|
|
ICC Meeting: |
IFAS COMPUTER COORDINATORS
|
|
Subject: Login Attempt The system has detected at least 20 failed attempts to connect to the UF Wireless Network from a wireless device, such as a laptop, phone, or tablet. This may be a result of a recent change to your GatorLink password. If a password change has occurred, you will need to update your GatorLink credentials on this wireless device. If you do not update these credentials on your wireless device, it is possible your GatorLink account will become temporarily locked. The last failed attempt happened at Sep 10 09:41:03. The device has a manufacturer ID of Apple Co. For diagnostic purposes, the device has a wireless hardware address of 0019e3e1e100. If you are unsure on how to update your password please take the following steps:
If you still need further assistance, please contact your local IT support group or the UF Computing Help Desk at (352) 392-HELP (4357). Please do not reply to this automated message. |
The solution seems to be to "forget" the UF connection, reaccept the certificate, and then it works--at least until the next time. What is up with that?
A: Avi responded that the three different networks on campus (CNS, DHNet, and HealthNet) each use different certificates and there are areas of bleed-over. If you are driving down Mowry road and go by the Cancer/Genetics Research Institute you might get some bleed-over from the Health Center provided wireless there. Avi said that if you don't configure manually but rather use the Auto Configuration button, then with Windows or the Macintosh this will download the XpressConnect client and on iOS devices it will download a configuration profile. Both of those will include all certificates for the wireless networks and this certificate issue should be avoided. Wayne Hyde thinks having separate SSIDs for each of the three networks might have been a simpler solution.
Jimmy said that there must be more to this issue than what Avi was saying because Jimmy has seen this with iPads that never leave McCarty Hall. Avi recommending using the device profile which installs a root certificate whereas the access points offer child certificates. Avi also recommended calling CNS if the problem persists.
Patching updates... (previous discussion)
If you aren't serious about patching yet, consider the latest in ransomware that encrypts your data. See also here, here, and here. Thorough patching, a careful backup strategy, and least privilege access to files all play an important role in surviving such assaults. Avi pointed out that this category of malware is not new and Kevin Hill mentioned having a friend who got hit with this and it is extremely nasty.
Microsoft
The September Microsoft patches included 13 bulletins (4 "Critical", and 10 "Important") covering 47 CVEs in the usual suspects. A risk assessment is available here.
McAfee generally provides podcasts on the highlights of each month's offerings.
This month's updates for Office were extensive, including a whole bunch of non-security updates. One such Update caused a problem with Outlook 2013 in some instances; the symptom is a missing/blank Folder Pane. Also, there is a detection problem with some Office 2007 updates whereby they get continually reoffered (KB2760411, KB2760588, and KB2760583) and there was another issue with an Access 2013 security update not installing. All told this was a very messed up batch of updates that raises concerns about Microsoft's quality control processes. Microsoft has posted a September 2013 Security Bulletin Webcast Q&A that discussing many of the issues seen.
Jimmy said that there were also two Microsoft updates for the Mac: one for Office (which Jimmy believed had a number of things for Outlook) and another for Lync that fixes the problem with trying to join an online meeting. Steve asked if Microsoft updates could be scheduled on the Mac and Jimmy responded that they can be scheduled on a weekly basis. This particular Lync update, however, has problems with the auto update for some reason and must be downloaded from the link provided and installed manually.
Adobe
Adobe had updates for Flash Player, Reader and Acrobat as well as Shockwave Player this patch Tuesday. Don't forget to update Adobe Air if you have that as well; the current version is 3.8.0.1430.
Java
In case you have been wondering whether or not you can keep JRE version 6 around, consider that an exploit targeting an unpatched vulnerability in Java 6 has been found in the wild. It is time to move on and deal with the consequences. Don't forget that JMP, Hoboware, and other applications still install version 6 by default--not good.
In other news, running a Java applet now pops up a security dialog box that presents users with information about the application (to warn people apparently); but it turns out that the information displayed can be changed by malware; basically, Oracle is allowing unsigned information into their security dialogs.
Just for fun, Oracle released JRE version 7 update 40 on Tuesday. This is not a security update, but UFIRT vulnerability notices are acting as if it was via this added statement:
*** NOTE *** As of 09/12/2013, all versions of Java 1.7 prior to 1.7.0_40 exploitable by the by at least one critical vulnerability. You are receiving this notice because you are running a version of Java that puts your system and University resources at serious risk to compromise. Java 1.6 is has reached its end-of-life. We do not recommend you continue to use 1.6 . *** NOTE ***
There would seem to be no real security advantage in upgrading from update 25 to update 40 other than to avoid these vulnerability notices.
Among other things, this latest update puts the following on the Start Menu:
A new Deployment Rule Set feature was also introduced; time will tell how useful this feature might be. If you are curious about the update numbering scheme (jumped from 25 to 40, really?) check here.
Winnie Lante was under the mistaken impression that SAS 9.3 required JREv6 but Steve said that nearly everything works with JREv7 and that the switch can be made by editing a configuration file as documented previously.
Francis Ferguson mentioned the CEU reporting site that still only works with JREv6. Steve has his people email those to their contact at the Florida Department of Agriculture and Consumer Services and lets them deal with it. Maybe that way DACS will have some incentive to update their server-side application.
Steve asked if anyone was aware of other web apps that required Java. Steve mentioned that the monitoring portion of TMS requires Java and Dan Cromer said that portions of BigBlueButton require the Java plugin be installed as well. This is somewhat surprising as this is a new service just starting up at UF. Dan said that he believes that the company is working on moving away from Java to HTML5.
Apple
Apple released an update for OSX.8 (Mountain Lion) which included some security updates and also released security updates for both OSX.7 (Lion) and OSX.6 (Snow Leopard).
WordPress
There is an extremely critical remote code execution vulnerability in WordPress versions earlier than 3.6.1 that should be addressed immediately. Dan said that Santos Soler had patched the IFAS WordPress installation last night to address this.
[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]
Videoconferencing topics (previous discussion)
Endpoint security concerns (previous discussion)
Steve had heard indirectly that Patrick Pettus is concerned that our endpoint management system will be crippled if Telnet access is blocked. Steve wasn't clear on exactly what features would be lost but Dan Cromer suggested this would be limited to non-necessary things such as directory updates which currently don't work anyway for our oldest and newest units. Steve really suspects that other features would be eliminated as well and would like to know exactly what we might have to look forward to as videoconferences via managed endpoints have become very much a daily activity within his unit and any disruption to that could be quite critical.
Patrick Pettus responded to Steve the following Monday describing what the removal of Telnet would mean:
|
Essentially it removes all of the management capabilities from TMS and turns it into a simple scheduling system. Telnet is used by TMS to make configuration changes to the endpoints. Things like software management, phonebooks, configuration templates, configuration enforcement, automated ticketing, and scheduling support for mobile hardware codecs will go away. We would no longer be able to deal with configuration changes in bulk. For example, the recent DNS changes were made by updating a couple of templates in TMS. Without TMS we would have had to log into 200 + endpoints to configure them. What took about 15 minutes to change, would have taken over 2 days (200 endpoints X 5 minutes = 16.6 hours). To some extent this is happening already. The Aver and Lifesize codecs are not supported by TMS for management and so are already treated this way. This is my primary complaint about purchasing them. While the codecs themselves are inexpensive and perform well, they don't fit into the current centralized support model. Taking a service that is already starved for support and removing the management tools is certainly not going to improve it. If something must be done about the unsecure telnet connections then I suggest adding an ACL to each endpoint and limiting telnet access to TMS only. |
The major stumbling point currently is that TMS doesn't work with SSH and Patrick is discussing that need with Cisco. While we clearly need non-Telnet solutions moving ahead we also have a huge investment in equipment that we really need to keep running well in the short-term. The impression from the ICC was that the vast majority of our videoconferences are being hosted on the bridge with point-to-point connections making up somewhere around only 10% or the total. Using the bridge has various advantages such as speed and protocol matching.
Replacing Polycom endpoints with some Lync-based solution (previous discussion)
There was some discussion about software-based videoconferencing solutions via the ICC-L since our last meeting. Dan Cromer gave his take at the time:
|
Message from Dan Cromer: ...The “best” video connection to a bridged conference is with Jabber. I’ve set that up for several students at Immokalee. Try it, you’ll like it. Disadvantage of Jabber is that you need to request the GatorLink username be added to the Movi security group, but that’s a two-minute job that I usually handle immediately upon request; Chris, Scott, Dan Christophy, Marion, and Lance can all do it, plus requiring the additional client install on the local computer. Jabber has the advantage of being able to clearly display the content, while showing the active speaker in a small picture-in-picture, or swapping the content with the camera. Lync displays content using NTSC conversion, so is lower resolution. Lync 2013 doesn’t currently work with the bridge. Blue Jeans is next best to Jabber, it can use the browser rather than other client (though it can also work with Lync, Skype, or Jabber client), and offers viewing of more than one camera at a time, up to 16 (same as the bridge and Jabber). Blue Jeans can work without having a microphone on the client; Lync won’t start unless there is a microphone. It also has the ability to resize the content and camera windows. Lync, until coming upgrade, only shows the active speaker unless it’s a Lync conference and the CX5000 camera is used to add the panorama view. |
John Wells responded that he is very pro-Jabber and shared a setup/troubleshooting guide that he gives out to users in his district.
Possible end-point refresh in the works (previous discussion)
Updates not available...
Movi/Jabber Updates (previous discussion)
See above discussion.
End-user Scheduling (previous discussion)
Steve asked how people were liking the new Smart Scheduler. Jimmy said that he likes it personally but that it has been confusing his end users who have tried it. Steve said that he encourages his users to get with him for scheduling in any case, but he hoped that this new system would be helpful to those in each unit that would have previously used the old event request form. Multiple comments suggested that this was indeed the case in many instances. Many noted that it is difficult to find and add endpoints via this new system as most requests come to us in IP# form. Steve pointed out that there is a search form on the video site that might help somewhat. The problem is, however, that the Smart Scheduler only seems to work with endpoints that TMS can manage; our older endpoints are mostly out-of maintenance and cannot be updated with the latest firmware to allow the necessary inter-communication. That's why Steve is hoping Video Services can come through on the proposed training that would permit individuals direct access to TMS.
See also above discussion.
Lync updates (previous discussion)
Dan Cromer mentioned having recently tried to record a Lync conference for the first time. He discovered that this feature was available only within a Live Meeting session and not a regular Lync call. Recording of a Live Meeting session seemed to be easy to perform and worked well. After you stop the recording it asks where you want to save the recording. It can create an mp4 version for distribution as well.
SIP may replace H.323 as preferred protocol for endpoints (previous discussion)
Updates not available...
Blue Jeans (previous discussion)
Dan Cromer had shared with us some of the details concerning Blue Jeans Release 2.1 which became available on August 17th.
Steve noted that Bluejeans supposedly is adding a chat feature that should be available by the end of September. Dan explained that IFAS has a $12k/year "All You Can Meet" license that allows 250 accounts (for creating conferences) and up to 25 simultaneous connections per conference. Bluejeans is working on being able to manage more than 25 simultaneous connections, but currently that is a technical limitation to their service.
WAN (previous discussion)
Updates from James Moore
Updates not available...
Wireless printers (previous discussion)
Updates not available...
VoIP at RECs
Dan Cromer said that Jay and Milton are now using UF VoIP and that we have similar plans for Marianna, Homestead, and Vero Beach. Indian River is waiting on the proposed centralized payment of the current $11/month/phone charges. Belle Glade is apparently investigating VoIP as well.
Phone bills to be paid for centrally? (previous discussion)
This is planned to be added into RCM for the next fiscal year.
Notes from August SIAC meeting
Late Tuesday Dan Cromer made the notes from the August SIAC meeting available on the ICC SharePoint site along with the June 2013 SIAC Annual Report. Those were not posted on the Shared Infrastructure site as of Wednesday so Dan is providing us a "scoop" of sorts. Thanks Dan!
August's IT Directors Meeting Notes
Dan Cromer kindly made the August Campus IT Directors Meeting notes available on the ICC SharePoint site.
PrintSmart initiative (previous discussion)
Information about this program was discussed at the August SIAC meeting. Steve asked if anyone had gone this route with Xerox yet. Dan Cromer mentioned that he wants to do this for IFAS IT as soon as he can get around to it and Matt Nash said he believe FRE might go that route as well.
Wendy Williams shared later via e-mail that she had one Xerox machine that had been accepted for Print Smart, had received decals for it and has been ordering via the new method. She also noted that during the E&G IT Managers meeting others who had to get new units were waiting up to 6 weeks, which seemed a bit long. She said folks that have Degree Audits printing to one of the Print Smart printers would be wise to make sure it works because there is some VLAN issue that must be addressed.
Avi wanted to reiterate the need to wipe the hard drives of any machines that were being replaced prior to disposal. Such a procedure is going to be worked into the new program but we still have a large number of machines that are owned or leased separately.
New IT Service Management Initiative
Tricia Cook is the Remedy remediation project manager. This project is concurrent but separate from the ITSM project and seeks to improve Remedy systems stability, performance and reporting capabilities. An online meeting was scheduled for Tuesday, September 10, from 2:00p.m. to 2:30 p.m. to provide more information about the Remedy remediation effort.
Dan Cromer said that he was awaiting progress on finding a Remedy replacement prior to re-considering offering training on Remedy regardless of what interim changes might be made. Dan reiterated his desire to have data on what IT does so he can make the case to Dr. Payne that we provide a valuable service; having IT support staff utilize a ticketing system could permit Dan to "justify our existence" to administration. Winnie Lante pointed out, however, that our local departmental faculty, staff, and students all already aware that we are doing our job and providing a valuable service. She pointed out that adding metrics would cost us valuable time and hence worsen our already stretched support capabilities. Dan said he is aware of the paradox, but in an increasingly centralized management model such metrics are likely to be demanded whether or not they serve to actually improve local service or not.
Content Management System (CMS) for UF: Entering purchasing phase (previous discussion)
Jimmy Anuszewski had shared the following to the Web-Managers-L list from the August IT Directors Meeting:
|
UFIT will start implementing TerminalFour, the new web content management system (WCM) for campus. A project manager will be assigned soon and work will be underway to provide support and training for the new system. Eric Olson was recognized for his leadership on the WCM Task Force. In parallel with the WCM system, a document management system will also be deployed by UFIT. A survey has been sent to identify the use cases for this system. The Transition will begin the summer of 2014 and will focus on the colleges first, research second and Enterprise Systems last. For more information, please contact Brandon Vega at (352) 273-1392 or brandonvega@ufl.edu. |
Dan Cromer said that there are hopes that this may be available as early as Spring 2014.
Authentication Management policy draft (previous discussion)
Updates not available...
New 'Trouble-Ticket' Entry Page for CNS (previous discussion)
Updates not available...
KACE (previous discussion)
Updates not available...
CNS working to implement NAC for UF wireless (previous discussion)
David Huelsman posted the following message regarding current posture assessment practices on the wireless network:
|
Message from David Huelsman to the ". All-IT" list: UF Community, The Unified Wireless Committee set a schedule to begin blocking network access at the end of every semester's drop/add period. On August 28th at 7:00AM UF began blocking machines that do not meet minimum security policies. The required minimum requirements are:
At the moment, UF is only notifying users who are running out dated versions of Java every 6 hours. On September 8th 7:00AM, UF will also begin blocking network access based on out of date Java browser plugin versions. If installed, Java should be running the current distribution version, Java plugins that are older than 15 days will be blocked. As we get closer to the 8th UF will be decrementing the notification window to encourage users to self update or disable. Note that this check is only for installed Java browser plugins and not all Java on the machine. UF Housing network began blocking on this at the start of the blocking period. If you have any applications that require specific versions of Java, please contact us via email at: security@ufl.edu |
Steve mentioned that the simplest way to get around an out-of-date Java preventing wireless access would be to uninstall it, but Avi added that he has run into cases where it wouldn't uninstall properly. Avi mentioned that disabling the browser plug-in within the browser would solve this but was unaware of the Java Control Panel app for doing that which became available back with JREv7r10 in December of last year. Steve believes this is a "per machine" setting and not a "per user" setting; it requires admin access to change that setting.
UF Exchange updates (previous discussion)
A UF Exchange system upgrade, specifically the "Update Rollup 2 for Exchange 2010 SP3" is planned for this weekend. This should be transparent to Users but folks like Scott Owens will need to update their management tools.
Outsourcing of student e-mail
In a response to Mari Jayne Frederick about "cloud storage" options, Dan Cromer wrote the following:
|
“Real soon now” UF will provide 25 GB Skydrive storage accounts for all UF faculty, staff, and students, except for those who deal with private health information (PHI). Pilot accounts are being set up immediately, for students who also are OPS workers at the UF Help Desk. I hope this will be available to all sometime in the next six months. Dropbox use is prohibited by UF security rules, due to lack of institutional control. UF requires a business agreement with cloud storage providers to protect ownership of content and access for legal discovery requirements. I’m well aware that our users are using Dropbox and other such options, but have remained inactive on this topic since we don’t yet have a good alternative. Remember that for internal use we have our shared folder system at \\ad.ufl.edu\IFAS, and for transient sharing we have http://file-express.ufl.edu. |
In response to a question from Kamin Miller about whether or not the 25 GB could be increased, Dan said:
|
I don’t know about optional expansion, but I’ll ask. The first plan was just 5GB, so I was happy with the 25GB. I’ll let everyone know whenever I learn more. This is part of the movement of students to Office365 off of the old Gatormail. At some point, the plan is for all faculty and staff to be in Exchange (which means some who still use Gatormail will have to move), and students to be in Office365. Strategic direction is for everyone to be in Office365, as soon as security and management can be arranged, but I see this as several years away, since my personal guess is that Gatormail system will be retired at the end of fall term 2014. |
Updates on this topic were discussed at the August SIAC meeting. Dan noted that IFAS didn't have a chance for involvement in the pilot program but intends to ask if that can be expanding to include us.
Steve noted that Windows 8.1 and Windows Server 2012 R2 will support a new "Work Folders" feature that would let folks keep files on their local device which would then be automatically synced to the server--in other words, a local enterprise-level "Dropbox-like" feature. It will obviously take us a long time to get there, but Steve thinks this is an encouraging trend that will really help eliminate a considerable number of support issues down-the-road.
Outlook asking for re-authentication
Updates not available...
Sakai e-Learning System now in production (previous discussion)
It turns out that Firefox version 23 enables mixed content blocking by default. This has caused some support issues with Sakai (see Blank Pages in Firefox under Announcements). Ironically, one suggestion is to use a web browser that is less security conscientious in this regard.
Also, multiple file uploads via WebDAV to Sakai hasn't been working recently, even with the CyberDuck client; there is no word on why or when a fix might be coming.
Alternate IFAS domains in e-mail (previous discussion)
Updates not available...
Split DNS solution for UFAD problems (previous discussion)
Updates not available...
New web cluster (previous discussion)
When Steve noted that his department was still on the old web server and wondered if it would stay that way until the hardware died, Wayne Hyde noted that the old web server had been virtualized...something that had escaped Steve's notice for some reason.
Windows 8 Deployment? (previous discussion)
Updates not available...
SCCM for IFAS
Work continues on the central SCCM plans and Steve is very excited about the potential now that we have DeWayne Hyatt and his extensive experience on-board. This platform could do so much for IFAS if we could find the time and energy to devote towards setting it up and distributing out its use to local IT admins (with training).
Exit processes, NMB and permission removal (previous discussion)
Updates not available...
Services Documentation: Is a Wiki the way? (previous discussion)
Updates not available...
Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection?
DeWayne Hyatt mentioned having experience with System Center 2012 Endpoint Protection at his previous job; this is good news should IFAS go that route eventually. Dan Cromer said that DeWayne has replaced Alex as the IFAS representative on the EPP project. Wayne Hyde shared with Steve his understanding that EPP may go with the IBM/bigfix solution which includes Trend Micro AV.
Print server (previous discussion)
Updates not available...
Recording lectures for Distance Education (previous discussion)
Steve noted that the bridge failed to connect to the media server today for some reason so that this meeting will not be recorded (other than the audio recording that Steve always does). Steve will email video services to ask that someone please investigate the cause. Since IFAS has 16 expensive local Accordent Lecture Capture appliances that are nearing end of life (April 2014--as they are Windows XP based) and Steve has been told that recording via the bridge should be an acceptable substitute for our critical need for recording lectures at Entomology and elsewhere, he would greatly appreciate anything that might make recording via the bridge more robust and that would provide acknowledgement and feedback when the inevitable problems do occur.
Here is the response that Steve received from Patrick Pettus on Monday:
|
During the duration of the ICC meeting 5 other meetings were successfully recorded. The content server was scheduled correctly for the meeting, but just refused to connect. At no time was it over booked so I can't see any reason for it to reject the call. I'll have to dig deeper to figure out what was going on. I'll let you know what I find. The Content Server is the last piece of the VC infrastructure that is not fully redundant. It is in our plans to beef up that service, but that likely won't happen until the next FY. While it is extremely useful to be able to record presentations from any videoconference facility with the Content Server, I would not consider it a replacement for Mediasite or Accordent where high end recordings are needed. Those platforms offer have several features like content searches, slide indexing, and higher resolution that produce a much higher quality end product. The 16 Accordent rooms should be looked at individually to determine their recording needs. For rooms like McCarty G001, a Mediasite recorder is a must. For the others, the Content Server may or may not meet those needs. Just something to keep in mind. |
New DHCP reservation site created (previous discussion)
You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.
Restoration of back-ups on the file server
Wayne Hyde intends to document and announce proper usage as time permits.
Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)
Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.
Creating guest GatorLink accounts: singly or in bulk (previous discussion)
Steve had left this on the agenda in case further discussion was deemed warranted.
DirectAccess pilot (previous discussion)
Dan Cromer wants to get individuals into a pilot program and plans to stage some of the Help Desk laptop into that.
VDI desktops as admin workstations (previous discussion)
Wayne recently updated this pool:
|
Message from Wayne Hyde to the "ICC-L" list: The ICC Management VM pool has been updated. The changes include:
Java and other annoying “update is available” popups should (finally) be disabled. If not, I’ll use a bigger hammer. You will need to log off and back in to get an updated VM image. |
Wayne had previously changed the "Automatic logoff after disconnect" setting to 4 days. The only other update Wayne has planned for this is the Exchange Management Console which will be important mainly to Scott Owens.
Wayne's Power Tools (previous discussion)
Updates not available...
Computer compliance tool update (previous discussion)
Updates not available...
Folder permissioning on the IFAS file server (previous discussion)
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
Steve mentioned that Santos Soler has developed a Powershell script to help OU Admins who do not understand how to do this and other management tasks properly. Steve may dedicate a portion of an upcoming meeting to this topic but wants to give Santos time to fully hone the script prior. Most of the functions this script can do will provide little time advantage but should certainly make obtaining a correct result possible without fully understanding the underlying processes. There is one aspect that is a real time saver, however, and that involves removing an individual user account from all the security groups to which it belongs. Steve finds that a great time saver when decommissioning user accounts over running WPT to find the groups and then deleting them individually by hand.
Disabling/deleting computer accounts based on computer password age (previous discussion)
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex York's replacement can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Since BitLocker stores its keys within the computer object in UFAD, Chris Leopold was considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.
Core Services status (previous discussion)
Updates not available...
ePO updates (previous discussion)
Updates not available...
Status of SharePoint services (previous discussion)
IFAS migrating to centralized MOSS
Updates not available...
Public folder file deletion policies and procedures status (previous discussion)
Updates not available...
MS Office News update (previous discussion)
Updates not available...
Job Matrix Update status (previous discussion)
Updates not available...
Password expiration times (previous discussion)
Francis Ferguson noted that he has already received positive feedback from people who are very happy not to have to change their password as often as before. The new policy requires a change every six months for account with the P4 and P5 (high and rigorous) role and yearly for others.
Steve noted that he wanted to utilize the new passphrase capability but found out that a space was not an allowable character; Steve finds it very difficult to type a passphrase without hitting the spacebar between words so he had stayed with his previous algorithm for devising his new passwords. Avi said that the long-term plan is to replace the current password component (presumably with something that would permit spaces) but how long that may take is anybody's guess.
Local MPS backup storage
ITSA is starting to use Synology NAS boxes as iSCSI targets for multipurpose server backups.
Adobe licensing
The Adobe licensing situation remains unresolved. We commiserated on this topic for a while and all hope the issue is resolved before too much longer.
Steve mentioned having continuing issues with activation of CS6. This began originally with Acrobat installed as part of CS6. That aspect seemed to be resolved via the afore-linked solution, but now Steve is finding that the other parts of the Suite are asking users to logon to Adobe and enter the license key in order to get out of trial mode. This is on system which Steve already activated (sometimes multiple times) under his own profile. The solutions provided by Adobe do not seem to work. See here for many examples of people having issues; my "favorite" horror story is this one.
The meeting was adjourned just a trifle early at about 11:55 AM.
