ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM October 12th 2012 REGULAR MEETING

A meeting of the ICC was held on Friday, October 12th, 2012 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Twenty-one members participated.

Remote participants: Bill Black, Bill Caltrider, Dan Cromer, Francis Ferguson, Kevin Hill, Russell Hunter, Wayne Hyde, Al Ibanez, Marvin Newman, Joel Parlin, Javier Real, Mike Ryabin, John Wells, and Gary Wilhite.

On-site participants: Dennis Brown, Winnie Lante, Steve Lasley, James Moore, Matthew Nash, Robert Peck, and John Sowers.

STREAMING AUDIO: available here

NOTES:

Agendas were distributed and the sign-up sheet was passed around.

Report from the chairman

Steve started off by reminding folks that we will be skipping the ICC meeting for November. The second Tuesday of that month is Homecoming and a UF holiday, so we will meet again next on December 14.

Member news:

Steve welcomed Bill Caltrider who is the new hire at Apopka replacing the recently departed Chris Fooshee. Bill had told Steve that he did get the opportunity to overlap with Chris just a little bit, but that he will still have many questions. Steve assured Bill that the ICC was available to assist him in getting up to speed however we can.

Robert Peck was also on-hand today; Steve had mentioned last time that Robert was the new Web Developer for ICS. Robert said that he is enjoying his new job and that he works with the ICS Web Team providing web application programming for various projects. Steve welcomed Robert saying that IFAS can definitely use his expertise.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

Video Services support fronted by the UF Computing Help Desk

Updates not available...

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

Updates not available...

Other standing VC topics

End-user Scheduling (previous discussion)

Updates not available...

Movi (previous discussion)

Dan Cromer noted that the new version of Movi, now called Jabber (installs both available off \\ad.ufl.edu\ifas\software), will not install under Windows 8. He was using Movi on Windows 8 for videoconferencing to the meeting today.

Dan also reported that the InCommon Silver implementation has prevented Patrick Pettus from adding any new Movi or Jabber accounts to our system. Patrick has a ticket in with Tandberg on resolving this authentication issue but Dan was not certain of the current status on that. Dan sees this as an unfortunate turn of events because he was planning on moving a number of REC and CEO locations away from Polycom to a software-based solution running Movi. The plan was to create service accounts which could be used for accessing Movi within a number of conference rooms; ideally, those would somehow be set to automatically login so that system could be used by whoever was using the room at any particular time.

Steve asked for clarification that those service accounts were intended just for Movi and not for logging onto the local computer. Dan responded that this was indeed the case.

Javier Real reported that he has three Movi/Jabber accounts that work on PCs but have not worked on Macs for the last couple of months. Dan Cromer responded that he has used Movi on Macs successfully in the past; he said that he would re-check that and get back with Javier. Dan thought that perhaps joining the Macintosh to UFAD might solve the issue.

Lync updates (previous discussion)

Kevin Hill reported that Lync connections to the bridge repeatedly fail. The initial connection is fine and you might get a minute or two of video before the video freezes. There is no change in the bandwidth of the connection, the stream is still coming, but the video freezes. Kevin has ruled out driver issues and is seeing this on multiple machines. Kevin said he has not seen this in point-to-point connections but happens pretty much universally with connections to the bridge via Lync.

Dan Cromer responded that Lync is very sensitive to network packet drop-age and he has seen such freezing occur even in Lync-to-Lync sessions. The only resolution he has found is to hang-up and reconnect; generally that cures the issue after a couple of iterations.

Dennis Brown and Francis Ferguson both reported having experienced this issue; in fact, Francis experienced it during the meeting.

Kevin said he thought chasing down the cause would be worthwhile, especially if Lync is seen as our best bet for moving ahead. Kevin is willing to do whatever he can to help from his end. James suggested he might be able to do a capture and Dan Cromer suggested putting in a call to Microsoft on the issue.

WAN (previous discussion)

Updates from James Moore

James reported that 78 Wireless Access Points (WAPs) were being purchased out of IFAS funds for the CEOs. The idea was that each CEO would get one WAP per building, but James knows of a number of locations where that isn't going to get the job done. Dan said he wanted the District Support folks to get involved in deciding exactly where those should go.

Bill Black mentioned that some of his CEOs have county-controlled networks and he would appreciate the opportunity to re-allocate WAPs elsewhere in some instances. James responded that he was only counting UF-managed sites in this first place so there really wouldn't be any extra available due to such a thing.

Dan Cromer reported that the new circuit has been installed at Quincy, so that location along with Apopka and Immokalee are currently awaiting Primary Rate Interface (PRI) and Direct Inward Dialing (DID) number changes to get VoIP set up. Dan thought VoIP would be ready at all three locations within six weeks.

James said they were going to reuse the existing PRI at Quincy so it is basically just a matter of programming the DIDs into CallManager. Rosa Jackson is working with Quincy staff on that aspect currently. A Communications Service Authorization (CSA) has been cut for new PRI at Immokalee; the only thing they are short on there are some PoE switches. Apopka's PRI circuit has been fully ordered and James believes the facilities will be installed next week; Bill Caltrider confirmed that Windstream has been in contact about that. The DIDs can be done prior and as soon as the circuit lands things should be ready to go.

Dan said that he would appreciate it if local IT staff could keep their Directors aware of our expectations as well as any changes should they arise.

Policy

Qualtrics survey software replaces Survey Monkey

Dan Cromer announced a replacement for Survey Monkey:

"UF has recently purchased a UF-wide license for Qualtrics survey software, a much more feature-rich application than Survey Monkey. Because of that, I did not renew the IFAS account with Survey Monkey, which expired at the end of September. For information about Qualtrics, see https://lss.at.ufl.edu/help/Qualtrics."

"For support, Dr. Glenn Israel in the IFAS Program Development and Evaluation Center (PDEC) plans to provide inservice sessions for assistance in design and execution of survey research, and Glenn and Diane Craig will assist with content and design of questionnaires as their time permits. Each academic department should designate a person internally to serve as first-point-of-contact for assistance to faculty in that unit who wish to use Qualtrics to design and administer surveys. Qualtrics has an excellent set of tutorials that every first-time user should complete, with links to them available on the page referenced above. "

Shortly after that announcement Dan posted an update:

"I’ve received word that some of you still had survey data you needed past the end of September from surveys you had done with Survey Monkey, so I have renewed our IFAS Survey Monkey account for one more year. Please contact me if you need the new password. See message below, any new surveys should be done using a UF Qualtrics account, and all data from previous surveys should be extracted and saved before October 10, 2013."

Steve mentioned that he had not had any experience with either of these platforms within his department. Dan Cromer responded that this is used fairly heavily by both research and extension.

Dennis Brown asked what other units were using for meeting scheduling/ Apparently some of his faculty have started using Doodle. If there is something better, then Dennis would like to know about it. Winnie Lante said that she thought Doodle looked very easy to use. Dan Cromer responded that he believed everyone should be using Exchange for scheduling. Winnie responded that she has faculty that simply will not use the calendar in Exchange.

Fall Peer2Peer 2012

The Fall 2012 Peer2Peer workshop has been announced. It will be held on November 8th, 8:30 AM - noon in Smathers 1A.

ITSA Day 2012: feedback

Steve mentioned that recordings are available from Wednesday's ITSA day at http://mediasite.video.ufl.edu for those like himself who were unable to attend. Steve asked if anyone attended and Matthew Nash responded that he actually helped run the "Capture the Flag" contest, which was won by a student apparently.

IT Reporting Relationships (previous discussion)

The ICC has had little access to plan details prior

Dan had shared a draft of the proposal along with a proposed (and rather circuitous) organizational chart. From speaking with various unit IT support personnel, it would appear to Steve that the impetus for this is coming directly from the VP and that units are generally opposed from what little they know of this currently. While the reorganization would certainly grow administrative overhead, it is unclear to many how it could/would improve IT support at the unit level.

New details released this morning

Dan Cromer posted another draft just today which apparently has been approved by Drs. Joyce, Huffaker (chair of department chairs), as well as Dan himself.

Uncertainties are worrying some

Dennis Brown suggested that Dan Cromer get all of us in a room and tell us what he has in mind with this so we can all stop worrying. Dan Cromer said that he intends to do that but may first have that conversation with all the unit heads. Dan said that IT staff in buildings that have these "Business Hubs" may be most impacted by all this; the VP has been pretty clear that he wants IT to support those at the building rather than departmental level. This would include Fifield (Horticultural Sciences, Plant Pathology, and Environmental Horticulture) and McCarty (Soil and Water Science, Family Youth and Community Sciences, Food and Resource Economics, Agronomy, plus the Senior Vice-President's Office).

Allocation of resources still to be worked out

Steve asked Dan how they planned to work this out when some departments have paid for IT staff and others have chosen not to do so. How can such a thing be handled equitably, especially knowing that some staff members are supported out of unit-level grants? Dan responded that the allocation of resources would definitely be part of the discussion, as Dr. Huffaker supports two staff positions currently and it was Dan's understanding that Soils and Agronomy shared a position currently.

Steve asked Dan if he believed this reorganization will make IT support better at the unit level. Dan responded that such was the plan. He believes that we have some units where the support is outstanding and others where it isn't as good; that is something he hopes to address along with the unit heads.

More detail requested

Marvin Newman said that his Director at Ft. Pierce is not in favor of this plan, but Marvin wanted to know more details on what this would really mean for him. Dan said that REC staff would remain assigned to their respective units but that central IT would play a stronger role in assisting with the hiring of new staff in the future. Dan said that this had already occurred recently with new hires at Lake Alfred and Apopka. Dan said this document merely formalizes that practice.

Some feel not much will change

John Wells said that he didn't really see that things would change much for him under this reorganization; he technically works for Dan but reports to Dr. Vergot for most everything. Dan said he believes this proposal fixes a problem that has already been fixed in the case of the NW District. Dan said that John and Russell Hunter already work very well together.

A chance to focus more on IT

Dan Cromer believes this proposal will bring IT more to the forefront in the minds of the unit heads, which is a good thing as far as he is concerned. He also feels this will be an opportunity to locate where IT support is lacking and perhaps be able to provide more resources in such locations.

Question on evaluations and responsibilities

Marvin Newman asked if evaluations applied to OPS workers; he said he had been at Ft. Pierce for three years and has never seen an evaluation. Dan Cromer suggested that maybe this is something we need to have; presumably everyone is doing a good job so it will be no problem, but it will draw attention to what local IT actually does. The plan is to inventory support skills at units, for example.

Marvin said that he personally would like to report to the IT Director; that is what he had been used to in prior jobs. Currently he seems to have "many" bosses. Dan responded that matrix management is not optimum but at the same time it is quite common in academia. We already have the same kind of parallel with departmental faculty assigned to RECs. Dan said a similar situation occurs with District Extension. He mentioned Bill Black noting that he supported more than Extension, but Dan said he feels the term "Extension Computer Support" refers to a region rather than simply the Extension arm of IFAS.

Dan also noted that certain staff like Mari Jayne Frederick at Homestead and Winnie Lante at SFRC perform duties other than IT; he feels that should be documented. He really thinks this reorganization is a good thing and doesn't believe anyone should fear it.

What exactly is meant by "reducing IT service redundancies"?

Kevin Hill said he was concerned about the broad/general language used in the proposal and isn't clear what it might mean specifically for his unit. When he see the words "IT redundancies" it makes him wonder if the fact that he runs his own web and file servers will be considered a redundancy that will be eliminated. Kevin said those are on-site because they have business practices at his unit for which local control makes more sense. Those are the sorts of things which give him concern when he reads the document. Kevin wishes he had more specifics overall concerning what sorts of things this reorganization would be addressing.

Concern over the dictation of administrative "busy-work"

Steve said he is concerned that there are going to be new tasks handed down to him which don't really have much to do with helping him improve local IT support but rather only serve to help administration "manage" him from above--essentially busy work such as entering everything he does into Remedy as one example that has been proposed. Administrative overhead for its own sake is not something which Steve favors.

Concerns about dual evaluation

Dennis Brown expressed concern over having two bosses. He fears it could lead to a lose/lose situation for IT staff in situations where the local administration disagrees with Dan over how something should proceed. Having both sides weigh-in on evaluations could not help the IT support individuals should such situations develop. Steve agreed that this wasn't an idle concern from our viewpoint. He suggested that some of this is likely going on already with Help Desk personnel who are tasked variously from Dan Christophy and Dan Cromer and must try to please both though their priorities don't always coincide.

Dan Cromer responded with his feelings that Dennis and Steve were being too pessimistic and that he didn't see any real issue there. Dan added that the unit heads have input on Dan's own evaluation with Joe Joyce; if the unit head and Dan disagree they will have to come to some consensus one way or the other and in Dan's mind the unit head wins.

Ft. Lauderdale is on-board

Mike Ryabin said that he has discussed it with his directors and that they feel very comfortable with this reorganization as does he. Mike said that he has always tried to coordinate with central IT whenever he had to deal with any issues that were outside a strictly local scope. Conversely, Mike feels Dan is already up-to-date with every major development of what is going on at Ft. Lauderdale. Consequently, Mike doesn't see this reorganization as changing anything in terms of coordination. As far as evaluations go, his directors feel that Dan's participation can only help with improving Mike's evaluation because of Dan's better understanding of the technical IT details.

Marvin Knewman responded that he didn't know if Mike has a similar situation or not, but he is the A/V guy, the phone guy, the computer guy, the printer guy, etc. If it breaks, folks come to him to fix it. Marvin isn't opposed to the plan at all; he thinks it is a great idea. Mike added that his only advantage might be that they have a part-time person at Ft. Lauderdale to help out.

Upcoming ITPAC meeting (previous discussion)

An ITPAC meeting is scheduled for October 22nd at 10:00-11:30 AM in McCarty Hall D, room 1031A. The agenda may include:

Current status of video conference capabilities and needs across IFAS
- Elluminate update and transition away from Elluminate
- Use of PVX
- Polycom in Fifield
- Possible use of Cisco Movi or other options
Use of shared passwords on selected systems like Accordant
Second Distance Education Classroom or other use for the space on the ground floor in MCCD
Usage of mail-enabled service accounts for student employees
The IT reorganization plan

Steve suggested to Dennis that he might consider posting a summary of that meeting to the ICC-L so that we could get more timely feedback on what transpired -- given that the ICC won't be meeting again until December.

Regarding the usage of mail-enabled service accounts for student employees, Winnie Lante noted that service accounts cannot be assigned PeopleSoft roles as far as she knows; consequently, student employees would need to log into PeopleSoft with Gatorlink credentials or alternate Gatorlink credentials should the proposal of Kris Kirmse's be eventually implemented. PeopleSoft sends out email in various instances to the address of the account that is logged in and without a separate business email, student employees would be forced to mix their roles within email. This means that while service accounts have many advantages for use by student employees, they can't cover all usage needs.

Dan responded that this is an issue that will have to be resolved at the UF level and that Kris Kirmse in the Provost's office is leading that discussion, particularly with the proposed move to Office 365 for student email services. Russell Hunter agreed that the likely solution would be to provide student employees a second UF Exchange account for business use. While he agrees that it may be unavoidable, Steve's main concern with that would be the amount of administrative overhead required since student employees come and go (and sometimes come back again) so frequently. Of course, providing the means for student employees to handle email properly isn't the same thing as getting them to use those accounts properly; the potential for misdirection of official email will always remain.

Authentication Management policy draft

Dan Cromer had provided a draft of a proposed Authentication Management policy that he had received from Avi Baumstein. This included the following three documents:

The ICC and others expressed their concern regarding what was seen as a legitimate need for shared passwords on certain service accounts. It was good to see a plan that supports the use of long passwords (i.e., passphrases).

CNS Hosting Day

CNS announced "the 2012 CNS Hosting Day on October 31st, 2012 in Smathers 1A (Library East). This event will be an opportunity to introduce current CNS hosting offerings, answer questions, and gather feedback from the community. All current customers, as well as the UF community, are invited to attend. This event will start at 9:00am on October 31st in Smathers 1A (Library East), and will have the following schedule:"

9:00am VMWare Hosting
10:15am File Hosting
1:00pm Apache and MySQL Hosting
2:15pm IIS and MS-SQL Hosting
3:15pm Community feedback

More details are available at http://open-systems.ufl.edu/hosting/day/2012.

CNS looking at NetMRI as a network automation solution

Steve mentioned hearing that CNS Network Services is looking at NetMRI as a network automation solution for such things as switch code updates. Steve had volunteered his unit for initial testing of the product.

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

Updates not available...

Migration of DNS and DHCP Services to New BlueCat Platform (previous discussion)

Updates not available...

UF File Express now in live production (previous discussion)

Updates not available...

UF FAX server project (previous discussion)

Updates not available...

Implementing the Mobile Computing Security policy (previous discussion).

Updates not available...

Wake on LAN support coming to campus: (previous discussion)

Updates not available...

New Secunia site license (previous discussion)

Updates not available...

KACE agent deployed to IFAS (previous discussion)

Dan Cromer continues to post monthly Kace data to Sharepoint.

CNS working to implement NAC for UF wireless (previous discussion)

UF wireless still too hard?

Jimmy Anuszewski had provided an update for those of us with staff/faculty on Mac computers using the UF Wireless:

"If the Mac is using ClamXav as an antivirus software (this is the ONLY antivirus software that those invested in the Mac community recommends due to not giving administrative access), please make sure that the ClamXav Sentry Protection is turned on (this is in the main ClamXav menu) otherwise, the UF Wireless assessment will not recognize it as running and the computer will NOT be able to use the UF Wireless network. This is not mentioned on the UF Wireless logon screen and can lead to many hours of frustration."

Steve asked if others were having as many issues connecting various folks to UF wireless as he was. It seems that each time Steve tries that some new issue arises; while he has always been successful eventually, it is impossible to predict how long configuration will take. Steve asked Dan Cromer if there was any way for the rest of IT support around UF to capitalize on the UF Computing Help Desk's experience with handling a wider variety of these issues; perhaps they have an internal Wiki knowledgebase that other support folks might refer to? There have been times when unit staff have had to refer folks to the UF Computing Help Desk for resolution. Steve would prefer that there be a shared knowledgebase of how best to handle various issues so that each support person didn't have to learn these on their own. Mike Ryabin pointed out as well that remote locations don't have the option of sending folks to the UF Computing Help Desk. Dan Cromer said that he would investigate.

John Sowers reported that he is not seeing "ufinfo" advertised at his location and Kevin Hill said they do not yet have "ufvisitor". Steve suggested to both of them that they submit a ticket (see instructions) as this issue can likely easily be resolved once CNS is aware.

Steve mentioned he would add the following to the notes for easy reference:

Message from David Huelsman to PS_UF_N_ALL_IT_WORKERS_AutoGS :
"Major NAC Posture Assessment changes coming July 16, Aug 13, and Sept 5" Fri 7/6/2012 11:27 AM

TO:
IT Workers

FROM:
Dan Miller
Network Manager, UFIT

SUBJECT: Major NAC Posture Assessment changes coming July 16, Aug 13, and Sept 5

IT Support Staff,

Some major wireless changes are taking place now. Many Public Relations outlets are being targeted, but many people have not yet heard this news. We need everyone to help spread the word. The UF Computing HelpDesk would appreciate converting as many users as possible during Summer B to minimize the last minute rush that we expect early in Fall term. There is an email below that we encourage you to customize and forward to your user communities.

Note that there are two main changes described here:

The new wireless SSID "uf" which requires 802.1x,
The NAC Posture Assessment (PA).

Network providers on campus have been working together for over a year to specify, design, and implement an integrated wireless and NAC PA system. This will provide a common access method for wireless users all around campus, and will soon replace the old, public SSID wireless networks: ufw, hnet-public, and dhw. Most areas on campus are already live with the new systems, and the Academic Health Center will join us very soon. We're also working with UF Athletic Association and UF Foundation to include common wireless service in their areas. Changes to wireless in UAA and UFF areas should begin in Fall semester.

The new general use SSID is "uf", and "ufinfo" is also available everywhere for initial configuration. GatorLink authentication is required. Other improvements include use of 802.1x to allow credential caching, and encryption via WPA2 Enterprise. We recommend that users first establish 802.1x connectivity during warning mode, and then work to remediate any NAC PA issues. We *highly* recommend the Auto Config option (see getonline link below) for users.

A third shared SSID, "ufvisitor", will also be available later this summer. It will only be offered in high-traffic public areas, and is intended for causal use by people who are not affiliated with UF, and do not have a GatorLink ID. UF affiliated individuals with GatorLink IDs should use "uf" and not "ufvisitor". This network will be open to the public and require the visitor to register with their cell phone, and will receive a 4 character pin via text message. These accounts will be valid for one week, and the visitor must re-register after that time if they wish to continue using the "ufvisitor" network. The "ufvisitor" wireless network will be much more restricted than the standard "uf" network. It will appear as an outside network to UF resources, and all UF / Shands VPN services will be blocked. Stay tuned to IT-News for more details coming soon.

The NAC PA system is currently in "warning" mode where users receive web browser messages about lack of compliance. On July 16, that will change in all areas to "blocking" mode, and users will need to remediate before they regain full network access. At the start of every term, the NAC PA system will be reverted to a "warning" or grace period. The NAC PA system will be looking for the following items:

Windows

SafeConnect Policy Key is installed. The Policy Key can be installed by IT Staff using SCCM or Group Policy or by allowing users with administrative privileges on their computer to go to the GetOnline site and choose Auto Config.
Windows Update is enabled and set to automatically download and install updates
Active anti-virus software is installed, running, and fully updated
P2P software is not running
Anti-malware and checks for Java, Flash, Reader, and other exploitable software will be added to all sites after Sept. 5

Mac

SafeConnect Policy Key is installed. The Policy Key can be installed by IT Staff using SCCM or Group Policy or by allowing users with administrative privileges on their computer to go to the GetOnline site and choose Auto Config.
Active anti-virus software is installed, running, and fully updated
P2P software is not running
Anti-malware and checks for Java, Flash, Reader, and other exploitable software will be added to all sites after Sept. 5

The dates for coming PA changes are:

July 16 blocking begins for Summer B,
Aug 13 warning, grace period begins -- NOTE: old public SSIDs are also sunset on this day,
Sept 5 blocking begins for Fall, grace period ends.

Support groups that push updates from central servers such as SCCM will need to request an exemption from NAC enforcement. Please open a remedy ticket to process these requests: https://request.it.ufl.edu/ and then select "Computing Infrastructure & Networking".

Specific changes will be announced during our normal network change cycle to this list. Please also keep an eye on IT-News for updates about this project and other exciting IT developments:
http://www.it.ufl.edu/news/infrastructure/a-safer-more-secure-wi-fi-for-uf/
http://www.it.ufl.edu/news/infrastructure/will-you-be-blocked-from-ufs-wi-fi/

This link is where users on the "ufinfo" SSID will land:
http://getonline.ufl.edu/
It includes links to the Auto Config tool, Manual Config instructions, HelpDesk FAQs, and a general FAQ. We are still working to improve the links on this page.

Thanks,

Dan Miller
Network Manager, UFIT

----- suggested email for your users -----
Subject: Notice of wireless changes coming soon

UFIT is pleased to announce that all wireless systems are undergoing a major upgrade this summer. These upgrades provide improved security and allow you to reconnect without having to enter your password. If you are connecting via wireless, try the "ufinfo" SSID which should take you to the Auto Config tool. Please try that first to gain access to the new wireless network "uf". If you connect to "uf" before July 16, then you may see Posture Assessment (PA) warning messages on your browser. These indicate that your system needs to be updated to be in compliance with UF IT Security standards. On July 16, the new system will begin blocking access for any host that is not in compliance. Try to resolve the warning messages before July 16 in one of these ways:

Contact local IT support.
Contact the UF Computing Help Desk 392-HELP.
Fix the problem yourself if it a self-managed device. The UF Computing Help Desk is also prepared to assist in these cases if needed.

NOTE: the old public wireless networks will be removed on August 13. These include "ufw", "dhw" and "hnet-public". Please try the new "ufinfo" and "uf" wireless networks listed above before August to beat the last minute rush.

UF Exchange updates (previous discussion)

Outsourcing of student email?

Updates not available...

Outlook asking for re-authentication

Chris Hughes had provided an update on this issue:

"I believe we have found a partial solution for the sporadic Outlook login issue. If we force Outlook Anywhere to be disabled via GPO (http://support.microsoft.com/kb/2426686) on our desktop clients, when Outlook gets a connection failure, instead of failing over to using Outlook Anywhere and continuing to use this method, Outlook does a reconnect using Kerberos."

"While this isn’t a great solution, especially for laptops, it does work well on desktops. Something that may be worth looking into to help resolve this issue without removing Outlook Anywhere would be to switch Outlook Anywhere to use NTLM authentication instead of basic. If NTLM was enabled and there was a connection failure or delay, when it failed over to use Outlook Anywhere, the client would connect using the Windows Integrated Authentication instead of prompting for a credential."

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Updates not available...

Split DNS solution for UFAD problems (previous discussion)

Updates not available...

Projects

New web cluster (previous discussion)

Updates not available...

Windows 8 Deployment? (previous discussion)

Stupid Windows 8 Tricks: Part One

In a posting to the ICC-L on Tuesday, October 9th, Wayne Hyde had noted:

If you have added any Win8/2012 machines to UFAD before noon today you will need to do the following on those machines to get Windows Update working with our WSUS server:

On the affected client, open cmd.exe in elevated mode.
Type the following commands. Make sure that you press Enter after you type each command:
    net stop wuauserv
    rd /s %windir%\softwaredistribution\
    net start wuauserv

Stupid Windows 8 Tricks: Part Two

Santos Soler had posted a beta version of McAfee's VirusScan as mentioned last time, but Steve had not been able to get the ePO agent to work and had been doing manual DAT updates in the meantime. Steve since resolved that by downloading a newer version of the agent, 4.6 Patch 1, that is available from the Downloads section at http://software.ufl.edu/agreements/mcafee/. Steve has asked Wayne to consider posting that version at \\ad.ufl.edu\ifas\SECURITY-TOOLS\ePO-Agents.

Stupid Windows 8 Tricks: Part Three

The IPCC compliance checker currently requires .Net Framework 3.5, which is a feature that is a "Feature on Demand" not enabled by default on Windows 8. As a result, one gets the following message when logging on to a Windows 8 machine joined to the domain:

.NEt Framework 3.5 message one

When one attempts to download and install that feature, another error shows up:

.NEt Framework 3.5 message one

The solution is to mount the Win8 deployment ISO within Windows 8 (which is as easy as double-clicking the file in Windows 8--new feature). That will make it available as a drive letter--a virtual DVD. Then you need to run an elevated cmd prompt and run this command:

Dism /online /enable-feature /featurename:NetFx3 /All /Source:x:\sources\sxs /LimitAccess

where "x:" is replaced by the drive letter under which the Windows 8 .iso was mounted.

Dennis Brown said that he is looking forward to IPCC acknowledging Microsoft Security Essentials as a valid antivirus in addition to McAfee because they are getting more machines all the time which are running that software instead of McAfee.

SCCM for IFAS

Work continues on the central SCCM plans.

Updates not available...

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Re-enabling the Windows firewall (previous discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (previous discussion)

<OMG!>Santos Soler had noticed that the IT/SA Services Documentation had fallen behind in quite a few areas and pointed this out to Steve. Steve had responded that he didn’t mind updating specific items when asked and if provided some guidance, but that he didn’t have the time to do a wholesale update of everything as there is an awful lot beneath that link. So what does Santos do? He volunteers to help!</OMG!>

Steve is incredibly appreciative of Santos's efforts. Please check out his rewrites of the sections on DHCP and Print Services. He is still working on the Web section update and Steve can't wait to see it. Thanks Santos!

BTW, if anyone else wants to help with documentation Steve would be glad for the assistance. In particular, he would hope recent hires might help point out what seems to be lacking or is too far out-of-date.

Operations

Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection?

Updates not available...

Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Updates not available...

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (previous discussion)

Updates not available...

Moving away from the IFAS VPN service (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

Updates not available...

ePO updates (previous discussion)

Virusscan Enterprise 8.8 Patch 2 was released.

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

Patching updates... (previous discussion)

Microsoft

We had an out-of-band release this last month to address critical vulnerabilities in IE. This was payback for the lack of regular September updates.

The October Microsoft patches included 7 bulletins (1 "Critical and 6 "Important") addressing 20 vulnerabilities in Windows, Office, SQL Server, Microsoft Server Software, and Microsoft Lync. There were a lot of re-releases as well with more coming apparently, due to compatibility issues affecting signed Microsoft binaries. Steve admits to not fully understanding the issue but did note seeing up to 19 patches install on his home machines when updating via Microsoft update.

McAfee provides podcasts on the highlights of each month's offerings.

Adobe

Adobe revoked a Code Signing Certificate which was compromised when one of its internal servers was hacked. Updates were released for a number of applications as consequence.

Adobe also released security updates for Flash Player. Yes, shocking news.

Java

Always vulnerable, we await yet more updates.

Cyber Self Defense Class Via Videoconference

You are reminded about this upcoming class:

Message from Dan Cromer to the IFAS-Announce-L:
"Announcement - Cyber Self Defense Class Via Videoconference" Tue 8/7/2012 3:18 PM

Cyber Self-Defense Class
Via Videoconference
Thursday, October 25
2pm – 4pm

The popular UFIT “Cyber Self Defense” class will be held via videoconference on Thursday, October 25.

This is a great opportunity for UF and affiliated staff around the state to learn about a variety of safety and personal information security issues when going online.

Do you use the Web to make purchases? Do your kids spend a lot of time on social media? Participate in this session and find out more about safe Web browsing, encrypting and backing up files, email, and wireless security.

UF information security engineer Derrius Marlin leads an interactive discussion on topics that get participants thinking about how to protect both personal and work-related information.

Videoconference ports are limited!
To register email UFIT Communications (it-comm@ufl.edu) with:

The name of the UF Department/Extension Office – Include name of county
Technical Contact (Name, Email Address, Phone Number)
IP Address for Videoconference Connection

A confirmation email will be sent, followed by additional course information, handouts, and connectivity information the week of the class.

Bill Caltrider had a question on how Microsoft patching was handled here within IFAS. Steve responded that our documentation on WSUS is sorely out-of-date, but that this is managed centrally for machines joined to the domain. Wayne Hyde is the person in charge of the WSUS server and he is the one to contact for further details.

Bill also asked for a recommendation on logging off or turning off machines when leaving. Steve responded that each unit is likely to have their own suggestions in this regard. Leaving the machines on and logged off will certainly ensure that updates can be applied as quickly as possible and that the machines will be ready for use when a user logs on. That is Steve's preference and it also allows him to easily remote desktop in and patch during off-hours. Others may wish to save energy by requesting that machines be shut down or set to sleep. Whatever recommendations are advertised, however, it is Steve's experience that people will generally do what they want in this regard.

MS Office News update (previous discussion)

Updates not available...

Job Matrix Update status (previous discussion)

Updates not available...

Remedy system status (previous discussion)

Updates not available...

ICC Meeting:

IFAS COMPUTER COORDINATORS (ICC)

NOTES FROM October 12th 2012 REGULAR MEETING

Report from the chairman

Videoconferencing and WAN discussion

Policy

Projects

Operations

Other Topics

IFAS COMPUTER COORDINATORS
(ICC)