|
|
ICC Meeting: |
IFAS COMPUTER COORDINATORS
|
|
Attending: Bill Paine, Kris Kirmse, Dan Cromer, Shawn Lander, Elwood Aust, Mark Robinson, Eric Olson, David Huelsman, Chris Easley, Iain Moffat Agenda items: * IAAC meeting frequency Decision: keep current time booked (second Tuesday, 3pm) since that's easier than trying to schedule ad-hoc. Chair will request agenda items prior to meeting, cancel day before if nothing to discuss. * OneDrive deployment. Iain - very close, working with webadmin to enhance user friendliness. Will start with soft launch, then publicized release. Optimistic that it'll be in April. * Anticipated EOL date for current Gatorlink webmail Iain - no sunset dates have been set yet. * Official business email address and email forwarding policy Discussion of the need for technical means to enforce policy if it's to be effective. * Kace vs. IBM Endpoint Management (IEM ) system. Elwood believes intent is to get IEM fully operational, then consider whether Kace, PGP, SCCM, McAfee, Secunia can be eliminated. |
Steve asked about getting some experience with this before our users are notified of availability. Dan responded that he will let us know when the soft launch occurs. He also mentioned that we can use a personal MS account to gain experience with this. You can access OneDrive either via the web or via an app (Windows, Macintosh, Android, and iOS). It sounds like you can only access a single account (e.g., personal vs. work) at a time; that is, it won't aggregate across accounts. Steve also wonders how OneDrive might handle offline usage and if this might be able to replace our personal files shares on the IFAS server, for example. Dan said that one nice feature is collaboration--including with outside individuals.
Cloud Services For Students Accessible Now – Faculty and Staff Options Available Soon
UFIT has published a UF Cloud Services web page that provides some information announcing that Faculty, Students, and Staff will be able to get a number of Microsoft cloud services soon.
Spring 2014 Peer2Peer workshop
The Spring 2014 Peer2Peer workshop will be held at the Law School, in 180 Holland Hall on April 16th. The agenda is available, but Wendy was able to add information on who would be speaking:
| Topic | Presenter/Group | |
| 8:00 | Setup | Mark / Richard Lowery Intro |
| 8:30 | Terminal 4 | Brandon Vega, Pate Cantrell, Mike Masemore |
| 8:45 | Document Management System / OneUF (Mobiquity) | Brandon Vega, Pate Cantrell, Mike Masemore |
| 9:00 | PrintSmart | Rob Luetjen, Lisa Deal, Xerox Rep, Eric Boomer, David Huelsman |
| 9:45 | Break | |
| 10:00 | UF Online | Brian Harfe, Jennifer Smith, TJ Summerford |
| 10:20 | SCCM | Andrew Carey/td> |
| 10:30 | Office 365 | Josh Davis |
| 10:50 | Break | |
| 11:00 | HPC - Research Computing Matching Program | Matt Gitzendanner |
| 11:15 | Security - Phishing Threats and Impact | Derrius Marlin / UFIT Security Team |
Notes from last month's SIAC meeting
Updates not available...
Last month's IT Directors Meeting Notes
Updates not available...
PrintSmart initiative (previous discussion)
Updates not available...
New IT Service Management Initiative
Dan Cromer had been contacted by Casey Whaley about scheduling a "IT Service Management Initiative" meeting with interested parties within IFAS during the coming week. Casey wanted to discuss the initiative and ask additional questions such as: who our customers are, what services we provide them, what we currently recognize as an incident, service, and a service request, estimated volume of how many requests we receive per month, methods of contact from customers, and what ticketing system we you currently using to track our IT support work?
Content Management System (CMS) for UF: Entering purchasing phase (previous discussion)
Updates not available...
Authentication Management policy draft (previous discussion)
Updates not available...
New 'Trouble-Ticket' Entry Page for CNS (previous discussion)
Updates not available...
KACE (previous discussion)
Updates not available...
CNS working to implement NAC for UF wireless (previous discussion)
Updates not available...
UF Exchange updates (previous discussion)
Updates not available...
Outsourcing of student e-mail
Updates not available...
Outlook asking for re-authentication
Updates not available...
Sakai e-Learning System now in production (previous discussion)
Updates not available...
Alternate IFAS domains in e-mail (previous discussion)
Updates not available...
Split DNS solution for UFAD problems (previous discussion)
Updates not available...
New web cluster (previous discussion)
Updates not available...
Windows 8 Deployment? (previous discussion)
Updates not available...
SCCM for IFAS
Steve mentioned having deployed Windows 8.1 to a machine via PXE boot from the SCCM configuration that DeWayne Hyatt has developed. There is a wizard that suggests a computer name (IF-OU-SERVICETAG) but allows you to modify that as desired; the machine ends up in your Workstation sub-OU. This seemed to work well and can be used to deploy either Windows 7 or 8.1 The process checks for RAM installed and puts on a 64-bit image if memory is greater or equal to 4GB; otherwise it deploys a 32-bit image.
DeWayne said he is working on getting Horticultural Sciences upgraded to the new agent in order to bring them onto the new SCCM system. DeWayne also mentioned that IFAS will host its own SCCM rather than join the UF SCCM organization; that should provide us more flexibility. One main consideration was to be able to add remote distribution points. DeWayne expects this to coincide with our next MPS hardware rollout. Currently they are upgrading the MPS host OS to 2012 R2 Core along with the virtual servers. Later, when they get the new hardware, it should be fairly simple to migrate the VMs to a host on the new hardware platform.
Steve asked about getting other OUs migrated to SCCM once Horticultural Sciences is done and any bugs worked out. DeWayne said that this would definitely be the next step for any departments wishing to volunteer. DeWayne is still working on security scopes along with various settings and collection creations so that OU admins can have access to their machines within the console and administer them.
DeWayne thinks that Configman's antivirus solution will be used in the interim until we get more clarification about what is coming with the IBM product. IBM's solution may prove more robust, we will just have to see how manageable that solution will be. In the meantime, DeWayne will be looking at how ePO is configured currently and try to match that configuration as much as possible within SCCM. This would include scheduled on-demand scans, but the exact details are still being worked out.
Exit processes, NMB and permission removal (previous discussion)
Updates not available...
Services Documentation: Is a Wiki the way? (previous discussion)
Updates not available...
Moving from McAfee VirusScan to Microsoft Endpoint Protection? (previous discussion)
Print server (previous discussion)
Updates not available...
Recording lectures for Distance Education (previous discussion)
Updates not available...
New DHCP reservation site created (previous discussion)
You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.
Restoration of back-ups on the file server
Wayne Hyde intends to document and announce proper usage as time permits.
Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)
Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.
Creating guest GatorLink accounts: singly or in bulk (previous discussion)
Steve had left this on the agenda in case further discussion was deemed warranted.
DirectAccess pilot (previous discussion)
Updates not available...
VDI desktops as admin workstations (previous discussion)
Updates not available...
Wayne's Power Tools (previous discussion)
Updates not available...
Computer compliance tool update (previous discussion)
Chris Leopold reported to the ICC-L last week that the http://itsa.ifas.ufl.edu/compliance/ IPCC web site is now functioning again.
Steve asked if Chris had ever considered a means to grandfather out orphaned objects, as some long gone machines are "stuck" in the out-of-compliance folder currently. He responded that he has considered options but thinks that a manual process makes the most sense. If anyone needs some items cleaned out, just shoot Chris an email.
Dennis Brown asked if Chris would add a check for MS AV. Chris responded that we can certainly do that down-the-road, but he is also thinking that SCCM might just make IPCC obsolete before too very long.
Folder permissioning on the IFAS file server (previous discussion)
You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.
Updates not available...
Disabling/deleting computer accounts based on computer password age (previous discussion)
This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps DeWayne Hyatt can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.
Since BitLocker stores its keys within the computer object in UFAD, Chris Leopold was considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.
Core Services status (previous discussion)
Updates not available...
ePO updates (previous discussion)
Updates not available...
Status of SharePoint services (previous discussion)
IFAS migrating to centralized MOSS
Updates not available...
Public folder file deletion policies and procedures status (previous discussion)
Updates not available...
MS Office News update (previous discussion)
Updates not available...
Job Matrix Update status (previous discussion)
Updates not available...
PeopleSoft IE Blues
Marvin Newman has run into an issue where one of his users cannot get PeopleSoft to work with IE. He has tried everything he can think of to no avail. Marvin was under the impression that this is a server-side issue, but Steve suspects that it has more to do with the individual client machine. After some discussion the consensus was that Marvin should have them use Firefox. Steve mentioned having had issues with IE on some machines--not just with PeopleSoft but with all sorts of sites. The symptom is generally that IE crashes frequently. Steve has never been particularly successful in fixing this when it occurs. A complete wipe and rebuild might do the trick, but Steve (and others) suggested that simply changing browsers is likely the easiest cure by far.
Windows XP networking kludges?
David Depatie asked via the ICC-L if some workaround might allow Windows XP boxes to retain some network access. He proposed a sort of XP DMZ but was not clear on the details for doing such a thing. Mike Ryabin was also interested in exploring the matter.
Chris Leopold made it obvious that he is strongly against leaving any Windows XP boxes on the network at all. He did offer to address situations on a case-by-case basis but would not be easily convinced.
Russell Hunter has one WinXP machine that gathers data which is then made available via the network. It would be very difficult to ferry things manually via USB. Upgrading often comes down to spending a lot of money which is not available. Others may have similar situations.
Steve also raised the issue of the Accordent Capture Stations. If some IPSEC configuration could allow these to talk to the Web and Media servers only (and perhaps one or two management machines as well) then this could potentially save $15K per appliance. This seems to Steve to be a reasonable thing to pursue but Chris didn't seem convinced that the unit savings would be worth the trouble it would cause him; Steve isn't clear on how difficult IPSec is to configure and maintain, but it does seem promising for this particular situation. Steve does know that he would not like unqualified individuals attempting this without some oversight from Chris. There is some question, of course, whether or not this would violate any UF policies, but the bang for the buck is undeniable.
Dennis Brown has a situation where USB shuttling of data is a concern. They have a Windows XP based imaging machine that uses Ethidium Bromide (http://en.wikipedia.org/wiki/Ethidium_bromide) which is a substance of potential danger to our DNA. If it were to get on the outside of the flash drive it would be dangerous to people not wearing protective gloves which is the norm in an office environment.
After the meeting, Chris sent a couple of spreadsheets with computer object information. One listed 2821 disabled computer objects and a second listed 362 non-expired XP computer objects. Chris made a plea for all OU admins to delete orphaned computer objects from UFAD.
Adobe licensing
Apparently a contract for a new Adobe Enterprise Term Licensing Agreement has been negotiated. From the Instructions to All Authorized IT Support Personnel it is not particularly clear how user licenses are tied to a user other than the installer (assuming that is done by IT support). Lab-based (per computer?) licensing is mentioned as another deployment option but is currently not available apparently.
ICC Elections in August (previous discussion)
Updates not available...
Getting rid of Windows XP
You all no doubt saw the following from Elias Eldayrie that Dan Cromer forwarded on to the IFAS-All-L:
|
On Tuesday, April 8, 2014, support and updates for Windows XP will end. It is extremely important to keep your computer and its contents protected—if you continue using Windows XP after support ends, your computer will become more vulnerable to security risks and viruses. Also as of April 8, any compromised device running Windows XP will be filtered from UF’s network. At the close of the Spring semester, all XP devices will be filtered from UF’s network. Faculty and staff with machines running Windows XP should consult their local desktop support team to identify a solution. |
The meeting was adjourned early at about 11:30 AM.
