|
|
ICC Meeting: |
IFAS COMPUTER COORDINATORS
|
| Topic | Presenter/Group | |
| 8:00 | Setup | Mark / Richard Lowery Intro |
| 8:30 | Terminal 4 | Brandon Vega, Pate Cantrell, Mike Masemore |
| 8:45 | Document Management System / OneUF (Mobiquity) | Brandon Vega, Pate Cantrell, Mike Masemore |
| 9:00 | PrintSmart | Rob Luetjen, Lisa Deal, Xerox Rep, Eric Boomer, David Huelsman |
| 9:45 | Break | |
| 10:00 | UF Online | Brian Harfe, Jennifer Smith, TJ Summerford |
| 10:20 | SCCM | Andrew Carey |
| 10:30 | Office 365 | Josh Davis |
| 10:50 | Break | |
| 11:00 | HPC - Research Computing Matching Program | Matt Gitzendanner |
| 11:15 | Security - Phishing Threats and Impact | Derrius Marlin / UFIT Security Team |
Recordings are available via the above links for those who missed this or would like to review.
Jimmy Anuszewski made a plea that IFAS IT Support folks get more involved with campus IT events and even ICC meetings. He urged all to get more involved; if we know some IT support folks that don't generally attend, then please make an effort to encourage them to do so.
Regarding Terminal 4, Jimmy has a problem with the way that ICS was communicating the need to move there from Word Press for one of his departmental sites that is undergoing a refresh. The (sole) reason for moving provided by ICS was that Terminal 4 allows users to update information on the site. Of course, Word Press allows that already and there are other reasons for preferring Terminal 4 related to technical support, integration with UFAD, etc. Jimmy believes "selling" Terminal 4 in the way ICS is attempting simply makes IT look bad.
Dan Cromer said that IFAS definitely intends to migrate to Terminal 4, but admitted that this is bound to be a very long and drawn out process.
Wayne Hyde mentioned that he made some changes to the WordPress database backend that he hoped might improve performance. He is looking for feedback if anyone using that has any to give.
Notes from last month's SIAC meeting
Updates not available...
Last month's IT Directors Meeting Notes
Updates not available...
PrintSmart initiative (previous discussion)
Updates not available...
New IT Service Management Initiative
Updates not available...
Content Management System (CMS) for UF: Entering purchasing phase (previous discussion)
A loading spot has been created for TerminalFour related training and instruction.
Authentication Management policy draft (previous discussion)
Updates not available...
New 'Trouble-Ticket' Entry Page for CNS (previous discussion)
Updates not available...
KACE (previous discussion)
Updates not available...
CNS working to implement NAC for UF wireless (previous discussion)
Updates not available...
UF Exchange updates (previous discussion)
Updates not available...
Outsourcing of student e-mail
Student eligibility may be found via the tool at https://helpdesk.ad.ufl.edu/. From Josh Davis's Peer2Peer talk on Office 365, Steve found out about documentation on Office 365 at the University of Florida.
Outlook asking for re-authentication
Updates not available...
Sakai e-Learning System now in production (previous discussion)
Updates not available...
Alternate IFAS domains in e-mail (previous discussion)
Updates not available...
Split DNS solution for UFAD problems (previous discussion)
Updates not available...
New web cluster (previous discussion)
Updates not available...
Windows 8 Deployment? (previous discussion)
Updates not available...
SCCM for IFAS
DeWayne mentioned that Horticultural Science has finally uninstalled all the old beta clients and the new ones should get applied at the next reboot. He also stated that local support will have access to the SCCM console so they can monitor and manage their own computer objects. DeWayne re-iterated that IFAS chose not to join the UF SCCM primarily because bandwidth considerations would dictate a need for remote distribution sites. At the MPS refresh next year DeWayne intends to look at adding remote distribution sites where needed. The next group that DeWayne will focus on is Wendy Williams's area whose machines are currently part of UF SCCM; he expects to get started on that next week.
Exit processes, NMB and permission removal (previous discussion)
Updates not available...
Services Documentation: Is a Wiki the way? (previous discussion)
Updates not available...
Moving from McAfee VirusScan to Microsoft Endpoint Protection? (previous discussion)
DeWayne believes we will move ahead away from Mcafee to System Center Endpoint Protection once SCCM gets into wide-spread use.
Print server (previous discussion)
Updates not available...
Recording lectures for Distance Education (previous discussion)
Updates not available...
New DHCP reservation site created (previous discussion)
You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.
Restoration of back-ups on the file server
Wayne Hyde intends to document and announce proper usage as time permits.
Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)
Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.
Creating guest GatorLink accounts: singly or in bulk (previous discussion)
Steve had left this on the agenda in case further discussion was deemed warranted.
DirectAccess pilot (previous discussion)
Updates not available...
VDI desktops as admin workstations (previous discussion)
Updates not available...
Wayne's Power Tools (previous discussion)
Updates not available...
Computer compliance tool update (previous discussion)
Updates not available...
Folder permissioning on the IFAS file server (previous discussion)
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
Updates not available...
Disabling/deleting computer accounts based on computer password age (previous discussion)
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps DeWayne Hyatt can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Since BitLocker stores its keys within the computer object in UFAD, Chris Leopold was considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.
Core Services status (previous discussion)
Updates not available...
ePO updates (previous discussion)
Updates not available...
Status of SharePoint services (previous discussion)
IFAS migrating to centralized MOSS
Updates not available...
Public folder file deletion policies and procedures status (previous discussion)
Updates not available...
MS Office News update (previous discussion)
Updates not available...
Job Matrix Update status (previous discussion)
Updates not available...
Adobe licensing (previous discussion)
James Hardemon sent out the following notice on April 22nd:
|
Hello Department Liaisons, We are pleased to announce that the Lab-based and Device-based licenses for the Adobe Enterprise Term Licensing Agreement (ETLA) are now available for ordering on our website for both the Adobe Creative Cloud Suite and Adobe Acrobat Professional product. As you might already know, in the Adobe ETLA there are three license types for each product. User-based licensing, Device-based licensing and Lab-based licensing. The descriptions of each can be found below:
For more information about the Adobe ETLA and to order the product please visit the website at this link: https://software.ufl.edu/agreements/adobe_ETLA/ |
Steve's department now has three lease-licenses for the Adobe Creative Cloud Suite; two User-based and one Device-based. He believes he has figured out how to deploy at least the Device-based licenses for Windows and wanted to share his experience so far.
On the UF SLS Adobe ETLA site there is a Downloads, Instructions, and Documentation link; from there is an Adobe Creative Suite Installation Utilities link to which department IT support staff may be provided access. This latter location is where one may view the "Instructions to All Authorized IT Support Personnel" and from there continue to the download site. Basically, this is an Enterprise level install consisting of a packager tool for creating software depots from where the software may actually be installed.
Although the Creative Cloud Packager Deployment Guide begins with a Getting Started section that talks about downloading the packager, SLS has already done that for us—one for Windows and one for Macintosh. So the first real step is to install the Packager on a machine that has no Adobe software currently. Here are some screenshots from running the resultant Creative Cloud Packager on Windows…
This first screen threw Steve at first, but he finally decided that one should pick the lower pane:
In his first test Steve created a depot of the x64 version specifying Serial Number License as the type.
Initially Steve kept the default configuration. You can see the following (two screenshot due to the need to scroll) by clicking the “change” link in the above dialog.
Steve later decided to change the Adobe Update Manager Behavior to "Admin users update via Adobe Update Manager."
There is a Remote Update Manager tool that can be used for updating by IT support; see http://helpx.adobe.com/creative-cloud/packager/using-remote-update-manager.html. This is a cmdline tool that is installed on the client systems and can be run to update at least the core programs of the suite.
The Serial Number is on the SLS download site—you are prompted for that during the depot creation process; I’ve left out the screenshot of that dialog along with the Language choice, but it is as one would expect. Then you are asked what components to add; I selected all.
It takes a very long time to download all the stuff from the cloud but eventually one gets the following final dialog. Steve's first full depot ended up being a shade over 17 GB in size.
Steve found a few oddities with this system. For example, Acrobat goes into an Exceptions folder and should be installed both separately and first. Other packages such as Lightroom go there as well but must be installed after the main suite. More details are available at http://helpx.adobe.com/creative-cloud/packager/using-exceptions-deployer.html. There is an Exceptions Deployer Application in that folder as well; it is a cmdline program that requires passed parameters per details on the previous link or via an ExceptionInfo.txt file within the exceptions folder itself.
Steve tried making a couple of other depots; for his Device-based license he created one with Acrobat, Photoshop, Illustrator, and Lightroom as the original desire was for Photoshop and these other programs would seem related to the likely use of that. Steve was looking for how User vs Device licensing might be handled, but found no such distinction. He was expecting some way to offer a User-based license only to a specific individual on a machine, but once the software is installed to a machine it appears to be available to anyone who logs on. Steve has asked SLS if he is missing something or if there really is no installation difference between User-based and Device-based licenses other than the legalities of who may use the software.
Here are the commands one would run (from the client machine via a CMD prompt elevated to IF-ADMN credentials) to install the suite, pretty much regardless of what the depot contained:
Another oddity is that one gets two entries for Acrobat in the installed programs list:
Steve likes the enterprise-ready aspect of the offered deployment options, but knows that IFAS isn’t quite ready with SCCM. Though that may be an option for deployment down-the-road, it will continue to be problematic for certain remote sites for the foreseeable future due to bandwidth, so Steve is really looking for a universal method closer to the old-fashioned install from discs method. He has asked SLS for feedback on that as well.
In case you are wondering if previous perpetual-licensed Creative Suite editions can coexist with the new Creative Cloud applications the answer is yes according to Adobe. We will have to see how that works out.
Regarding home use for User-based licenses, Steve received the following information from SLS:
|
If your department allows, the Primary User (registered to the Adobe User-based license) can obtain a home use license (at a nominal cost) through Kivuto’ OntheHub portal. Kivuto will offer a 12-month Adobe Certificate that can be redeemed at the Adobe web site. Once they redeem the certificate with Adobe (according to the information provided by Kivuto), they will have access to all of the Adobe products that we have at UF plus any other services that come with the lease of the license. Currently, Software Licensing Services is developing a portal to easily authenticate the registered users and allow them to acquire the home-use license. This portal is in a testing phase. So if you experience any issues, please let us know immediately. The web site can be found at this link: https://portal-test.helpdesk.ufl.edu/. You can direct your Primary users to this location to acquire the licenses. |
ICC Elections in August (previous discussion)
Updates not available...
Getting rid of Windows XP
"Windows XP Unsupported" UFIRT vulnerability notices have started going out and we got hit with a ton of them on Wednesday afternoon. At least several false positive detections have been noted by Joel Parlin, Winnie Lante, and Steve Lasley. It appears that they are checking the platform token of the browser user-agent string for "Windows NT 5.1"; Winnie and Steve both were flagged when connected to premier.dell and it looks like Joel's detection may have been related to accessing instagram in some fashion.
Wayne related that ePO still reports 235 computers running Windows XP, so it appears we still have a good deal of cleanup to do. Wayne later sent the list of machines to the ICC.
Identity Management
Dan Cromer mentioned that UF has an Identity Management project in progress that will hopefully eventually lead to automated exit notifications so we can remove access for folks who have left.
Joe Joyce is moving on (and needs a printer)
Dan mentioned he was looking for printer recommendation for Dr. Joyce in his new office as they will not deploy Print Smart printers for a singled office. Wendy Williams suggested a model which had been recommended to her from Laser Action Plus and which has performed well; Steve reiterated that LAP is a good place to ask for recommendations.
The meeting was adjourned early at about 11:30 AM.
