ICC logo IFAS logo

ICC Meeting:



A meeting of the ICC was held on Friday, March 11th, 2011 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Twenty-two members participated.
Remote participants: David Bauldree, Bill Black, Micah Bolen, Dan Christophy, Dan Cromer, Kevin Hill, Marvin Newman, Scott Owens, Joel Parlin, Jonathan Potts, Mike Ryabin, John Wells, and Wendy Williams.
On-site participants: Dennis Brown, Andrew Carey, Francis Ferguson, Wayne Hyde, Chris Leopold, James Moore, Nick Smith, Steve Lasley, and Santos Soler.

STREAMING AUDIO: available here


Agendas were distributed and the sign-up sheet was passed around.

Report from the chairman

Member news:

Steve had no membership changes to report.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

LifeSize videoconferencing endpoints

Steve mentioned having heard on the AV-1 list that Logitech owns a company called LifeSize that makes videoconferencing end points. He had heard that they were a less expensive option than Polycom or Tandberg and asked if anyone knew anything about them. Dan Cromer responded that IFAS has a LifeSize unit in Jefferson County and that Polycom has been lowering their prices in order to stay competitive.

Dan has their Passport unit in his office. It is about $2800 but hasn't worked as well as Dan would like.

Lync deployment (previous discussion)

Polycom is taking steps to integrate with Microsoft Lync. Patrick Pettus, John Pankow, Mark McCallister, and Dan Cromer were provided a presentation from Polycom recently about their plans for this integration. All of Polycom's endpoints are going to be directly compatible with Lync. This means our HD endpoints and future Polycom purchases should be able to interact with Lync once we migrate to that.

Dan mentioned that there is no separate Live Meeting component with Lync; rather, functionality has been integrated into a Lync feature called "Online Meeting". With the new integration, Polycom endpoints will be able to utilize that as well.

Dan also said that OSG now has a couple of Polycom telephone units which work with Lync and plan to get an HTX 6000 demo unit to work with that as well. The disadvantage of the HDX 6000 model is that it only has a single output; this means picture-in-picture must be used to see a video signal while showing content.

Luis Molina is presenting a demo of Lync to Tim Fitzpatrick on Monday and Dan has asked him to give us a demo as well whenever that might be scheduled.

Luis will be asking for volunteers for an expanded pilot of Lync and Dan hopes to get some ICCers, especially those at remote sites, involved. The only disadvantage to that is people upgrading to Lync will not be able to take part in Live Meeting. Dan has solved this for himself by SIP enabling his if-adml account so he can continue to use that with MOC while trying Lync via his regular account. Dan asked people to let him know if they are interested in joining the pilot.

Dan mentioned that outsiders can be invited to Online Meetings and connect via Internet Explorer or even Windows Live Messenger with nearly the same functionality as Lync itself. By June, other browsers are expected to be supported for use with Online Meeting as well. When meetings are set up they can be specified as "closed" (accessible via specific invite), "open" (anyone within our Federation), or "anonymous" (anyone with the link--for outside collaborators).

Steve noted that HSC has committed to a Cisco solution and CNS has been investigating going that route as well. Both systems do essentially the same thing, although the Polycom/Microsoft collaboration may provide a number of advantages in the future for integration with our videoconferencing systems. The main difference at the current time, however, would seem to be the cost. While CNS has already committed to Cisco Call Manager for VoIP, the addition of these other Cisco Unified Communications (UC) features is quite expensive (estimates around $800K). Since we already are deploying Lync and have the licensing in place, adding telephony integration to that would seem a much cheaper UC alternative. Although there seems to be some anti-Microsoft sentiment at HSC and within CNS, it is difficult to argue that Microsoft is not a major player in the UC space; Gartner's Magic Quadrant for Unified Communications has Microsoft in the lead for that category. We also have the expertise in Luis Molina to pull this off successfully.

Case Studies:

Technical Details:

Recording lectures for Distance Education (previous discussion)

There was no discussion on this topic this month.

WAN transition to CNS (previous discussion)

Updates from James Moore

James reported that they are continuing the CEO upgrades. The circuit upgrade at Belle Glade is expected to go live within 30-60 days. Immokalee's circuit upgrade had finally passed purchasing and James is developing an equipment list for that site. Circuit upgrades at Quincy, Milton, Jay and Vero Beach are on the horizon as well. Quincy is in need of a new phone system and James is getting them together with Net-Services and UF Telecom for a pricing estimate for going with the campus Call Manager.

James mentioned hearing rumors that charge backs may be going away and that phone charges may be paid for off the top. James says he has been reminding administration that remote IFAS sites should be included in such considerations. If that all proved true, then Quincy's decision might become very easy to make.

Chris Leopold asked how the phone system at Marianna had been working. James said that it has worked well, but they did have a circuit issue just yesterday.

Dennis Brown asked if Hastings still had a 56K connection. James responded that they are a T1 with 1.5Mbps symmetrical. Dennis also asked about Citra. James said that they have had a full LAN upgrade and are well connected now to campus via a 10/100 burst-able.

Steve asked if our circuit rates had remained fairly steady over time while our throughput has been increased. James said that this has not been the case; rather, our costs have gone up drastically. All of the IFAS sites, with the exception of Live Oak, Ona and Hastings, will be on Metro Ethernet shortly, but the cost has been considerable.


Upcoming Peer2Peer

It is one week until the next Peer 2 Peer event and details are now available.

Update from February ITPAC meeting

The minutes from the October meeting had been available for some time, but the meeting agenda was not made available until the morning of the meeting.

Dennis Brown reported that the main issue covered at ITPAC involved the apparent desire to lengthen the time redirects remain in place when web sites are consolidated. Dan Cromer said this is a policy issue, not a technical one, and has asked Soler Santos to halt the removal of redirects until a new policy is developed. A subcommittee chaired by Wendy Williams is looking into the issues.

Steve wanted to point out that he consolidated nearly four dozen sites over two years ago without notable incident. He feels that lengthening the redirect duration will just delay facing what is actually a non-issue in his mind; when the time comes to finally remove these (whatever duration is chosen) we will likely begin the debate yet again. Who bothers with URLs anymore anyway? People can just ask Google to find stuff; there is no need to sweat the redirects. Readdressing what had already been considered at great length seems a waste of time. If people are really this uptight about it, we might as well just keep redirects permanently and move on to other issues; at least that way we won't have to do this all again in a few years.

CNS wants to host DHCP/DNS solution for all campus (previous discussion)

CNS released a news bulletin on their upcoming BlueCat DNS and DHCP server offerings:

[NETMGRS] CNS NEWS: N0505--New BlueCat DNS and DHCP Server
Mon 2/28/2011 10:08 AM

CNS NEWS: New BlueCat DNS and DHCP Server

CNS Document ID: N0505
Published: 02/28/2011
New BlueCat DNS and DHCP Server

In March 2011, CNS Network Services will begin a migration of CNS DNS and DHCP services to Bluecat Networks' IP Address Management (IPAM) system. This Bluecat implementation will allow us to manage our IP Space and Name Space from a single, secure, Web interface. With the explosive growth in IP addresses and related services (DNS; DNSSEC, DHCP, IPv6), it is increasingly important for us to manage and coordinate our services and the software and hardware that support them.

A new feature of this address management system will allow us to offer you the advantages of a central DNS service while allowing you to customize and manage your zone according to your needs. If you are not currently using CNS DNS services, you may wish to consider that there are real advantages to using a centralized service that still allows you to manage your own area. For example, syntax errors are prevented by the Bluecat software and you no longer have software or hardware to maintain for this service.

We are planning a phased project implementation. For phase one, customers do not need to make any changes. The initial deployment will be internal to CNS as we plan to leave the current DNS/DHCP structure in place and to run the Bluecat implementation in parallel. For this phase we expect that customers will notice no difference in services or procedures.

If all goes well with phase one, the next phase of our project will begin later in March. At that time, we will publish another announcement detailing what is needed to migrate to the new services as well as an option for you to move your current DNS service to our central service.

Questions and/or comments can be sent to NS-SOFT-L@LISTS.UFL.EDU.

Your Comments are Welcome

UF Computing & Networking Services

An update was provided just yesterday:

[NETMGRS] Bluecat (DNS) Update
Thu 3/10/2011 9:11 AM

Implementation of the Bluecat system has progressed to the point where we are going to start moving the source of our primary zones from our current hidden master to the Bluecat hidden master. This will be done in a phased approach starting with lower-name.server.ufl.edu ( Once validation of the change is determined to be successful on lower-name we will move name.ufl.edu ( This process will continue with other servers in our current DNS service until all are moved.

What does that mean to you?

  • Zones that have been delegated and/or we provide secondary support for will see no change**.
  • If you are using our DNS service and assuming you have given your customers more than one nameserver in their DNS resolver. They might see a very slight delay in resolution while we restart a nameserver.

That's it. We expect this change to be transparent to the customers.

Soon, we will be posting another announcement containing details of changes needed to start using the new Bluecat service.

Please send any questions and/or comments to ns-soft-l@net-services.ufl.edu.
Problems should be reported using http://net-services.ufl.edu/problems.html.

** You may notice in your DNS logs that starting last night there are two new nameserver (ns1.name.ufl.edu - and ns2.name.ufl.edu - trying to initiate zone transfers. These are the zone transfer addresses of the new Bluecat nameservers. If you would, please make whatever changes are necessary to your nameserver to allow zone transfers from these two address. Please note that these addresses should not be used for DNS resolution.

If you have questions or concerns regarding this matter, please reply to this email as soon as possible.
Thank you,

Network Services
(352) 392-2061

Home page: http://net-services.ufl.edu

Chris Leopold mentioned that he would have liked to have known earlier that CNS was looking into BlueCat. He feels a bit uncomfortable learning of such things only after they are essentially in production. With the demise of the ITAC-NI, there seems to be little or no transparency regarding strategic planning at CNS Net-Services. That CNS group had traditionally been the most forthcoming among the various CNS services in the past.

Dennis Brown asked if/when IFAS might move to CNS's BlueCat offering. Chris Leopold responded that this will have to be examined in great depth. He believes this depends greatly on what UFAD does and how remote sites would be handled. We will continue on as before until the various issues can be studied thoroughly, but Chris realizes that IPAM is likely to become increasingly important for managing UF's IP space and ensuring security down-the-road.

Steve mentioned that, perhaps because he is no doing more remote management, he is discovering that name resolution (especially WINS) can be quite poor. He has taken to specifying the FQDN rather than the NetBIOS names when connecting via RDP for example (i.e., if-machinename.ad.ufl.edu rather than just if-machinename). Otherwise, he often ends up at a different machine than the one intended.

Steve raised the issue to OSG and Luis hadn't even realized they ran WINS; he did suggest looking into its need and potentially removing it down-the-road. Andrew Carey said that he was in favor of halting the publication of WINS on our DHCP scopes but wanted to discuss whether or not anyone had situations that required WINS. Santos Soler mentioned that Macintoshes use WINS to get to copiers running on embedded Linux; that was an issue he had seen previously that had prevented WINS removal.

Chris Leopold mentioned that WINS could be applied very granularly if the need arose, using it for certain scopes and not others or even applying it just to individual reservations as proved necessary.

UF Exchange Project updates (previous discussion)

Contacts issue with the Exchange 2010 migration

Andrew Carey said that GAL entries will overwrite matching contact entries via a synchronization process in Outlook 2010. This could cause great problems for people who use contact entries to shadow and enhance contact data from the GAL. That "feature" can be disabled via Group Policy, however, and this is something which Andrew suspects IFAS will have to implement--though it could be done granularly if desired.

Dennis Brown mentioned that he has a faculty member who has been trying to get email they deleted restored. Dennis has worked with Luis and it would appear that the only possible solution would be a restoration of the entire UF Exchange system from tape--essentially disaster recovery--something which they obviously would not want to do. Dennis noted that this situation will supposedly improve with Exchange 2010 as they will then have the capability of restoring individual mailboxes. Andrew said that he believes their plan is to use DPM to permit that in the future. Wayne Hyde pointed out that having the capability and being willing to do it for "mere mortals" is another (FTE) issue.

Centralized FAX service via Exchange (previous discussion)

Updates not available...

Sakai e-Learning System now in production (previous discussion)

Updates not available...

IT survey is coming (previous discussion)

Dan Cromer reported that this is still pending, but it was his understanding they are contracting with Dell to inventory things via the network. Francis Ferguson mentioned that this is going to be difficult in some counties that are unlikely to provide the necessary access.

Outsourcing of DE course development (previous discussion)

Steve asked Dan Cromer if he was aware of anyone within IFAS who has used this outsourcing. Dan responded that this would cost money and Ron Thomas will do it for free. If this is an on-book course you can also go to the CITT. Consequently, he wouldn't expect anyone within IFAS to go this route.

Alternate IFAS domains in e-mail

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Dennis Brown asked about the status of this program, saying he thought about it every time he ordered a new printer. Dan Cromer responded that this program will not directly affect desktop printers. Rather it is meant to change the way departmental copiers are purchased and used. UF would contact with an outside vendor to supply copy machines on a strictly per-page charge basis. Our only involvement might be assisting in defining these hosts to UFAD.

Steve mentioned that departments who had just shelled out for new copiers might not be too happy about having those swapped out immediately. Dan responded that this is one aspect that must be considered. It is just a plan so far and the ITNs are yet to go out.

myuf Market (previous discussion)

Steve wants to keep this on our agendas in case discussion seems warranted.

Split DNS solution for UFAD problems

Steve wants to keep this on the agenda for future reference.


New web cluster

Santos Soler reported that he is waiting on memory and space to be allocated. This will be run in our virtual environment, so getting rid of old servers that are not being used is a necessary first step in order to generate the space and free up the virtual resources.

MPS/DC refresh

Updates not available...

New SQL cluster

Updates not available...

New virtual infrastructure being planned and spec'ed out

Updates not available...

IFAS WebDAV implementation

There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on the agenda as a standing item.

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM

Free Windows 7 Deployment Training for UF IT Staff

Great news (for local folks at least)...

Message from Tarrie Van Horn to various lists:
"Free Windows 7 Deployment Training for UF IT Staff" Wed 3/2/2011 9:35 AM

With the arrival of Windows 7, Microsoft now offers a better deployment solution than previous versions. Still, Windows 7 can overwhelm even the most experienced network administrators.

Vice President and CIO Elias Eldayrie is pleased to announce that UF Information Technology will host a free, 3-day class by Microsoft Windows® Deployment Expert Rhonda Layfield for members of the UF IT community.

The “Deployment Done Right” class will be held April 20-22 in Smathers 1-A. The class meets each day from 8:00am to 5:00pm, with a one-hour lunch break.

All class fees and materials are free of charge to UF IT staff, but pre-registration is required.

In this 3-day class, Layfield will take you from booting a bare metal machine to deploying a complete custom installation of Windows 7 or migration from Windows XP. You will receive step-by-step guides to take back to your own environments that will help you avoid the most common--and very time consuming--mistakes.

About the Instructor:

Rhonda Layfield is an internationally in-demand instructor with 30 years’ of experience in IT. Layfield writes for Windows ITPro magazine and is a co-author of Mastering Windows Server 2003 Upgrade Edition for SP1 & R2 and Windows Server 2008 Networking Foundations from Sybex. Layfield is also a Setup and Deployment MVP and Desktop Deployment Product Specialist (DDPS).

Class Pre-Requisites:

Anyone registering for this course should have a basic understanding of networking and experience installing Microsoft operating systems. A working knowledge of a virtual environment (either HyperV or VMWare) would be helpful but is not required. The instructor will be using VMWare Workstation for all demonstrations.

Visit the UF IT Web site’s Training section to view the class outline or for more information.

Erik Schmidt had related seeing her speak at Tech Ed and other conferences, saying that she’s world class at what she does. Erik mentioned that she’s also married to Mark Minasi (who presented here a few years back) and has picked up a few of his tricks, so you can expect an interesting and lively presentation. Don't forget to register!

Windows 7 SP1 via WSUS

Wayne Hyde had reported an easy means of updating Windows 7 to SP1 using WSUS via GPO:

Message from Wayne Hyde to the ICC-L:
"[ICC-L] Windows 7 SP1 via WSUS" Wed 3/2/2011 8:47 AM

For those of you who wish to push SP1 to your Windows clients once Microsoft releases it to WSUS, I have created a new WSUS target group “7SP1” that will allow you to push the service pack to your clients. Once enough testing has been done across IFAS, SP1 will be approved for all clients.

You will need to modify your OU’s computer GPO (IF-OU Computer) GPO to add the new target group. See the WSUS discussion from http://icc.ifas.ufl.edu/ICCminutes/ICCmin3-12-10.htm#patching for details. If you aren’t comfortable modifying the GPO please contact me and I will assist you.

If you want to push SP1 to a few select computers you can create a new GPO with filtering or create a sub-OU with a linked GPO to limit the machines the update is installed on. The new GPO would only need the “Enable client-side targeting” setting and set so the GPO precedence is higher than your “IF-OU Computer” GPO.

The target group setting for a department on campus to push SP1 is:

  • Campus; IE8; 7SP1

(Yes, the IE8 setting would be superfluous for Win7 hosts)

Steve pointed out that there is no great hurry to push this out. You may want to peruse The Windows Servicing Guy blog for known issues and recommended checklist preparation before moving wholesale on this as there have been issues in some cases--as mentioned recently on the CCC list.

Kevin Hill mentioned that he has pushed that out for his OU without problems so far. He estimated there might be another 15% of his machines yet to take that.

UF SCCM Support Group

Steve mentioned that he doesn't have a server to play with so he is pretty much on the outside looking in--he is monitoring the SCCM-L list however and finding it interesting.

Nick Smith said that his is trying to work with SCCM a little each day. Currently he is having an issue with PXE boot that Andrew has been helping with. Everything else (except OSD) seems to be working well, however. He has pushed JRE updates to FHSN successfully, though there were a few errors. If you would like to use that in your OU, just let Nick know. He can create a collection for you and advertize it to your systems.

Steve is surprised that Nick has met this with success. Steve noted that he has been foiled in his attempts to patch JRE via PSExec. If a user has the browser open during patching the install ends with an error which actually requires removing the program directory prior to reinstalling.

Steve asked if Nick was using SCUP and Nick responded that this would require WSUS and would have to be coordinated with Wayne; having two WSUS servers might cause a problem.

Exit processes, NMB and permission removal (prior discussion)

Updates not available...

Re-enabling the Windows firewall (prior discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (prior discussion)

Updates not available...


New DHCP reservation site created

Santos Soler has created a new DHCP reservation site which you may use to request reservations. This form created a Remedy ticket, though Santos still has some minor issues with that aspect he is still working out. Steve mentioned having used it successfully twice in the last several days. Steve commented that it might be nice to add documentation links to assist new IT folks in learning the recommended conventions for hostnames and descriptions. It was noted that some details are already available on SharePoint which might be linked.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" email distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (prior discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (prior discussion)

Steve wants to keep this topic on our radar.

Moving away from the IFAS VPN service (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Wayne had mentioned that VMware View 4.6 was released a couple of weeks ago. Any upgrades of our VDI infrastructure will have to wait until between semesters, however, in order not to cause problems for our users.

Steve noted that there is now a VMWare View client for the iPad that looks pretty nice. Wayne responded that VMware View 4.5 requires a direct connection between the client and the VM you are talking to; you can get the new client to connect currently if you run a VPN first. Once the server-side is upgraded to 4.6 the connection should be possible using PCoIP, removing the need for a VPN connection.

Wayne's Power Tools (prior discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Chris Leopold recently updated the IFAS Policy Compliance Checker tool. A Microsoft’s decision to remove Windows Registry Reflection in Windows 7 and Windows Server 2008 R2 was causing some issues with previous code. This update led him to consider other enhancements and he currently has a new recent candidate which he announced to the ICC a couple of days ago:

Message from Chris Leopold to the ICC-L:
"[ICC-L] Please test release candidate code of IPCC" Wed 3/9/2011 11:06 AM


I have made some major “improvements” to the IFAS Policy Compliance Checker application. As an example, I recompiled the code to be a windows-based application instead of a console-based application. I would like to ask that you test the new code on several machines within your unit. Based on the number of positive responses, I’ll push the new code this weekend into production.

Thanks again for the helping hand

Christian R. Leopold, Systems Coordinator
UF/IFAS Information Technology - System Administration
Bldg 120 Rm 209, Gainesville FL 32611-0350

Changes that were made to the application:

  • Re-complied as window-based application.
    This will allow the application to launch with a long delay and *not* hold open the CMD window

  • All errors and/or informational output is logged in the system’s application log or popup text box.
    With a windows application there is “no console” to write output to. So, everything is now written to a popup text box or application event log.

  • Fixed a bug within the MinimumOSCheck method
    Really didn’t know what I was smoke’n when I wrote that method but whatever it was…it must have been good! :-}

  • Fixed the potential “Windows Registry Reflection” issues
    Application will now search the 32-bit and 64-bit registry views

  • All application parameters are now read from the .XML file
    sleepDelay and minOSVersionX values are in the configuration file now instead of being hard coded

  • Added a programmable startup delay to resolve the “Delayed-Start” service “false-positive” issues
    Currently set for 60 seconds and is adjustable via modification to the .XML file

  • Set various assembly information properties (See in-line image)
    IPCC properties

  • As previously announced added the following functionality:

    • Minimum OS Check (must be XP SP3)
    • Windows Update Service is installed and running
    • Background Intelligent Transfer Service is installed and Startup-type is*not* set to disabled

Testing Directions:

Open a Command Prompt:
    Click <Start>
    Click <Run>

In the “Open” box type “CMD” <- This will open the command line interface
    Click <OK>

From within the command line Interface type:

\\ad.ufl.edu\netlogon\ifas\ipcc-rc \\ad.ufl.edu\netlogon\ifas /s    <- non-interactive mode


\\ad.ufl.edu\netlogon\ifas\ipcc-rc \\ad.ufl.edu\netlogon\ifas    <- interactive mode

If your system is already in compliance, there won’t be much more than two events in the application log; “IFAS Policy Compliance Checker v1.2 (RC) Started Successfully” and “IFAS Policy Compliance Checker v1.2 (RC) Ended Successfully”.

If you really want to mix things up, make your system non-compliant by doing the following:

Change the startup-type for the Background Intelligent Transfer Service from “Automatic (Delayed Start)” to “Disabled”

disabling the BITS service

Make sure that you change it back once testing is completed

Chris Leopold provided a quick demo (listen at the 01:08 point in the streaming audio).

Chris asked folks to get with him if they have any other tests they would like added to the compliance checker tool. Wayne suggested that we might add a test to see if machines are updating their GPO settings--something that would check a GPO setting which we could modify periodically. His experience with WSUS has shown that we have a significant number of machines which are not processing GPOs properly.

Folder permissioning on the IFAS file server

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey has a good plan for dealing with this which he simply has had no time to address. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Core Services status (previous discussion)

Updates not available...

ePO updates

Updates not available...

Status of SharePoint services (prior discussion)

IFAS migrating to centralized MOSS

Santos Soler has been asking about this. The last he heard they had purchased some software to do the move, but it didn't work well. Now they are apparently looking at another piece of software. Chris Leopold mentioned that Ben Beach has provided Buck an administrative account so he can peruse our system.

Public folder file deletion policies and procedures status

Nothing further was available on this topic at this time.

Patching updates...


The March Microsoft patches included three bulletins (one "Critical" and two "Important") covering four vulnerabilities affecting various Windows versions as well as Groove 2007 SP2.

McAfee provides podcasts on the highlights of each month's offerings and another podcast summary of these patches is provided by "Security Bulletins for the regular IT guy".


Java SE 6 Update 24 was released about the middle of last month.

Dennis wondered why he wasn't getting more UFIRT notices considering he knows he has out-of-date JRE installations. It is believed that those notices are not based on machine scans, but rather exploit attempts were being flagged via network activity. Not all out-of-date installations stumble upon sites that try to take advantage--thank goodness.


Adobe Flash Player was released March 2nd. It had only been a short time since the last release ( and this latest version is apparently NOT a security release.

MS Office News update

Updates not available...

Job Matrix Update status

This is here as a standing topic--no discussion this month.

Remedy system status (previous discussion)

Updates not available...

Other Topics

The new Microsoft Campus Agreement

Dan Cromer has asked that this be posted on the web, but in the meantime, he has made a couple of items available at http://it.ifas.ufl.edu/misc/: a presentation and a summary. He wanted to note that VDI rights for UF Students are now included.

Site audit at Ft. Pierce includes IT section

Marvin Newman mentioned that Ft. Pierce has been audited by UF's Office of Audit and Compliance Review. During the discussion Dan Cromer provided Steve a copy of the associated IT Questions and References via e-mail. Once he saw the questions, Steve then recognized this as something which he had been provided as hardcopy from his departmental fiscal person. He noted that he had answered "yes" to all items and initialed each. Dennis Brown added that he had done the same. Steve had not received a copy of the Reference document, however.

While some seemed amused that Steve would blithely answer "yes" to all, Steve responded that there is really no other acceptable answer. It is not that these issues are being ignored. Steve is doing his best with each of these items already given available resources. If further refinement is necessary then he feels it incumbent upon administration to provide support for doing so.

RODC issues at remote sites

Chris Leopold mentioned that OSG has been having SYSVOL replication issues and currently there are eight sites that are not working (Baker, Belle Glade, Columbia, Dade, Lady Lake, Ona, Polk, and Putnum).

Kevin Hill said he is not very enamored with these new RODCs as they continue to have problems with extremely slow login scripts. Chris Leopold mentioned there were issues originally with users and computers getting properly associated with the local sites--but those issues should be mostly resolved by now. Kevin said that his resources were correctly populated, but the problems have persisted. Andrew Carey responded that he doesn't believe the RODCs are the culprit, however; he suspects that the problems are related to DNS and that they would still be happening even if a full DC had been deployed.

Chris said that ITSA will take this seriously and continue to look into the causes. Kevin mentioned he might utilize Wireshark to try and get a better handle on what is going on.

Steve suggested that Kevin might populate his users' machines with UNC shortcuts to network resources in the meantime; that could help people in getting to their shares more quickly. With XP Steve has always added a "Places" folder to the "All Users" start menu which contains UNC shortcuts to locations. He also puts a desktop shortcut to that folder to make it easily accessible. People can copy those to their QuickLaunch toolbar to provide even easier access.

UAC settings egregious for users?

Updates not available...

PDF-Xchange (prior discussion)

Updates not available...

The meeting was adjourned about five minutes early at around 11:55 AM.