ICC logo IFAS logo


ICC Meeting:

IFAS COMPUTER COORDINATORS
(ICC)

NOTES FROM January 13th 2012 REGULAR MEETING


A meeting of the ICC was held on Friday, January 13th, 2012 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Sixteen members participated.
 
Remote participants: Allan Burrage, David Bauldree, Dan Christophy, Dan Cromer, Wayne Hyde, Scott Owens, Mike Ryabin, John Wells, and Wendy Williams.
 
On-site participants: David Bauldree, Dennis Brown, Francis Ferguson, Steve Lasley, Chris Leopold, Santos Soler, and Alex York.
 

STREAMING AUDIO: available here


NOTES:

We began about 5 minutes late due to videoconferencing scheduling issues that Dean Delker quickly resolved. Agendas were distributed and the sign-up sheet was passed around.


Report from the chairman


Member news:

Wendy Williams had noted via e-mail that Jason Do has graduated and her new programmer at CALS is John Collins.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.


Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

End-user Scheduling (previous discussion)

Updates not available...

Movi (previous discussion)

As of last Friday, authentication has been changed to utilize Gatorlink credentials. Two minor changes are required on your Movi client:

  1. Your username will change to ufad\gatorlink username and your password will be your gatorlink password.

    Movi logon screen

  2. Click on the advanced link from the login screen and change the SIP Domain to video.ufl.edu

    Movi SIP Domain settings

Dan Cromer had noted that a number of folks were getting "OpenGL 1.1 failure" messages with Movi. Mike Ryabin had responded that upgrading the video drivers seemed to fix this for him and Dan found this reference.

Francis Ferguson asked Dan Cromer if there was any indication that IFAS would centrally fund a Polycom refresh for the many units across the state. Dan responded that the financial outlook seemed to imply that this would not happen. Any replacements of Polycom endpoints would likely remain up to the resources of each unit to provide. Dan also pointed out that people are waiting to see how well Lync is going to work many aspects of personal videoconferencing. We are also awaiting the replacement for Eluminate (Big Blue Button) to see how that might affect things.

Lync deployment (previous discussion)

Dan Cromer reported that the Lync server had been planned to go into production this weekend but had been moved back one week to the weekend following the twentieth. Federations will be set up at that time which will allow access to contacts at other universities and a number of outside IM services like MSN and AOL. Apparently Yahoo wanted a fee for federating with them, so that won't be done at least initially. Connecting with Jabber users here on campus will remain an issue; one part of that being that UF Jabber and Lync currently use the same domain names.

The server-side portion that supports connection from Lync mobile clients will also be enabled at this time. The clients have been available for several weeks, but connection will not be possible until Lync server goes into production next weekend.

Since OCS clients can talk to the Lync server, there won't need to be any preparation on the client side prior to moving folks over. Client upgrades can follow at leisure. Dan is going to work with James Oulman to determine exactly when people will be moved over to the Lync server from the OCS server.

Campus VoIP improvement to be implemented (previous discussion)

Dan Cromer had discussed with Joe Joyce the option of enabling vmail to email for all of IFAS rather than having to deal with the administrative overhead of soliciting exactly who should and should not get that. Joe thought that this would just be another "feature" that should be available to all. Individuals could opt-out after-the-fact if they strongly disliked getting those emails.

Allan Burrage pointed out shared lab phones could not get this feature because they were tied to what amounts to "service accounts" rather than an individual's Gatorlink. Enabling this for all phones tied to an actual Gatorlink username should be fine, however.

WAN (previous discussion)

Updates from James Moore

James stopped in very briefly, but it turned out that he had a conflicting meeting and had to leave right away.


Policy


SharePoint training by Dan Holme

Registration for these February 20th and 21st sessions is now available. Details were posted to the ACTIVEDIR-L previously by Erik Schmidt.

UF FAX server project (previous discussion)

Mike Ryabin had commented on the absence of an integrated FAX coversheet. According to Dan Cromer, that was a design decision of conscience intent related to PeopleSoft needs. Apparently the intended solution is to provide your own coversheet as the first attachment.

Dan Cromer asked if it would help to develop an IFAS faxing website. He didn't get much feedback on the idea. Steve thinks that it is likely easy enough as is, though Steve is basing that on the description of the process and has yet to try it out first-hand.

Mike Ryabin had been asked by their office manager if he could develop an on-line Travel Authorization Form similar to what Microbiology has done. Mike wondered if something like this was being planned at the IFAS level. Discussion made it clear that this was something Micro developed on its own.

Allan Burrage noted that he had developed some automation to help with processing P-Card transactions. CREC handles about 4000 of these a month and it used to take a staff member about a week each month to go into PeopleSoft and print out all the fax coversheets for each transaction. Allan purchased a UPC font which he "installed into an Excel file and a mail merge through Microsoft." Someone then enters all the transaction IDS, UFIDs for the P-Card holder, and total price into the spreadsheet and all the coversheets can then be printed all out at once. He has also been told that they can generate these as TIFF files and push them as files across the network.

Upcoming requirements for InCommon Silver (previous discussion)

There was some brief discussion on this. Chris Leopold said that the requirements were all pretty common sense items like eliminating older authentication protocols and the like. He sees no big issues in complying. The GPOs to enforce this have not yet been applied to IFAS, however.

FrontDoorSoftware laptop loss and recovery software available (previous discussion)

Chris Leopold said that he had installed this on his son's laptop. This software isn't incredibly robust and will not survive a reformat. Dan Cromer mentioned that Donna McCraw had created a "dummy" user with no password on her laptop thinking that a thief would at least open that up before reformatting. Doing that would activate the location software--a clever of idea.

Chris said that he also got a cheap "student edition" of Lojack that uses a BIOS hook (requiring compliant hardware) as a more robust solution. Technical details are available here, but basically, this software can survive a system wipe.

Implementing the Mobile Computing Security policy (previous discussion).

Dan Cromer reported that Joe Joyce had a discussion with Elias and they basically decided that the policy and standard would not be changed but that item 1.d. of the standard could be utilized as applicable to grant exceptions. That item says: "All portable storage devices must include built-in encryption. The only exceptions to this are for specific uses where no Restricted Data will be stored and encryption would interfere with the device's intended use." Joe Joyce's position was that (when restricted data is not involved) our business position will be that encryption is an administrative nightmare.

That leaves things in a rather uncomfortable position for IT staff that might be stuck in the middle on this; are we responsible or is the user responsible? Steve pointed out that it is much easier to fire an IT staff member than a faculty member who may have lost a laptop.

John Wells wanted clarification that this only covers mobile devices and Dan Cromer responded in the affirmative. Dan did want to caution that student information is often restricted. All our users need to be made aware of how FERPA applies as to what is and is not restricted data. Basically, the following items cannot be released w/o a student's consent:

  • Birth date
  • Religion
  • Citizenship
  • Disciplinary status
  • Ethnicity
  • Gender
  • GPA (grade point average)
  • Marital status
  • UFID or social security number
  • Grades/exam scores
  • Standardized test scores
  • Actual number of hours enrolled

Personally identifiable student information must be kept confidential. The above items are considered non-Directory information and therefore restricted. "Personally identifiable information is any information — directory and nondirectory information — easily traced to the student, and may include name, name of parents or family members, address, social security or UFID number, a list of personal characteristics or any other information that clearly distinguishes the student’s identity".

Most faculty are likely to have some of this in their email cache. To Steve, this means that we will have to assume all laptops may contain restricted data.

Chris Leopold believes that Microsoft's BitLocker is a superior solution as compared to PGP WDE. Steve has tried both on his laptop and agrees that BitLocker is much more seamless. Steve's only concern is that the recovery keys are stored in the computer object. Laptops are the mostly likely objects to become stale and hence be disabled in UFAD. IFAS has long wanted to develop a procedure for removing stale objects but we would need to make allowances to better protect computer objects of encrypted laptops from deletion should removal policies go into effect.

Alex York indicated that, in his previous position, he had rolled BitLocker right into his image deployment process. Chris asked if he stored the keys elsewhere as well and Alex indicated he had. One issue with BitLocker is things like flashing the BIOS or other minor hardware changes can force a need for the recovery key to be typed in. It is a rare occurrence, but can happen and loss of the key means the loss of all data.

Steve mentioned two drawbacks with PGP WDE. First of all, a user must enter his GL password right at startup. If they had changed their GL password then they had better remember their old one, because until the two are synchronized the former will be needed to unlock the laptop and the new one to logon. That is likely to trip up someone Steve feels. Also, adding multiple accounts which can unlock the laptop and allow it to boot is quite clumsy; it requires coordination between multiple individuals. Neither of these things is an issue with BitLocker.

Wake on LAN support coming to campus: (previous discussion)

Updates not available...

New Secunia site license (previous discussion)

Dennis Brown had been in contact with Joe Gasper who suggested that we get Wayne Hyde to provide read-only accounts so we could view our accumulated Secunia data. Wayne responded that the only issue was the time involved, but it would not be difficult to do should some OUadmin feel they needed that. In any case, it will be very easy to enumerate the objects that are excluded via group memberships.

KACE agent to be deployed throughout UF for computer inventory purposes (previous discussion)

There was discussion about how to handle exclusions prior to implementing the KACE deployment GPO. A security group will be created whose member machines will be excluded. OUAdmins can create their own security groups which Alex can nest within that. Steve mentioned that he named his group ". ifas-eyn-PreventKace" in case others wanted to follow that naming convention. The two main reasons to exclude machines would be in computer labs where machines are reimaged or frozen (as in DeepFreeze) or in the case of most VMs. For the former it is better to have the agent deployed by the local IT person.

Domain Policy and redirect duration (previous discussion)

Santos Soler expressed his opinion that this issue is buried in committee and will remain so indefinitely. Steve now regrets all the many man-hours spent on getting the current IMM passed. This is a prime example of how efforts by the ICC to affect IFAS IT Policy decisions have proved unworthy of the effort required.

CNS working to implement NAC for UF wireless (previous discussion)

Updates not available...

UF Exchange Project updates (previous discussion)

David Essex had raised a question about Outlook prompting continually for credentials. According to Allan Burrage and Chris Fooshee, setting the logon network security to "Kerberos Password Authentication" as shown below solved this for them.

Outlook authentication type

Chris Leopold asked if the cause/effect of this had been verified. Steve replied that, as far as he knew, the evidence is merely anecdotal at this point. Still, it is worth the try for those who are experiencing this issue. The real problem is that, while most of us have seen this issue, it is not reproducible on command and occurs at quite infrequent intervals. Perhaps only time will tell whether or not this is an actual cure or not. Chris Leopold speculated that these issues are caused by the server being unresponsive at a particular time for some reason or other.

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Updates not available...

Split DNS solution for UFAD problems (previous discussion)

Updates not available...


Projects


New web cluster (previous discussion)

Santos Soler reported that the infrastructure is now in place so he can begin work in earnest.

MPS/DC refresh (previous discussion)

Chris Leopold said that a few servers still remained. Bill Black still has one to deploy in his district. They are also sitting on about three servers that look like they may not be deployed to the locations originally intended due to county politics. These will be shifted to other locations, so that is not really a problem. They are 99% done, however, and Steve said he will remove this item from our agenda's standing "projects" section along with the "SQL cluster" item and soon the "infrastructure refresh" item.

New SQL cluster (previous discussion)

This project is complete and will be removed from our agendas.

New virtual infrastructure being implemented (previous discussion)

Redundant 10Gbps connections configured

Chris Leopold described the work he and Wayne have been doing over rather lengthy hours the last couple of weeks in order to get the machine room network configured for redundancy. They are finally to the point where the network can survive catastrophic switch failure and still retain connectivity without a major loss of services. By Monday morning we will have a redundant 10Gbps connection to Bldg 120 as well. The connection to CSE will be 10Gbps but for the next few months the connection to MEB will be 1Gbps until that site can handle the 10Gbps connection.

New storage structure will be easier to maintain

Wayne has been working diligently on the file server cluster. The cluster is three-node and Wayne has all the LUNs split out so each department has its own LUN. This will make it easier to expand quotas and disk sizes down-the-road. This can be done at the department level rather than the current situation where eight departments share a single LUN and one department can blow-up the quota for the other seven.

On the current cluster each node (if-srvc-file1 or if-srvc-file2) has three data shares. Doing a "net view" of a node gets you the share names, and then you have to do a "DIR" on each to explore the subfolders and find a particular storage folder. On the new cluster the node names are IF-SRVC-FILER1 and IF-SRVC-FILER2. Shares for units whose names begin with zero through I are on FILER1 and J through Z are on FILER2. You can just do a NET VIEW on the node and see all the shares directly. This makes it easier to see where your data is, which has been important in supporting Macintosh users who can't access shares via DFS names.

Dan Cromer pointed out that DFS is now finally supported with Mac OS X Lion. As long as the machine is joined to UFAD and the user is logged on with UFAD credentials then they can utilize "smb://ad.ufl.edu/ifas" paths to the file server.

Single instance storage to save considerable space

All of the existing file server storage has been pre-staged. One major improvement the new cluster will support is single instance storage (SIS). This is a feature of Windows Storage Server 2008 R2 that looks like it will save us around 6TB of storage space initially.

Slight hitch with DPM discovered late

Last night Wayne discovered that DPM backups do not support nested mounted volumes. Unfortunately, Wayne had done that in order to break out certain large subunits of a department such as the SWS GIS lab in order to allow for separate quotas. The workaround will be to create a separate DFS namespace target for their GIS lab.

Features of the Windows Storage Server product

Dennis asked how the SIS worked. Wayne explained that this is a feature specific to Windows Storage Server which Microsoft doesn't include in regular Windows Server product for some reason. A "groveler" service goes through the disk and identifies duplicate files. If those are over 16Kb in size, the service copies them to repository and then inserts links to point the various locations to that single copy. It has taken about two weeks to churn through all the files and realize the space savings inherent in this process. One thing to note is that SIS does not grovel for duplicate files across volumes. We would probably see a bit higher savings if we only had one huge data volume, but the drawbacks to going that route are immense.

Storage Server is supported by the hardware vendor rather than MS. In addition to SIS, this product also provides iSCSI targets along with one other minor feature.

Migration overview

We are almost ready for deployment. Wayne will begin migration with the IT department, the security tools, logs and a few small LUNs. After that has been proven to work well, Wayne will begin to move departments. Wayne mentioned that some or all of the "Previous Versions" of files will be lost in the migration. This should not be a huge issue as we still have tape backup if a restore proves necessary. Restoration granularity will be one week until the shadow copies get built back out again.

Please report increased space needs if anticipated

Wayne pointed out that now was the time to let him know if you need see the need for a greater file space allocation for your department. Steve, for example, had noted pent-up demand that has been awaiting the new SAN for relief.

Virtual cluster for other services

Migrating all the virtual services to the new virtual cluster will involve coordinating downtime with the folks who have services on our virtual cluster. Most of those are web services for specific departments.

Removal of WINS seriously being considered

Chris Leopold mentioned that they are getting very serious about removing WINS. If anyone has any NETBIOS/NETBEUI things for which they simply must have WINS they should speak up. Wayne noted that UFAD is advising removal of WINS because their database has many duplicate or corrupted entries and is just not reliable.

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM (previous discussion)

MDT 2010

Updates not available...

SCCM for IFAS

Updates not available...

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Re-enabling the Windows firewall (previous discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (previous discussion)

Updates not available...


Operations


Print server (previous discussion)

Problems with Pcounter running the CPU at 100% seem to have become more frequent recently. It was decided to move this server to the new virtual cluster during noontime today in order to make use of its superior processing capacity. They were still going to get with the vendor, however, to see what can be done about this.

Note: That went off w/o a hitch though it took a little while to transfer the 75GB of data that included scans from networked copiers.

Recording lectures for Distance Education (previous discussion)

Competing product from Cisco?

Cisco has released a lecture capture system called Cisco Lecture Vision. Steve noted that the clock is ticking on our current Accordent Capture Stations which are WinXP based. Now that Polycom has acquired the company support seems to have degraded considerably. Steve wonders if those becoming depending on lecture capture will have to consider a different vendor to continue that past WinXP "End of Support" which is currently in 815 days. The cost may be prohibitive in any case unless centralized funding/subsidies are made available just as was done originally.

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (previous discussion)

Updates not available...

Moving away from the IFAS VPN service (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Core Services status (previous discussion)

see the new virtual infrastructure section above...

ePO updates (previous discussion)

Updates not available...

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

Patching updates... (previous discussion)

Microsoft

There was an out-of-band patch for some .Net vulnerabilities over the holidays.

The January Microsoft patches included 7 bulletins (one "Critical" and six "Important") covering a number of vulnerabilities in various Microsoft Windows versions primarily.

McAfee provides podcasts on the highlights of each month's offerings and another podcast summary of these patches is provided by "Security Bulletins for the regular IT guy.

Adobe

Steve wanted to remind folks that Acrobat 8 reached end-of-support on November 3rd.

It was time for the quarterly updates as well. A Security Advisory for Adobe Reader and Acrobat was released on late last week that described the updates of this Tuesday.

Oracle

A new release of JRE version 6 came out since our last meeting. This latest update is JREv6r30 and although it was not a security update it apparently fixed a number of compatibility issues that has arisen with release 29.

MS Office News update (previous discussion)

Updates not available...

Job Matrix Update status (previous discussion)

Updates not available...

Remedy system status (previous discussion)


Other Topics

Recently reported issues with fileserver access

Chris Leopold explained that ITSA had received several reports, one being from Dr. Borum earlier this week, who said that she had been experiencing a horrific problem with connectivity on a particular machine that she simply had to get fixed. The problem seemed to be machine specific; she could connect as usual from other machines.

It appeared that her problem was not unique and that it has affected other locations as well. When it occurs the problem seemed to be isolated to Windows 7 machines only. Apparently she had been suffering with this for about two months prior to ITSA being made aware.

The cause of the issue was difficult to diagnose, but in researching they found out that the offline files service has an issue with DFS. They still aren't sure that this problem and that issue are definitely related, but disabling offline files did seem to fix Dr. Borum's issue.

As a solution across IFAS, IT/SA applied a GPO that will disable offline files on desktop computers, while leaving portables alone. This was implemented via WMI filters looking for the absence of SODIMMs. It is hoped that this will alleviate the problems.

Chris asked that we listen to our users and notify ITSA immediately if we receive any reports of network connectivity issues. Here are some examples of the error message one might receive for mapped and UNC access:

Access error dialog

Access error dialog

Access error dialog

Steve wants to point out that while the GPO disables Offline files for desktop computers, offline files are still active until the machine is rebooted:

Offline files remain active until a boot occurs

ITSA does not yet know what caused this issue to begin, apparently, just two months ago. One might assume that it was caused by some Microsoft update at the time, but that is yet to be determined.

Chris also wanted to know whether or not any units were using redirected folders to redirect desktops. Steve believed that he and Mark Ross (Plant Pathology from years back) were the only two units he knew that had been using redirected folders currently. Steve noted that they had worked together way back when we migrated to UFAD to set that up via GPO. Steve had chosen to redirect only "My Documents" but Mark had implemented this more universally. In any case, Chris strongly suggested that units not implement roaming profiles; the implementation is not very clean and can cause issues. If you do believe you have a business case for their use, please get with Chris to see if they can be of assistance.

Offline files can be disabled via the GUI on a machine that is experiencing the issue. Santos also shared the following script to do this remotely:

:: This batch file sets the Offline file to disable stops 
:: offline files waits 10 secs then checks to see if it 
:: was stopped then sets the registry to format/delete the 
:: database. It needs to be run as your ADMN account from 
:: the console / command line
@echo off

@if %1. == . goto noParameter

sc \\%1 config cscservice start= disabled
sc \\%1 stop cscservice
PING 1.1.1.1 -n 1 -w 10000 >NUL
@echo.
sc \\%1 query cscservice
@echo.
REG ADD "\\%1\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
          \NetCache" /v FormatDatabase /t REG_DWORD /d 1 /f
REG ADD “\\%1\HKLM\SYSTEM\CurrentControlSet\Services\Csc
          \Parameters” /v FormatDatabase /t REG_DWORD /d 1 /f
@echo.
echo Have the user restart the computer.
goto end

:noParameter
cls
@echo.
@echo You did not include one or more parameters
@echo.
@echo The command should be: disblofffiles computername
@echo.
@echo Example: disblofffiles if-it-santos
goto end

:end

Note: the two REG ADD commands above were wrapped here to layout purposes. They should be on one line rather than two as shown above.

OWA attachment downloads showing as .ashx files

Tom Barnash had queried the ICC-L about this issue. Chris Fooshee had responded with a fix that had worked for them. Apparently the fix involves un-checking the "Do not save encrypted files to disk" setting within the IE options.

WebDAV issue with Mac OS X Lion (previous discussion)

Updates not available...

SAS 9.3 installation cautions (previous discussion)

There are a number of ways to get a corrupted installation and recovery can be tedious. Steve wanted to point out the importance of removing all traces of a previous SAS version installation prior to attempting to install version 9.3. If you don't do that you can end up with a real mess. Here are some details on the issue from James Hardemon:

Installation of SAS 9.3 will corrupt a previous SAS 9.2 installation and there will be no easy way to go back to 9.2.

I have resolved this type of issue with SAS 9.1.3 and SAS 9.2 and now with SAS 9.3 by removing all copies and starting the installation from the beginning in the following way:

Prerequisites before you begin:

  • You must log onto the computer with the Local administrative account; not an account with administrative privileges. To be absolutely clear, use the username that was used to install the operating system. Do not connect to any services. You can (if you wish to) use an account with Administrative privileges. However, experience has proven more than once that SAS is very particular about privileges the account has been given. If you start off with the wrong account SAS will never install properly.
  • Make sure the operating system is completely patched and up-to-date. Especially, the .NET framework updates. The SAS installation procedure calls upon the Microsoft Installer utilities to perform several installation routes and if these utilities are not completely patched SAS 9.3 will fail to install.
  • Also, update the Java to the most current version.
  • When installing SAS, I recommend turning off the Virus Protection software to speed up the installation. However, this is not mandatory. But, if the computer is not connected to the internet then there should be little to no risk.

Once the machine is ready:

  • In Add & Remove Program or Program and Features (depending on the OS), start removing normally any SAS application. The SAS Runtime environment will not be able to be uninstalled. Do not worry if no other applications will uninstall.
  • Restart computer.
  • Go into “C:\Program Files” and “C:\program files (x86)” and delete the SAS directories found there. Your faculty should not have placed any of their data in these locations. However, you may want to double-check.
  • Make sure the search properties in Windows Explorer is set to show all hidden and system files.
  • In Windows 7; go to the c:\user folder and search for the SAS directory. It is found in the hidden folder “AppData” under any (and all) of the user profiles. Delete every folder found.
  • In Windows XP; go to the “c:\document and settings” folder and search for the SAS directory. It is found in the hidden folder “AppData” under any (and all) of the user profiles. Delete every folder found.
  • Restart the computer.
  • Reinstall SAS 9.3 with the locale administrator account.

This should do the job.


The meeting was adjourned about 10 minutes early at around 11:50 AM.