ICC logo IFAS logo

ICC Meeting:



A meeting of the ICC was held on Friday, October 14th, 2011 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Eighteen members participated.
Remote participants: Bill Black, Allan Burrage, Dan Christophy, Dan Cromer, Chris Fooshee, Kamin Miller, Scott Owens, Mike Ryabin, and John Wells.
On-site participants: David Blackman, Dennis Brown, Francis Ferguson, Winnie Lante, Steve Lasley, Chris Leopold, James Moore, Wendy Williams, and Alex York.

STREAMING AUDIO: available here


Agendas were distributed and the sign-up sheet was passed around.

Special thanks to Francis Ferguson for providing doughnuts!

[During the meeting an oddity was noticed with the new sound system in Bldg 116. The audio from other sites seems to be suppressed when there is sound in the 116 conference room and local conversation prevents distance sites from being heard. This means that questions for distant sites should be followed by a pause in any conversation there. We will all have to try to keep that in mind.]

Report from the chairman

Member news:

We were pleased to welcome David Blackman to our meeting today. He is replacing Micah Bolen as half-time computer support at both AEC and Agronomy. David worked prior at UF with Electrical and Computer Engineering for 24 years. Steve welcomed David and took the time to introduce him to the local and remote attendees, offering to help him get acquainted with IFAS procedures and processes should he like; we all know there are a lot of details to learn when coming in fresh.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

End-user Scheduling (previous discussion)

Updates not available...

Movi (previous discussion)

Mike Ryabin had noticed that Movi is apparently unable to receive calls. After hearing this, Steve tried that and failed as well. Dan Cromer said that he was uncertain about that and would look into it.

With the old Polycom PVX on private IP, the PVX endpoint is registered with the bridge and assigned an H.232 extension (aka, Conference ID). As long as PVX is on it will receive a call to that seven digit number. Steve didn't see anything within the Movi setup that would allow it to function similarly.

Mike likes the superior video quality that Movi provides, but has found it to be somewhat unstable. Dan Cromer suggested making sure that folks are running the latest version, 4.2, which is available at \\ad.ufl.edu\IFAS\Software\Movi It is much more stable than 4.1. Dan also suggested tweaking the network settings. He has found that restricting the inbound to 1.0Mbps and outbound to 790Kbps helps when he's using the system from home on a Cox cable network.

Dan mentioned that the problem with PVX is that it is no longer supported, as discussed previously. Polycom has another product, Telepresence m100 which Dan has tried and does not feel is nearly as good as either PVX or Movi. The license for that runs $49 whereas Movi is about $100@ in blocks of 25. Dan said that we have about 10 licenses left in the second batch he purchased for IFAS.

Lync deployment (previous discussion)

Updates not available...

Campus VoIP improvement to be implemented

Dennis Brown mentioned that classroom support is using the new system now, where voicemail is forward to email. As far as Steve knows, CNS Telecom will be moving units over piecemeal and will contact each unit when the time comes.

WAN transition to CNS (previous discussion)

CNS/NS adds new person supporting (in part) the IFAS WAN

Dan Miller announced via the ICC-L that CNS/NS was welcoming back Harry Figueroa. A few years ago he had worked on the Wall-Plate project for Plant Rodgers in the CNS Field Station (Bldg 508), but now Harry will be located in what everyone still calls SSRB (which is now the Bryant Space Science Center). The plan is to work on ways to balance the IFAS WAN work between Harry and James Moore. Harry has been added to the ICC-L so he will see whatever comments might be posted there.

Updates from James Moore

James said that he will continue to coordinate the IFAS WAN. Harry was hired to the Network Services Core team, but will spend 50% of his time during his first 6 months on the WAN in order to familiarize himself with that segment. James is pleased because he has been wanting to perform some cross-training on the IFAS WAN with individuals who will be in the "on-call" rotation. This could help spread the WAN "on-call" load around a bit more.

James is still trying to finish up the CEO upgrades and is currently rolling out VoIP to about five RECs. He is upgrading the LAN and router at four RECs. The switches for Apopka and Quincy have already been ordered; those will be PoE to support VoIP. Homestead, Balm, and Ft. Pierce are already on Cisco LAN equipment, so it will be fairly easy to implement VoIP at those locations. Steve asked if those sites were going to be on the UF Call Manager. James responded that this was yet to be decided. James has been discussing Lync as an option as well. Basically, they will detail alternatives and let the RECs decide which route to take.

Chris Leopold asked if everything was going well with the VoIP roll-in at CREC in Lake Alfred. James believed that Allan Burrage had been happy with it and had recommended it to Joel Parlin. That is how they got the request to do VoIP for GCREC at Balm and Plant City.

James also mentioned working on a new circuit going in at Perry.

James will be sitting down with IFAS IT and District Support soon to set priorities for next year's $50k budget. UPS management is something James wants to get under control. He currently doesn't have a good inventory of what is out there and expects to spend on the order of $15,000 on new UPS equipment the coming year while developing a lifecycle replacement schedule for that piece.

The RECs have the ability to see port stats currently by logging into NMS, and District Support staff will be able to do that as well soon.


Mobile Computing Security Workshop

Avi Baumstein announced via the CCC-L that a Mobile Computing Security Workshop will be held on October 19th from 1:30-3:00pm in the Reitz Union room 282 to introduce IT staff to the new Mobile Computing and Storage Devices policy and standard:

Message from Avi Baumstein to the CCC-L:
"Mobile Computing Security Workshop" Wed, 5 Oct 2011 16:59:51 -0400

The Office of Information Security and Compliance will host a workshop on October 19th, 2011 from 1:30-3:00pm in the Reitz Union room 282.

This workshop will introduce IT staff to the new Mobile Computing and Storage Devices policy and standard, and ways in which units can comply. UF has purchased PGP Whole Disk Encryption software, and the workshop will cover license distribution and the installation, use and management of this software. ISC is also planning several trade-in events at which faculty and staff can exchange old, insecure USB drives for encrypted models. Details of this program will be discussed as well.

This workshop is recommended for all unit ISMs and IT staff that support users and their mobile computing and storage devices.

Dan Cromer related that the organizers do not want to provide remote access to this. Dan keeps fighting against the concept that allowing streaming for an event will decrease local attendance. The other aspect that gets in the way of streaming/recording is that some presenters are from outside commercial organizations who want to control access to any of their "intellectual property" which they might be relaying.

This particular workshop will be recorded, however, for later playback.

There was some discussion on how best to proceed with whole-disk encryption, with Chris Leopold being in favor of bit-locker as a solution. Everyone agreed that we need to wait until after the workshop to have a good idea of which way to go with this as the details of what is expected are still a bit fuzzy.

ITSA Day 2011:

ITSA Day 2011 event was held Wednesday in the Reitz Union Grand Ballroom. Videos of the presentation are available now on the ITSA website. Steve asked if anyone attended and Dennis Brown indicated that he was not able to because of other duties. Wendy Williams did attend the IT Track but was pleased to hear that recordings are now available of that and the General Awareness Track as well.

Fall 2011 Peer2Peer:

It also was announced last week that the Fall 2011 Peer 2 Peer event will be held Monday, October 31st in Smathers 1A. Dan Cromer has kindly requested remote participation but we will have to see if that can be accommodated. The agenda includes presentations on VoiceThread and lynda.com, SCCM, Lync, and others--including a presentation on SCCM Asset Intelligence by our own Alex York! Dan Cromer believed that streaming would be available for this.

Wake on LAN support coming to campus:

Dan Miller had reported that the campus router infrastructure should soon support Wake-on-LAN. This could be great news for the green initiative of shutting down computers afterhours while still supporting patching schedules and other remote administrative needs.

Message from Dan Miller to the CCC-L:
"wake on LAN needs and options" Thu 9/29/2011 10:57 AM


Cisco now has wake on LAN support ready for all but the oldest campus Wall-Plate switches. CNS is investigating how this option could be extended across campus. Units may wish to delay any planned purchases of third party WOL solutions if they can wait awhile for our answer.

If you are planning or wish to deploy WOL, please let me know directly so I may better gauge the need.

Dan Miller
UF CNS Core Network Manager

Steve mentioned that he has been using EMCO's Free Wake-on-LAN Tool to help with remote management within his own subnet. Once the BIOS is configured to enable WOL he has found this quite useful.

Misc topics for notification from recent Shared Infrastructure Advisory Committee (SIAC) meeting:

Dan Cromer shared a number of interesting points from a recent SIAC meeting. This is good of Dan because the committee website seems to remain a couple of months behind with its reports.

Message from Dan Cromer:
"[ICC-L] Notes from Shared Infrastructure Advisory Committee (SIAC)" Wed 9/28/2011 12:59 PM


The UF Shared Infrastructure Advisory Committee (part of IT governance) met yesterday. One item on the agenda was the proposal for central SCCM. I've posted on the ICC SharePoint site http://my.ifas.ufl.edu/sites/services/it/icc/Shared%20Documents/Forms/AllItems.aspx. Agenda follows, [with a few of my comments added]:


3:00 to 4:00 09/27/2011 CSE 507

  1. Chairman's Notes - from August 23, 2011 -- All
  2. Work In Progress - Quick Updates -- Tim
    • VDI [Elwood Aust and OA are evaluating]
    • Drop Box [awaiting domain name, possibly file-express.ufl.edu]
    • Fax Server [hope to be in pilot production soon, with CLAS first department. I've asked that IFAS be in the queue]
    • Central SCCM
  3. UF Exchange - Staff Turnover -- Iain Moffat
    • Staffing Plan [Luis Molina hired by Microsoft, should have Exchange 2012 and Lync completed before leaving, new primary and junior Exchange people will be hired, along with replacement for Erik Schmidt.]
    • Workload Impact
    • E-mail Outsourcing Project [possible comparison with Office 365 and Google to be shown to student government.]
  4. New Initiatives - Priorities -- Tim
    • VoIP Rates [$11/month phone cost may drop to $9/month]
    • Gig-to-the-Desktop [would cost approximately $200K/year to upgrade]
  5. Group Discussion Items -- All
  6. Next Meeting - the 4th Tuesday from 3:00pm to 4:00pm - October 25 at CSE 507

Additional Information:


Dan Cromer mentioned there had been a couple of other meetings since the SIAC meeting, including the Infrastructure Applications Advisory Committee (IAAC) meeting Wednesday and then the IT Directors meeting yesterday. Dan provided some updates from all those.

Fax server in pilot

The fax server system is in pilot production currently. There have been a few glitches; currently it can fax PDFs. It works via composing an email message to a fax number in a certain format with attachment(s); the subject and contents are ignored and the attachments are faxed. Unfortunately, the project has been headed by Chris Easley and Chris just went on family leave for three months. That might delay progress for a while, but at least the out-bound portion is working currently. Dan said that IFAS has about six people involved with testing in this pilot.


The Dropbox service is close to rollout, perhaps within a week or two. They have selected a domain name of file-express.ufl.edu for use by this service. Shawn Lander is the person who wrote this application for Engineering and he is setting this up for all UF. This will be a universal file sharing location where individuals can drop files too large to be sent as attachments in emails. This is a web-based application that should require little if any training to use.

SharePoint and My Sites

About 350 individuals within IFAS are using a feature of SharePoint called My Sites. This feature was basically unadvertised but discovered by individuals for themselves via the "My Site" link at the top of our SharePoint implementation. Support for that feature was not within the original scope of the UF SharePoint project. Dan Cromer tried to get them to agree to handle this for IFAS but was turned down.

IFAS must thus decide to continue supporting My Sites separately or to drop that with our migration to UF SharePoint. Chris Leopold would like to see the full SharePoint feature set supported by the centralized SharePoint service. He believes it could be manageable with proper quotas enabled; but that apparently will not happen without some major governance action that seems unlikely in the short term. Given those circumstance, Chris then suggested that we reduce our functionality to conform to what UF provides centrally and drop My Sites.

Allan Burrage said that they had gone through something similar with unified messaging (voice mail going to email) when they moved to UF-provided VoIP. CREC had this feature all along, but when UF took over they did not support this and refused to give it to CREC until it could be offered to everyone. That is now being rolled out and CREC is finally back where it was. Something like this may need to happen with My Sites and SharePoint.

ITN for Rationalization Assessment

Dan mentioned that there was discussion at the last IT Directors meeting about and Invitation to Negotiate (ITN) for centralization of services, which they are now calling "Rationalization Assessment" [RatAss?]. This will not just affect IT but is being planned for other environments as well.

Wendy said that Elias Eldayrie spoke of IT Rationalization Assessment, making it clear that it is not the centralization of IT per se, but would involve the centralization of some services. They are hiring a consultant to do this assessment which will include HR and Procurement in addition to IT. Wendy had heard that Accounting and Finance people would also be included.

New Secunia site license (previous discussion)

Wendy Williams relayed from the ITSA presentation that the UF Computing Help Desk is now assisting folks with installing Secunia Personal Software Inspector (PSI) on personally-owned laptops. Wendy said that this is the same package that individuals can download for themselves from Secunia but they were using this opportunity to provide training as well. Steve was surprised because he thought he remembered Joe Gasper mentioning that there would be a separate UF statistics area in the cloud for this application and Steve had assumed this meant a custom install.

[Note: this software is now available for download from http://software.ufl.edu/secunia/. According to Derrius Marlin at his last ITSA talk, this version is indeed linked into UF reporting.]

OU Admins need access to current inventory data

Steve used this topic to raise the point that OU Admins currently don't have access to any current inventory data unless they have rolled something in-house like Dennis Brown has done. Steve feels that if ITSA wants to discourage units from rolling their own solutions that they need to be more proactive in addressing this need. Steve added that he didn't really care if the data came from LANsweeper, Secunia, or Dell Kace, as long as he had access to it. Kace sounds like a fantastic system, but the only thing which is being offered to units (according to Wendy Williams) are static printed reports on request; that is of very little use. Access to Secunia data would require coordination with ITSA if Steve is reading the UF IT wiki correctly, but nothing has moved on that front as far as he has heard. With Wayne's Power Tools pointing to old LANsweeper data currently, we have a whole lot of nothing. Steve doesn't really feel comfortable with those above him having better access to his inventory data than he does.

[Wayne Hyde reported the following Tuesday that Matt Wilson had worked diligently the day before and that much of the new LANsweeper data is now available again. Thanks to them both!]

Chris Leopold said that what he really desires is to get a programmer who can roll these types of tools. There is great potential, but current staffing limitations lead to situations such as we are experiencing now, unfortunately. Wendy and others agreed, however, that just getting what we have (WPT and LANsweeper) providing current data should be the highest priority, as that data is very important and useful to OU Admins.

KACE agent to be deployed throughout UF for computer inventory purposes

Yesterday, Dan Cromer posted the following message to the ICC-L:

Message from Dan Cromer:
"[ICC-L] FW: UFIT Inventory Scan / KACE Project" Thu 10/13/2011 2:12 PM

I’d like to support the UF CIO by joining the KACE program in IFAS; . A small program is installed on computers to respond to queries from the master server about hardware and software inventory. It doesn’t collect any personal information on the computer, but would provide information about the scope of IT across UF. IFAS would have access to reports about our inventory. This requires no action by the local user, and implementation would be transparent.

Nobody seemed all that concerned with having yet another agent installed on our computers, if only because (1) it seems to be very lightweight and (2) central administration would like mandate this anyway. Thus we might as well oblige. The fact that we will not get any real-time access to the information gathered, however, makes it rather less important to us individually.

Wendy said that the priority with Kace is inventory at the UF level. She suspected, once this was accomplished and working, that we might have future success in getting better access to the information the Kace tools could provide.

Steve (with Wayne Hyde's assistance behind the scenes) demonstrated a way to enable installation of the agent via GPO while providing control that could exclude certain machines from that policy as necessary. It seemed to Steve that such control would be desirable, for example with virtual machines and certain other instances.

Wendy asked if rollout was going to be handled centrally for IFAS or not. Discussion ensued and it appeared nobody was against doing that as long as a means for excluding machines via security groups was implemented as well. Dan seemed to want to bring this as an ICC recommendation to ITPAC, though Steve isn't really sure such formality would be needed.

There was further discussion about which machines this agent was appropriate for. Steve had assumed this was just wanted on UF-owned boxes and Bill Black pointed out that (perhaps) the majority of his machines were county owned, though still on UFAD. Dan Cromer believed there was no problem gathering data from all machines used by IFAS employees--regardless of who the owner was. His belief was that the more information we could gather the better. If that is the case, then such details as ownership might not be a big deal.

Mike Ryabin noted that a good number of his machines are joined to the domain but kept off-network for much of the time and would be difficult to assess via these inventory tools for that reason. It is true that any method used won't be perfect and account for everything.

Domain policy and redirect duration (previous discussion)

Updates not available...

CNS working to implement NAC for UF wireless (previous discussion)

Updates not available...

Lync updates (previous discussion)

John Wells mentioned that he and some of his users seemed to have lost their Contacts with MOC. Steve then mentioned that he had not experienced this but was curious as to why his MOC was continuously showing Address Book synchronization errors. Dan kindly responded...

Message from Dan Cromer:
"Re: [ICC-L] OCS Contacts" Tue 9/27/2011 2:08 PM


The one-time occurrence when a large amount of users were accidentally removed from the SIP-enabled group (by a host receiving the list to run the script from a server host that went through a reboot while it was transferring the list) and lost their OCS account caused those who had been temporarily removed from OCS for several hours to be removed from contact lists of all who had them. When the accounts were restored after the error was discovered, those who had been removed had no contacts at all. I’m unaware of any further problems in that area, and Luis Molina told me he, too, knew nothing further about it. The script for adding and removing SIP accounts that removed OCS users had been modified so as not to delete any accounts. If there are further incidents where contacts are removed, we need specifics about when it was there and when it was lost for diagnostics.

The issue of synchronization is different. In Outlook 2010 you should be able to go to File -> Account Settings -> Download address book to get a current copy. Restarting OCS should then eliminate the red exclamation point on the task bar OCS icon. I don’t know the process for Outlook 2007 or earlier, but I suggest that it’s time to update to 2010. We will soon need to upgrade from OCS to Lync, and there may be features for Lync in 2010 not available in 2007 or earlier.


Steve tried to ask John if this had been resolved, but he had apparently been called away. Both Wendy Williams and Allan Burrage noted contact losses, but said it was due to the one-time issue that Dan Cromer had relayed and had not recurred.

Allan said that CREC had a number of synchronization issues arise with the Exchange 2010 implementation. He had been in frequent contact with Luis Molina on those issues and Luis had worked on that for some time. Allan said that Luis stopped corresponding on the matter before it was resolved, but then the issues went away and Allan never heard the details of the cause/resolution. Steve said he wished Luis could have been more proactive in informing IT people about on-going issues along with providing follow-up on the solutions provided.

UF Exchange Project updates (previous discussion)

James Oulman reported that the last trace of the Barracuda system has been removed:

Message from James Oulman via Network-Managers problem and change notification:
"[NETMGRS] _quarantine_.mail.ufl.edu name to be decommissioned" 10/11/2011

In July CNS-OSG changed the default Proofpoint quarantine URL from quarantine.mail.ufl.edu to spam.mail.ufl.edu. The quarantine URL remained as a redirect to accommodate “UF Spam Quarantine” notices sent prior to the name change. We believe that the quarantine.mail.ufl.edu URL should no longer be needed and are planning to decommission it on Tuesday, October 11th.

Please contact us at OPEN-SYSTEMS-L@LISTS.UFL.EDU with any questions or concerns regarding this work.

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Wendy Williams reported discussions from the last IT Directors meeting. Lisa Deal is pushing this vigorously, apparently and wants to hear all feedback--both good and bad. The goal is to get 80% involvement with this program; they don't expect complete coverage. They are trying to replace the larger MFPs housed within units across campus with uniform equipment. They are not targeting desktop machines; they are hoping, however, to demonstrate the cost savings possible in doing away with those as well.

The idea is that units would not be buying toner and maintenance or leasing the equipment. Rather they would only pay for the paper along with a cost per page. They want to centralize departmental billing so that any savings realized would remain with the department. Wendy indicated that Pro Buyers won the ITN.

Wendy said that there has been a lot of push-back and she didn't get the impression that they were anywhere near implementing this yet. The plan is apparently to provide reports to each unit detailing estimates of potential cost savings. This is not going to be mandated, apparently; rather they hope to persuade a good number of units that this solution is better than what they have in place currently.

Split DNS solution for UFAD problems

Steve wants to keep this on the agenda for future reference.


New web cluster

Updates not available...

MPS/DC refresh

Steve asked Chris Leopold now this project was progressing. Chris responded that there were roughly 4-5 that had to be deployed to CEOs in John Wells's NW District; those had been held up due to needed LAN infrastructure work. Chris estimated that we are ~90% migrated for the MPS machines already in place. They are also working with CREC on their rather complex migration. TREC is yet to migrate as well.

Chris mentioned that Alex York is getting up to speed quickly and has been a great help on this. Alex has taken the lead on some PowerShell scripting needed to help these projects along. Steve noted that he had just gotten through Don Jones's excellent book "PowerShell in a Month of Lunches" which is available on-line free through Safari via the Alachua County Library District. Steve didn't understand it all, but finally does get the big picture of what PowerShell can accomplish and how important it is becoming for Windows administration--highly recommended.

New SQL cluster

Updates not available...

New virtual infrastructure being implemented

Chris reported on the hardware refresh cycle of their virtual infrastructure. As reported earlier, we are going with EMC's VNX 5300 SANs, both of which are in production already. We have also purchased 10 Dell R710s with 192GB RAM each. The new VDI will consist of five of those 710s with its own VNX SAN supporting somewhere in the neighborhood of 200 virtual desktops. That will support the needs of Soil Science, CALS, Food Science, and maybe a small subset for the ICC as management stations.

There will be another 5 x 710 cluster with VNX SAN for our virtual server infrastructure (VSI). This will support a little over 250 servers as we are getting away from physical servers as much as possible in order to realize the cost and time savings that offers.

All this is going to be connected via a new 10Gbps network based on two Cisco Nexus 5548 switches. These switches, which are the critical path for all this new hotness, have taken a good deal of effort, negotiation, and patience to obtain. They arrived recently, but one of them was unfortunately DOA and they are still negotiating its replacement. With the single switch, however, they have managed to get a "mostly functioning" environment for the VDI and VSI right now but consisting of only four nodes each. They have rolled out a test server within this for Dr. Borum in FSHN, who is very anxious to get this going. Things are running in a non-redundant test mode until a second switch arrives in working condition.

Chris said that they are very pleased with the extraordinary performance they are seeing within the testing environment, however, (like 600GBps transfers!) and are very pleased with the prospects for this new system. The new VDI and VSI clusters each hold about 1TB of RAM which is more than five times that of the old system. Chris is hoping this all will be out of test and ready for production in a month or so.

Chris is also working with Dell who may be willing to provide seed funds for a Hyper-V clustered environment. Chris envisions this having direct attached storage, perhaps an MD3200, attached to two 710s or some such. Such a configuration could be deployed, for example, at our larger RECs where they need more redundancy than our current stand-alone implementations support.

IFAS WebDAV implementation

There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on the agenda as a standing item.

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM

MDT 2010

Updates not available...


Video is available from the September SCCM Meeting.

Exit processes, NMB and permission removal (prior discussion)

Updates not available...

Re-enabling the Windows firewall (prior discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (prior discussion)

Updates not available...


Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Updates not available...

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (prior discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (prior discussion)

Updates not available...

Moving away from the IFAS VPN service (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (prior discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Core Services status (previous discussion)

see the new virtual infrastructure section above...

ePO updates

Updates not available...

Status of SharePoint services (prior discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status

Updates not available...

Patching updates...

Jim Hranicky posted a nice link to the Net-Managers list concerning how Windows gets infected with malware. Unpatched third-party software was said to be the main culprit.

Microsoft released the latest volume (11) of its Security Intelligence Report (SIR) covering January to June 2011. This report gives a somewhat different picture, finding that only about six percent of detections were attributed to exploits. More than one-third of the malware detections analyzed were attributed to malicious software that misused the AutoRun feature in Windows.


The October Microsoft patches included eight bulletins (two "Critical" and six "Important") covering twenty-three vulnerabilities in Windows, Internet Explorer, Silverlight, and Microsoft .NET framework.

McAfee provides podcasts on the highlights of each month's offerings and another podcast summary of these patches is provided by "Security Bulletins for the regular IT guy".

There is a known issue with MS11-081 involving some drop-down lists and combo boxes not appearing in Internet Explorer 7 after installation.


Yet another security update for Flash Player was released on September 21st.

Acrobat 8 is reaching end-of-support shortly. The Acrobat product provides five years of support and version 8.

Steve knows everyone will be thrilled at Adobe's announcement last week of Flash 11 and AIR 3 [not]. Not sure 3D is all that important strategically; it would just be nice if they improved their patch processes.


Firefox and Thunderbird 7.0 are now out and the critical security patches have already begun.

MS Office News update

Steve mentioned that he had not seen this, but there have been reports that links in Excel are broken and an error is thrown on file save after applying last month's security update MS11-072.

That same patch is apparently causing problems with charts as well.

Steve also noted that Microsoft Office 2007 Service Pack 3 has been announced and should be available later this year.

Job Matrix Update status

Chris Leopold said he would make a note to get this matrix updated. It currently still has Andrew Carey listed rather than Alex York, for example; but it is also out-of-date in other ways as well.

Remedy system status (previous discussion)

Other Topics

Trouble reported with SAS 9.3 installs

Mitch Thompson has reported difficulties trying to install the new SAS 9.3 on two Windows 7 32bit machines, both as if-adml-x and as the local admin. The symptom seen was that the installation just sat at the Install Wizard for 10 minutes then just closed itself out. He tried running in compatibility mode for windows XP with the same results. He did note that the SID file is on the media itself now.

Russell Hunter responded that he had installed it successfully on both 32 and 64 bit platforms, but that any traces of an old installation had to first be removed completely. That includes uninstalling old versions and deleting all instances of the SAS application folder within any local profiles, other SAS folders and SAS related registry entries. The need for the registry cleanup was likely due to a previous network install.

Unfortunately, none of that helped Mitch, who is still having problems. On-line installation instructions from the SAS knowledgebase don't seem to indicate any such known issues, but instructions from UT indicate the need to create a local "depot" prior to installation and that there is no need to remove previous versions. [Note mention of setting aside four hours for this installation!]

Steve tried to create 32 and 64 bit "depots" on the IFAS file server (see SAS Deployment Wizard and SAS Deployment Manager 9.3: User's Guide) but those attempts all failed. After contacting James Hardemon, Steve learned that the media originally distributed cannot create an installation point; he is awaiting fresh media to continue with the plan. Steve did test installation of 9.3 straight from the supplied discs, however, and it worked fine. He used a Win7x64 test machine and installed x64 SAS, uninstalled it and then installed x86 SAS as a test. Steve noted that the multiple discs swaps (back and forth that is) with the previous version are gone. Also, installation via the if-adml account worked where it hadn't in the previous version for some reason.

Limited Opt-Out Period for Adult Entertainment Domain Names

This issue apparently is being addressed by IFAS for their "SolutionsForYourLife" trademark. Other department administrators were being asked to consider any trademark domains they might have which might be worth the $200 potential protection. The deadline is rapidly approaching. Steve wonders if IFAS ought not to buy the "IFAS.XXX" and/or UF the "UFL.XXX" domain and sit on it, if there is a real concern.

Windows 8 Server news

Steve noted having seen a very interesting article "What's Coming in Server 8" from Mark Minasi's recent newsletter.

Departmental servers within IFAS (previous discussion)

Updates not available...

2012 Prudential Davis Productivity Awards Call for Nominations (previous discussion)

Unfortunately, we missed the submission deadline and failed to nominate the much deserving IT Server Administrators group. It would be good to keep this in mind for next year. The UFIT awards seem to be geared for central UFIT groups only as the evaluation involves 10 points for UF-wide impact.

Browser update

Updates not available...

usage of the UF IT Alerts Dashboard page by IFAS

Updates not available...

RODC issues at remote sites (prior discussion)

Updates not available...

UAC settings egregious for users?

Updates not available...

PDF-Xchange (prior discussion)

No updates available...

Steve noted that the plan is to skip next month's meeting, since our usual date lands on a holiday. We expect to meet next, December 9th.

The meeting was adjourned a bit early at about 11:50 AM.