hyatt, Wayne Hyde, Al Ibanez, Taylor Jamrok, Chris Leopold, John Macias, Marvin Newman, Scott Owens, Joel Parlin, Jonathan Potts, Mike Ryabin, Lawrence Treadaway, and John Wells.
 
On-site participants: Jimmy Anuszewski, Dennis Brown, Dan Cromer, Winnie Lante, Steve Lasley, Matthew Nash, Karen Porter, Santos Soler, Raichel White, and Wendy Williams.
 

STREAMING AUDIO: available here


NOTES:

Agendas were distributed and the sign-up sheet was passed around.


Report from the chairman

Member news:

Raichel White has replaced David Blackman at AEC and SWS. Please join Steve in welcoming her!

In other changes, the Help Desk position formerly held by Nick Smith has now been filled by John Macias. Kevin Hill will be full time at SWFREC and his South Extension District support position is being filled by Brian Hurt, formerly IT support for Provost Office. Brian will work out of Belle Glade.

Dan Cromer announced that Mary Jane Frederick is leaving TREC; an offer has been made for her replacement.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.


Security:


Proposed Remote Access Policy (previous discussion)

Updates not available...

Implementing the Mobile Computing Security policy (previous discussion)

Updates not available...

Patching updates... (previous discussion)

Microsoft

The June Microsoft patches included 7 bulletins (2 "Critical", and "5 Important") covering 66 CVEs in the usual suspects. A risk assessment is available here.

Adobe

On patch Tuesday in May, Adobe released security updates for Illustrator (CS6), Flash Player, and Reader/Acrobat.

As of at least May 27th, Adobe Shockwave lacks any of the Flash security fixes since January 2013. Yes, Shockwave supplies its own version of Flash; nice...not!

Adobe also released security updates for Flash and Air on June patch Tuesday.

Java

Java v7r60 was released a couple of weeks ago; thankfully this is not a security update -- the next scheduled one of those will be again in July.

Apple

Apple released OS X security updates on May 16th.

There also was a security update for iTunes that same day followed quickly by another that was Mac specific.

Updates for Safari were released on May 21st addressing 21 security issues.

Other

FireFox bumped to version 30.0 and Chrome got a security update as well.

Wendy Williams mentioned that the latest version of Deepfreeze has a new software updater component that has proven very useful in pushing third-party updates like Flash, Java, Adobe Acrobat, etc. They like it so much that she is going to get Deepfreeze licenses for their administration computers so she can use this to update those (without Deepfreezing them).


Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)


Endpoint security concerns (previous discussion)

On May 30th, Patrick Pettus told Steve (via Lync) that he was going to send out a notice the first week of June for folks to test the MCU that VCS have moved to private IP. Those at CEOs will not be able to get there without changing the firewall rules so VCS wants to give them a few weeks to get that fixed before moving all MCUs to private IP. Once that is done, then we will be ready for endpoints to move to private IP whenever they are ready.

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

Updates not available...

Possible end-point refresh in the works (previous discussion)

Updates not available...

Movi/Jabber Updates (previous discussion)

Updates not available...

End-user Scheduling (previous discussion)

Both TMS and the Smart Scheduler now add a 5 minute non-editable startup buffer to VCs; this means that bridged connections will begin (or be available) 5 minutes prior to each event. If recording is scheduled, connection to the content server will occur at the event start time leaving 5 minutes to get connections and configurations in place prior.

Patrick Pettus had confirmed to Steve the hope that moving to Acano could obviate the need for videoconference scheduling, though TMS would still be used for endpoint management. Steve asked him if Acano had a way to call out to endpoints or whether endpoints would need to dial in all cases. Patrick responded that Acano does have a scheduling piece that he has yet to play with; he envisions endpoints dialing in for the most part though.

Patrick posted the following to Net-Managers-L on June 3rd:

Videoconference Infrastructure Change – MCU IP Change

What’s happening?

Video & Collaboration Services will be moving the videoconferencing MCUs from public to private IPs.

HD MCU: 128.227.156.80 will move to 10.227.156.80
MCU 1: 128.227.156.82 will move to 10.227.156.82
MCU 2: 128.227.156.83 will move to 10.227.156.83
MCU 3: 128.227.156.86 has moved to 10.227.156.86

When?

During the Sunday June 29th maintenance window 5AM – 9AM.

Who will be impacted?

  • Any users still connecting to videoconferences by dialing the MCU IP addresses.
  • Videoconference endpoints outside of the UF network will no longer be able connect to MCUs by IP and should now use:
    • Conference ID number @ the domain uc.ufl.edu (example: 7831234@uc.ufl.edu) or
    • Conference ID @ Gatekeeper IP 128.227.8.45 (example: 7831234@128.227.8.45)
  • Registered endpoints that can currently dial just the conference ID number (example: 7831234) to connect will not be impacted.

How can you prepare?

MCU 3 has moved to its new IP address. There is a test conference 7837777@uc.ufl.edu available for testing 24/7. Please verify that you can connect your endpoints to the test conference before June 29th.

Where can I find more information?

Please email questions or concerns regarding this change to video@ufl.edu

In addition, Patrick had sent the following directly to Dan Cromer:

Units external to UF network won’t be able to dial the IP directly after conversion to private IP, but they will be able to connect themselves. In fact with the new scheduling system it isn’t even possible for the regular end users to specify dial-out participants that aren’t managed by TMS. Those outside endpoints will connect through the external gatekeeper instead of directly to one of four MCU IPs. Now it won’t matter which MCU the conference is on, the way to connect will always be conference ID @ domain/GK IP. How they dial breaks down like this:

Endpoints Registered with the H.323 GK or SIP Registrar: 7831234

Unregistered Endpoints: 7831234@uc.ufl.edu or 7831234@128.227.8.45

To simplify even further, endpoints can include the domain when dialing, so anyone in the world can dial 7831234@uc.ufl.edu to connect.

Dan forwarded that to Video-L along with the following comments:

As was discussed briefly in the last ICC meeting, the usage model where end-points call to a video conference, rather than having the conference call end-points, is being more fully implemented with a change to video services on Sunday, June 29th, when the bridges are moved to private IP address. Dial-out to non-managed end-points will only be available in special cases, and will be handled by TMS internal access managers. Blue Jeans conferences are included in this latter case; for most meetings the Blue Jeans 100-connection limit should obviate the need for using the TMS system altogether. Following below is information from Patrick about the situation. It’s very important that videoconferencing users learn of the new methods.

Some definitions may be helpful:
H.323 is Polycom-type connection
GK is UF Gatekeeper
SIP is Session Initiation Protocol, a connection in the form [end-point or conference number] @ [video domain or IP address]

Examples: 7837777@uc.ufl.edu or 7837777@128.227.8.45 (UF TMS) or 111@bjn.vc or 111@199.48.152.152 (Blue Jeans)

[Above] Patrick uses 7831234 as just an example of a TMS conference IT, which may be any number, normally 7-digit starting with 783.

Steve noted that there have been several instances where TMS/Smart Scheduler was not allowing logons early in the day. Patrick Pettus apparently has to restart TMS to resolve that, so if you experience the issue the best thing to do would be email video@ufl.edu to report the issue.

Lync updates (previous discussion)

A UF Lync Upgrade was announced for June 27-29; details provided were as follows:

UFIT is upgrading UF Lync to version 2013. Work begins Friday evening, June 27.

UF Lync provides IM, online video, audio and dial-in conferencing capabilities, and application and desktop sharing. UF Lync also federates with organizations across the globe and with services like AOL Instant Messenger (AIM). New features available with Lync 2013 include:

  • Skype Support! – Call or IM Skype users around the world
  • Federation with Google Talk and other XMPP-based IM providers
  • HD Video Support - Up to 1080P resolution video in conferences
  • Full audio and video Conferencing capabilities through the Lync Web App. External users can join and participate in conferences without installing any client software
  • Greatly improved mobile client capabilities. IOS, Android and Windows Phone users can join conferences with Audio and Video right from their mobile device

During the upgrade some Lync services may be unavailable. UFIT has an upgraded Lync FAQ available: http://info.mail.ufl.edu/real-time-communications/about-lync/. Please contact the UF Computing Help Desk with any additional questions or for Lync user support.

Probably the most important consideration is listed within the Microsoft Lync Migrations FAQs at the bottom of http://info.mail.ufl.edu/real-time-communications/about-lync/:

Will my Lync 2010 Mobile client continue to work?
No, following the upgrade you will need to update your Lync Mobile client to the 2013 version.

Dan Cromer pointed out that this refers to the mobile client (Android and iPhone) and not Office 2010 on the desktop. Though the Office 2010 Lync client will work with the new server, the Office 2013 Lync client will provide some new features such as the ability to see four remote users at once in a multi-user conference.

Blue Jeans (previous discussion)

Updates not available...


WAN (previous discussion)


Updates from James Moore

James wasn't available, but Dan Cromer spoke a bit about the plans for adding Synology NAS devices at remotes sites. DeWayne added that these are iSCSI targets whose sole purpose will be for on-site backup of the server in somewhat of a disaster recovery scenario. The new MP3 server configurations will have more storage, however, on the host servers and once those roll out we will be able to deploy remote SCCM distribution points.

Wireless printers (previous discussion)

Updates not available...

VoIP at RECs

Updates not available...

Phone bills to be paid for centrally? (previous discussion)

Updates not available...


Policy


New UF Directory Debut: June 25

It was announced that the new-look UF Directory app will go live on Wednesday, June 25. Details provided are as follows:

The UF Directory design is now responsive, meaning it will load correctly on a desktop, laptop, or other Mobile device. The new layout also provides a cleaner and less cluttered visual. It is available as a link on the current UF Directory site.

From January through May, 2014, more than 130,000 data queries were performed for approximately 70,000 people using the UF Directory. Click on the phonebook icon located on the top-right of the UF homepage to access the UF Directory, or bookmark it: https://directory.ufl.edu/. Please email UF Information Technology with any questions, comments, or suggestions you have about the new UF Directory app.

The State of IT, May 15th, 2014

A recording from this event is now available.

Cloud Services (previous discussion)

Dennis Brown had asked about sharing OneDrive files with outside folks and James Oulman replied:

Message from James Oulman to the IT Discussion List:
"Re: OneDrive - sharing with non-UF people" Tue 5/20/2014 9:38 AM


Hey Dennis,

Access to OneDrive for Business, regardless of audience (internal to UF or External), must be tied to an identity, and as a UF identity, you must be licensed/enabled for SharePoint Online. There are two types of supported identities:

  1. Organizational Account – This is an identity that has some kind of association with Office 365. Examples of this would be your UF identity or another institution that has federated with Office 365 services.
  2. Microsoft Account – aka a Windows LiveID.

There are a couple of caveats with sharing. First, when you specify ‘Everyone’ in the Share – Invite People dialog, everyone actually means: “Anyone in your organization licensed for SharePoint Online and anyone outside of the organization who have _previously been invited_ to share documents as guests, either by you or by others in the organization”[1][2]. If the external user has never been offered a shared document or site by you or another licensed user then their identity will not be registered and they will receive an error. If the UF person has not enabled their OneDrive, which licenses them for SharePoint Online, they will also not be able to access the shared document. This can introduce a bit of a chicken and egg problem. You can avoid that by explicitly inviting the users who you want to collaborate on your documents. And to clarify, the “Shared with Everyone” folder by default grants view permissions to Everyone (licensed for SPO), including external users. If you want to exclude external users you will need to explicitly set the sharing permission on the document in a different folder.

There are two ways to generate a link to a document in your “Shared with Everyone” folder. You can click on the ellipses (…) and select the direct URL. Or click the small phone icon at the end of the URL to get a QR code for the document.

To share a document or folder located outside your “Shared with Everyone” folder, you can select ellipses (…), click Share, and specify the recipients e-mail addresses and permission. This will generate an e-mail to the recipient with a link to the document/folder _and_ if they are an external user it provision them at sign-in if they haven’t yet accessed our O4B. If the recipient is a UF person, you will need to ensure they are licensed for SharePoint Online. The recipient will have 7 days to accept the share offer before it expires.

Great questions: we’ll work on documenting this in the IT Wiki.

Thanks, -James.

  1. Share sites or documents with people outside your organization
  2. Share documents or folders in OneDrive for Business

As Steve pointed out at our last meeting, requiring authentication for access is a good thing.

There may be a few issues to work out with OneDrive. Tim Young had reported the following via the IT-Discussion-L list back on the 3rd of June:

FYI here is something to watch out for with OneDrive. Onedrive is creating invalid email addresses in the form of gatorlink@uflorida.onmicrosoft.com. We have experienced this with at least three different users. When I contacted the help desk back in mid-May I was told that there was a problem with 1,600 accounts where their e-mail addresses on the O365 account were incorrect but that it was corrected. Unfortunately we had this happen with another user this month.

The invalid email address is used by O365 for sending and receiving emails from Onedrive. This creates issues where the users do not receive notifications about shared documents, alerts, etc., while the other user will receive delivery failure from mail.ufl.edu. If users are reporting issues with OneDrive have them check their “My Setting” page to see what email is listed for them.

James Oulman had encouraged those have these or other problems to create a Remedy ticket.

Winnie Lante had emailed Steve prior to the meeting asking if he thought OneDrive would be useful for Faculty and Staff because she couldn't really see how. Steve had responded that he thinks it will be worthwhile for a couple of reasons. Firstly it represents the future where local documents are synced to the cloud. Steve believes that's a better model than direct access to server storage. Secondly, it permits sharing with both outside and inside people and groups. What it lacks is good training in Steve's opinion-what else is new, eh? Maybe that will change by announcement time but Steve would love to see a presentation on "Collaboration via OneDrive with internal and external colleagues." Wendy said that she was going to send this topic to Mark Robinson as a suggested topic for the next Peer2Peer.

In turned out that Winnie was missing the client piece; she hadn't been very impressed with the web interface and didn't realize that the client is what makes it so easy to use.

File-Express

Wendy Williams mentioned that she had used File-Express for the first time and found it was much easier than she had expected. Steve agreed that this is an under-utilized resource. The only caveat that Steve wanted to relate was that if you are transferring a folder with a large number of files and folders within it that you should Zip it first before uploading as the system can get cranky otherwise.

Notes from last month's SIAC meeting

Updates not available...

Last month's IT Directors Meeting Notes

Updates not available...

PrintSmart initiative (previous discussion)

Updates not available...

New IT Service Management Initiative

The ITSM project group led by Ayola Singh-Kreitz is putting out monthly newsletters and other news from its website now. Dan Cromer doesn't expect IFAS to become involved until after the central UFIT implementation is in place and proven as worthwhile.

Content Management System (CMS) for UF: Entering purchasing phase (previous discussion)

IFAS Communications is holding a T4 Webinar on Thursday, June 19th at 9AM. The purpose is to explain the plan for migrating over 500 IFAS domains to the new system over the next two years. A recording of the webinar is planned. Questions may be submitted to the IFAS Web Team by today, and the webinar may be accessed live at http://ufifas.adobeconnect.com/t4-implementation/.

Wendy Williams expressed her frustration over wanting/needing training on T4 in order to prepare for the coming migration. She feels that there is insufficient information being passed along and she is concerned about being properly prepared when the time does come. Jimmy Anuszewski said that he felt the same way. Dan Cromer responded with his impression saying that the technical group is not trying to be secretive but that the lack of communication is due to it being so early in the process. He believes they are busy working on getting the core/pilot ready and need to focus on that before they can communicate more broadly.

Santos Soler said part of the problem is due to the number of domains that really should be consolidated beneath their departmental sites. Regarding IFAS's 41 WordPress sites, those will have to be converted manually. Santos said that from talking with Tennille Herron, IFAS Communications plans to develop templates and then has a list of about 20 of the smaller sites that they are going to begin to work with in order to convert essentially by hand. Jimmy pointed out the need to get the various unit web managers involved, however. That is going to be a good part of the problem because there are so many different people involved at so many different levels of skill and experience.

Steve noted that there are at least 4 dozen "web sites" in various folders under his own departmental site and that there are almost as many web "managers" as there are such "web sites." In other words, it is a big mess even at the department level and even for units that have consolidated their various domains.

Kevin Hill mentioned that the sun-setting of Windows XP caused a problem for many of his former CEO sites as they had been using Contribute, which is no longer supported. For starters, they don't know what software to use now that runs on Windows 7. Santos suggested Microsoft Expression Web 4 because it is free, but then Kevin pointed out that at least some rudimentary training will be needed if that software is going to be used in the interim between now and when they finally move to T4. Kevin suggested that someone in authority contact the CEOs and explain that they will need to use Expression Web between now and the eventual migration to T4, and explain to them where to get it, how to install it, and how to use it to update their pages in a fashion similar to what they were doing previously with Contribute. This is basic stuff, but it needs to be set up either as an in-service training, some kind of conference, or whatever.

For his part, Wayne Hyde promptly added Expression Web to the image for the Faculty Staff pool; so, getting and installing the software shouldn't be a stumbling block at least.

Wendy said it would have been good to have someone from the web team here to listen and provide feedback. Dan Cromer pointed out that Tennille had offered to be available; we just need to let her know.

There was further discussion around the 58 minute point in the stream where Santos described various frustrations with managing our very distributed web presence across so many separate "web sites" with nearly as many "web managers." Steve pointed out the irony of needing a CMS so we don't have to go through all this every time changes are needed, and yet it will be so difficult to move everything to a CMS in the first place. It is going to be a very slow process for sure.

Authentication Management policy draft (previous discussion)

Updates not available...

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

Updates not available...

KACE (previous discussion)

Updates not available...

CNS working to implement NAC for UF wireless (previous discussion)

Updates not available...

UF Exchange updates (previous discussion)

Updates not available...

Outsourcing of student e-mail

Updates not available...

Outlook asking for re-authentication

Updates not available...

Canvas Selected as the Centrally Supported Course Management System (previous discussion)

The following announcement was made around mid-May:

The move to Canvas is the result of a recommendation from a CMS review committee chaired by Ray Issa, member of the Faculty Senate IT Committee. Sakai will remain a production service through FY 2015-2016.

UFIT is providing both face-to-face and "just in time" training to assist in the transition. Faculty not requiring course conversion assistance can immediately start using Canvas by requesting a Canvas course account. Faculty requiring conversion assistance may request it now, with support beginning on a first-come, first-served basis after July 1, 2014. Please contact e-Learning Support Services (352) 392-4357 -> option 3 for more information.

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Split DNS solution for UFAD problems (previous discussion)

Updates not available...


Projects


New web cluster (previous discussion)

Updates not available...

Windows 8 Deployment? (previous discussion)

Updates not available...

SCCM for IFAS

Dennis Brown reported that being able to PXE boot and get a system re-imaged in 25 minutes is a great help. Dennis also appreciates being able to replace McAfee with Microsoft's solution and is looking forward to console access to SCCM once DeWayne can arrange that; Wayne Hyde has already added the console to the ICC Management pool on our VDI infrastructure so that piece is ready and waiting.

DeWayne explained that by default SCCM disables the local Administrator account and randomizes the password. That has proved problematic in a very small number of cases where the network card driver failed to install and the computer couldn't join the domain. DeWayne is working on a solution that builds a unique password using the UUID via some algorithm; that would provide a failsafe way to obtain the password in such cases because the UUID is viewable at the PXE boot screen and you could figure out the password from there.

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (previous discussion)

Updates not available...


Operations


Moving from McAfee VirusScan to Microsoft Endpoint Protection? (previous discussion)

Dan Cromer has shared a timeline for IBM Endpoint Management deployment at UF. It would appear that the Fall term would be our first opportunity to become involved.

Dennis Brown asked how IEM might affect IFAS plans to use the Microsoft solution. Dan Cromer responded that he has received some indications that IEM will eventually become mandatory. That means that the UF version of SCCM will go away; IFAS will continue using its own SCCM until there is an adequate replacement for the various features we want and need from SCCM however.

Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Updates not available...

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

DirectAccess pilot (previous discussion)

Dan Cromer has proposed discontinuing the UF/IFAS VPN. His main point was that this service is in violation of planned UF IT policy (no deep tunnels). Dan had stated that unless he heard a strong reason to continue until the policy is published, he proposes planning for sunset effective July 1st. He reminded folks that there are two UF-provided alternatives, Cisco AnyConnect (UF recommended solution) and L2TP.

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool update (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Updates not available...

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps DeWayne Hyatt can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Chris Leopold was considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

Updates not available...

ePO updates (previous discussion)

Updates not available...

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

MS Office News update (previous discussion)

Updates not available...

Job Matrix Update status (previous discussion)

Updates not available...


Other Topics


Surprise IE upgrade

The recent IE upgrade to version 10 that was pushed from WSUS caused a number of problems--especially from those still using IE8. In particular, however, Steve mentioned having problems with fiscal staff using Enterprise Reporting.

Steve was hampered in helping them because of the unfamiliar interface, but he now thinks he has workaround for the two individuals at Entomology that run such reports. We had one upgraded from IE8 to IE10 and another from IE9 to IE10. Oddly enough, Steve had more problems with the latter.

One of the keys was enabling Compatibility View; without that the web forms would not appear--that part was easy. That should have been necessary with IE9 prior as well, but it was news to the individual who had been using IE9 prior, so Steve is not sure what they were doing differently when on IE9.

They can get reports via their two computers now but there is a difference between them that Steve has not been able to diagnose. When the IE8 upgrade runs an Excel report it "generates" (moving hourglass web icon) and then prompts to Open, Save or Save As when done. They can thus open or save as desired then view the report. On the IE9 upgrade machine, the report generates and then she just gets a blank browser screen -- no prompt. They can then go to a dropdown at upper-right (Steve thinks it shows a tooltip of Report Options or some such) and select Excel > data report, it regenerates and the prompting does occur. A kludge but workable; there may be a better way but Steve couldn't discover it.

Diagnosis was complicated by GL pw expiration issues that happened mid-stream along with some lack of knowledge of the interface itself.

What struck Steve most was how little both of our employees really understand the interface. He doesn't know if that is because many of the options just aren't available here, or if they weren't trained on them, or if they were trained but didn't "get" it. Browsing the internet for Cognos tutorials led Steve to believe that customizing or even scheduling reports could save them a great deal of time as they do a lot of manual set up for each run. He doesn't really know, but that was his impression.

In any case, Steve's recommendation for folks having issues related to the unannounced IE upgrade would be:

  1. If they used to have IE8 they should start with a tutorial. (This is for IE9 but covers the major changes from IE8 very well.

  2. Next they should go view Internet Explorer 9 Browser Requirements page and make sure they run through all the recommended settings there. That didn't prove to be enough with Steve's IE9 upgrade for some reason, but it solved the problem on the other system.

Adding Macs to the domain

When Russell Hunter mentioned to the ICC-L that he was having difficulties joining a Mac to UFAD, Dan Cromer responded that he has an OS X 10.9 (Mavericks) computer joined to UF AD, along with 10.8 and 10.7 versions. Dan admitted that Macs are very, very particular and recommended following the steps at http://wiki.it.ufl.edu/wiki/Apple_OS_X carefully, in the exact order given.

It is the common perception, however, that Macs gain little if any benefit from joining UFAD. In private emails, Dan raised the point that UF/IFAS policy requires all machines to be joined to AD [see par. 2.c. in http://imm.ifas.ufl.edu/6_150/6150-3.htm]. Dan also noted that when Macs are staged to AD, it means that other domain users can log on to the machine, without having been defined as local user. Dan feels that this may be necessary for support purposes, or if the previous user has left UF.

Dan had to admit that when AD accounts are used, the keychain has to be re-created anytime the UF password is changed, and for now, no login scripts are applied.

Dan suggested that the ICC review the current IMMs relating to IT (scroll to the very bottom--a coincidence, Steve is sure) and make recommendations for updating those. That said, Dan feels there are advantages to joining Macs to UFAD but it is not high priority at this time; joining Macs can be a pain and he has felt it was an option best left to each unit. He is unsure how the IEM deployment might affect this whole thing as well, as that is supposed to work cross-platform.

Jimmy said he believes joined a multiuser Mac (such as lab machines) to the domain was a no-brainer in his opinion. Whether or not a single user machine gains much by joining is another question.

Introduction to IFAS IT

Dan Cromer has started a list of sites that he believes should become familiar to all IFAS IT support folks.

Santos Soler suggested we determine the top 10 most requested tasks and make sure we have good documentation on how best to handle those. If we started with the most common things we would get the most bang for our documentation buck--so to speak.

Phishing response

In response to yet another phishing email on May 27th Dan Cromer had contributed the following instructions to the ICC-L:

I’m planning to send something about phishing to IFAS-All as soon as I can compose it with adequate documentation. UF system admins want to see all these phishing schemes, but they need the message headers to be able to take any action. From what Dewayne said, they may already have blocked the link for this one. To include the headers, either send the message as an attachment or copy them with File > Properties. Send to abuse@ufl.edu. You can attach the phishing message by creating the new message to abuse@ufl.edu, then dragging the phishing message from the message list onto the new message, or, while in the new message, click “Attach Item” > “Outlook Item”. This is specifically for phishing. For other spam, use the same technique to send to report-spam@ufl.edu.

Note that Dan distinguishes here between phishing and spam as to where notification should be sent.

Adobe licensing (previous discussion)

Updates not available...

Getting rid of Windows XP

Steve noted that there were still 1350 XP computer objects and even 31 Windows 2000 computer objects in UFAD last he checked.

Campaign Time! (previous discussion)

Regarding selecting a new ICC chairman, we have decided to move everything up one month from what was originally envisioned. Steve will initiate a vote via email around noon on Thursday, June 26th, and will give two weeks to allow for voting. Voting will close at noon on Thursday, July 10th and the winner will be announced at the ICC meeting on July 11th, after which meeting Steve will step down and pass the baton.

Steve had set aside the end portion of our meeting in order to give both Dennis Brown and Jimmy time to campaign. Rather than trying to recreate their inspired stump speeches here in dull prose, I encourage all to listen into the audio stream beginning at approximately the 1 hour and 32 minute point.


The meeting was adjourned right around noon...just in time for a heavy downpour!