ICC logo IFAS logo

ICC Meeting:



A meeting of the ICC was held on Friday, April 12th, 2013 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Sixteen members participated.
Remote participants: Tom Barnash, Bill Black, Marvin Newman, Joel Parlin, Javier Real, John Wells, and Wendy Williams.
On-site participants: Jimmy Anuszewski, David Blackman, Dennis Brown, Dan Cromer, Francis Ferguson, Wayne Hyde, Winnie Lante, Steve Lasley, Matthew Nash, and John Sowers.

STREAMING AUDIO: available here


Agendas were distributed and the sign-up sheet was passed around.

Report from the chairman

Member news:

Steve mentioned that Membership: Taylor Jamrok has replaced Bill Caltrider at MREC. We all know the many little details that can be difficult to come by when first starting out here in IFAS, so please welcome Taylor and offer your assistance in getting up-to-speed.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

Video Services event requests require GL credentials

Dan Cromer had shared news from John Pankow that Video Services was working to protect the VCS event request form from anonymous spammers by requiring logon for access. That was implemented on March 21st and Dan Cromer sent a notice to IFAS-Announce-L to make all aware.

Blue Jeans trial

Jimmy Anuszewski had mentioned last time having had good experiences using BlueJeans. He has tried virtually all connection methods without any issue and has been pleased with the sound clarity.

Steve asked Dan Cromer what the costs might be to retain this service and whether or not IFAS could afford it. Dan responded that the company has offered IFAS a one-year license for 250 simultaneous connections at a price of $12,000. Dan said he is tempted to go ahead with that; the price is apparently going up tomorrow. Dan had talked to Mark McCallister at UF Video Services and VCS had been considering putting this in themselves (which Dan encouraged).

VCS apparently is considering other options but Dan was not sure what those might be. The only other "universal bridge" product Dan knows is from Polycom but it requires the purchase of their $100k box. Because of the close working relationship between Polycom and Microsoft, along with the promise of inter-functionality between Polycom and Microsoft Lync, Dan remains interested in that option but fears the cost would be too great.

Francis Ferguson mentioned that we are coming up on lightning season again. Those have traditionally been hard on our Polycom equipment at the CEOs; having another VC option would be welcome.

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

Updates not available...

Possible end-point refresh in the works (previous discussion)

Decision still pending

Steve asked about this and Dan responded that he isn't exactly sure where it is going. Dan has an appointment with Joe Joyce a week from Monday to discuss this. There is some concern that this be done fairly. Some units have been waiting for central IT to pay for equipment replacement and others have gone ahead and replaced codecs at their own cost. Dan is considering an option where funds be distributed equally and units could then use that to subsidize codec purchases as they saw fit. Dan mentioned that we currently have about 120 of the VX 7000 model Polycom systems that are very long-in-the-tooth.

AVer HVC310 camera support

Dan has been offered a price of $1500 each (quantity > 100) for the AVer HVC310. Winnie Lante asked if the AVer device used the same cameras and microphones as the Polycom units. Steve responded that it has its own camera and microphones which are similar but not equal to the Polycom equivalent. The biggest difference is in the camera viewing angle, with the Polycom being superior (65 vs. 55 degrees). Mike Ryabin mentioned that this would make the Polycom superior in larger rooms where wider views are often desirable. For the nearly order of magnitude price different, however, that might be acceptable in some cases.

AVer HVC310 dual monitor support

The AVer HVC310 supports dual monitor output via one HDMI and one VGA. In single monitor mode you get the same signal(s) to each monitor output. Six different layouts can be selected, basically mixes of the near camera, far camera and content. In dual monitor mode the VGA output carries the content (what they term their “secondary” screen) and the HDMI the same set as in single monitor mode (i.e., you can control among six different layouts via the remote). This is pretty flexible and the remote provides easy access to those features (dual monitor button and layout button); more so than the Polycom.

AVer HVC310 has video input that might support a second camera

The AVer HVC310 supports only a single camera but it does have a separate video input which could possibly be adapted for (non-integrated) use with a second camera. Dan Cromer mentioned that the Cisco C20 (which Jimmy Anuszewski has one of in Agronomy) does support two cameras. The Cisco unit runs about $5000 and Dan believes that might be a better solution than the AVer where affordable.

Integration in more complicated AV rooms

Steve mentioned that the ability to integrate these into more complicated AV-equipped rooms is a consideration as well. If Entomology upgrades their main lecture room they will probably use AMX as they had in their most recent room. That system currently integrates with both Polycom and AVer though Steve is not sure of their support for Cisco. Mike Ryabin had investigated using an AVer as a replacement for the Polycom to which his Accordent is connected. After speaking with AVer Mike is convinced that the HDMI output could be converted to composite and sent to the Accordent. [Note that the Aver has a VGA (secondary)

AVer HVC310 recording capability

Dan asked Steve about his experience with recording via the AVer HVC310. Steve said that this is why he originally purchased the AVer...in order to see if it could be utilized as an endpoint recorder as mentioned previously. While the system does work, the amount of staff time needed for recording management (start/stop, convert, upload, advertise) is just too great--at least for Entomology.

Steve did mention that they have recently moved their AVer from test mode in his office into a small office along with a dedicated PC and a Logitech BCC950 ConferenceCam. This room is thus equipped to support individual or very small group videoconferencing (VC). The computer supports various software-based collaboration tools such as Skype, Jabber, and Lync via the Logitech camera/speaker-phone, making this our most flexible facility for an individual or very small group wanting to connect to outside collaboration resources.

An additional bonus of this which was originally not anticipated is the ability for using the AVer recording capabilities for individuals to easily make simple video recordings with or without associated computer output. An ongoing VC is not required for this; rather a user simply inserts a usb drive (external drives must have their own power source) and presses record on the remote. The AVer remote also has a layout button via which the user can select whether the video, PC content or both are displayed. The recording is made in a proprietary format but AVer has free Windows software for playback and conversion. That program allows one to save to .MOV (QuickTime) format. Steve anticipates that this may be quite popular for making short video clips.

Polycom support notice

Mike Ryabin shared his finding that Polycom will discontinue support for the HDX 8000 after 2015.

Ft. Pierce gets 4th codec

Marvin Newman reported that Ft. Pierce just purchased their 4th endpoint, a Polycom 7000 on a mobile cart, via a grant they were awarded.

Movi/Jabber Updates (previous discussion)

Updates not available...

Other standing VC topics

End-user Scheduling (previous discussion)

Updates not available...

Possible end-point refresh in the works

On March 26th Dan Cromer asked that units with failed or failing "Polycom-type" end points contact him with the details. He mentioned that IFAS may be able to replace some of them via central funds.

Lync updates (previous discussion)

Updates not available...

WAN (previous discussion)

Updates from James Moore

Updates not available...

VoIP at RECs

Dan Cromer informed us that the next installation is scheduled for Milton and then Jay. Ft. Pierce is looking into VoIP options as well. They would definitely go with UF's solution if, as has been proposed, the current $11/month/phone charge is absorbed centrally. Mike Ryabin has provided Dr. Stoffella with the costs of a local VoIP solution such as Ft. Lauderdale uses for consideration as an alternative. Agronomy has the Building 350 cluster way across Archer Road for which VoIP is being considered as well.

Issues with wireless at remote sites

A few weeks back Kevin Hill raised a number of very interesting points about how UF wireless is implemented at our WAN sites:

Message from Kevin Hill:
"[ICC-L] "Issues" with UF WAPs at IFAS WAN sites" Fri 3/22/2013 10:31 AM

We’ve recently rolled out a limited deployment of “UF wireless network” WAPS to replace some aging WiFi equipment at our unit. Aside from the usual aches & pains associated with moving everybody’s cheese, I’m wondering how other off-campus units are dealing with some of the quirks. Namely:

  1. Domain joined WiFi-only devices (e.g., MS Surface tablet) have a catch-22 situation at first login. Since the “uf” SSID relies on user-based 802.1x authentication, there’s no access to a DC unless credentials are already cached. Only workaround I’ve found is either a USB-Ethernet dongle, or plugging in a Linksys WAP for a few minutes to get access to a DC. Once credentials are cached, login works fine, but since the 802.1x connection doesn’t happen until after login, autogroup scripts don’t run, network drives are missing, etc. Anyone using GPO’s to get around this one?
  2. ALL “uf” WiFi network traffic is routed across the WAN, even if the resource is a local file server. This makes for very slow software and print driver deployments, WSUS updates, etc. It seems to me that it always makes sense to try to keep local traffic local whenever possible.
  3. WAPS are configured to offer DHCP from servers located on campus rather than the local MPS – more WAN traffic when there’s a local service available. Are we able to access these DHCP logs to identify a vulnerable or infected host?

At this point, I’m really missing our circa-1998 WiFi equipment. I’d be interested in hearing what others are doing to deal with these issues. Has there been any discussion about asking CNS to build a separate UF wireless config for remote IFAS sites?

James Moore responded to each of Kevin's points. For the first point, James said:

The best approach to dealing with this issue is to use a GPO. Please see: http://technet.microsoft.com/en-us/magazine/2007.11.cableguy.aspx

Drop down to figure 3 and it shows what you need to do: namely enable Single Sign On for this network and perform immediately before user log-on.

James suggested that a short document should be written and posted on the IT wiki for 802.1x and said CNS will look into this for Kevin.

Regarding point #2, James said:

-As discussed in my email yesterday:

*-We are testing features like Flex Connect in our lab and will be deploying very soon. This may be how we decide to keep certain local traffic local.

The latency that you are seeing is likely related to a bug in the code used on the Brighthouse Networks CO router upstream from IRREC. *We have a ticket open with BHN & Comcast.* I discussed this with Dan Cromer yesterday afternoon.

*For example, TREC in Homestead sees 14ms of round-trip-time to/from GNV. There is no latency there.

-This design is common across the industry for sites with L2 p2p loops into the cloud.

-Dedicated internet access (DIA) circuits using ipsec tunnels seem to perform good as well. (Feature sets such as Flex Connect will be rolled-out to these locations)

-Poorly funded, aDSL sites are supported with autonomous APs that use pre-shared keys. They are not using LWAPP at this time.

Regarding point #3, James responded:

-This is the same here on campus and works for all departments. UFIT Security tracks these via GatorLink username and will deal directly with the customer. You no longer have to hunt through DHCP logs.

Finally, James summarized with:

-For slower, aDSL fed County Offices, we use local pre-shared keys on autonomous access points. We do not use LWAPP behind slow, poor performing ISP services like DSL at this time. We do have a separate design for remote locations whether those are IFAS, CLAS, CoB etc. The design is based on the specific case, not the department.

SWFREC is FLR connected. Your local-loop into the cloud is suspect. We can pilot new features at IRREC once the lab testing has been completed. We will get back to you on this very soon.

Kevin himself later solved a portion of his concerns and reported the solution to the ICC:

Message from Kevin Hill:
"[ICC-L] Solved: 802.1x - enable single sign on for "uf" wireless" Tue 4/2/2013 3:54 PM

So I had a number of laptop users complaining about login scripts not running when connecting to the “uf” SSID. After beating my head against the wall trying to work through the 802.1x post-GINA user authentication problem, I finally figured it out and thought I’d share the solution:

When a user first connects to “ufinfo” to run the Autoconfigure script, the resulting “uf” wireless connection is automatically configured with “Network availability” set to “only me”. This setting causes the single sign on options for the connection to be grayed out. To get to these settings you need to delete the “uf” wireless connection, and then reconnect directly to “uf”. You’ll be prompted for credentials and a new connection will be created, this time with “Network availability” set to “All users”.

Network availability: All users

Now you can select the Security tab / Advanced Settings and select “Enable single sign on for this network”. I had to extend the delay on my Surface Pro to 60 seconds due the crappy Marvel wireless chipset Microsoft used in their hardware (ymmv):

Advanced Settings dialog

This solution works for me on Win 7 and Win 8. Maybe this is all documented somewhere already, but I couldn’t find it. Hope it’s helpful to someone.

Also, as suggested by James Moore, this can probably be set via GPO, but in my testing it appears that only a domain admin can create one. Maybe a policy already exists, but I couldn’t find it among the 4000+ policy objects in AD.

Steve mentioned that he had tried this "single sign on" configuration and was impressed. When this setting is configured the Windows logon screen displays "Windows will try to connect to uf" beneath the password input box (uf here referring to the uf ssid). This setting essentially allows a domain-joined laptop on the UF wireless network to have a "DA-like" experience where the login scripts and drive mappings run just as they would with a local wired connection.

This setting could be an extremely important usability enhancement for domain-joined laptops and begs the question why isn't this documented at http://getonline.ufl.edu/. In Steve's view there should be separate documentation available for Windows domain-joined laptops as this feature is too wonderful to overlook.

Phone bills to be paid for centrally?

There seems to be some doubt as to whether or not this is going to proceed. On the one hand, Dan Cromer says that this has been proposed for inclusion in the RCM by John Madey on the request of Elias Eldayrie. This RCM proposal will go to the final budget board, probably sometime in May; from what Dan has heard this is expected to be approved but we won't know for sure until after.


News from Campus IT Directors meeting

Passphrases to be allowed

Dan Cromer had shared the availability of the March meeting notes from the UF Campus IT Directors. There is a plan for changing password length rules whereby passphrases (18 characters up to 55 max) will be allowed without dictionary checking (yay!). The implementation of this change will be a bit tricky because of potential issues with legacy systems that might not handle such long passwords. Password minimums will not be changed from the current settings of 8 characters for P1-P3 and 9 characters for P4-P5 (see GatorLink Password Management Policy).

Forwarding policy

The other topic Dan wanted us to be aware of was the potential requirement for all faculty and staff to use Exchange, with no forwarding allowed. Dan also noted that IFAS has had this policy since December 2005.

Ben Beach pointed out that this could spell trouble for a couple of the counties he supports. John Wells agreed, noting that Leon and Okaloosa County, for instance, are required by county policy to use their county email addresses for all correspondence. Bill Black said his district was similar. Dennis Brown mentioned this might be a concern with Courtesy Faculty working in industry as well.

Dan's take was that he believed UF will accept exceptions for legitimate governmental agencies’ addresses, though he couldn’t be sure. The issue is having “discovery” rights to UF email for legal purposes. The policy will be set by General Counsel or Privacy Office, not by IT. On the other hand, Dan didn’t see how county government officials could complain about UF people using UF email, even if they are county-paid people doing UF work; this may need to be established in a memorandum of understanding (MOU).

Jimmy Anuszewski mentioned having a visiting professor from Brazil with an Exchange mailbox who wanted to forward that to his home email account. Jimmy asked Scott Owens about that who forwarded it on to the UF Help Desk. Eventually it was allowed once written permission was obtained from the department chair.

TurningPoint Response System being re-evaluated

Dan Cromer had relayed a message from McCallister about the availability of TurningPoint Clickers:

Message from Dan Cromer:
"[ICC-L] FW: Turning Point "clickers" Thu 3/21/2013 10:19 AM

FYI, thought you’d like to see this response from Mark at AT about TurningPoint “clickers”. I had been asked about them from someone doing a workshop who wanted to borrow some.


From: McCallister, Mark 
Sent: Thursday, March 21, 2013 10:08 AM
To: Thomas, Ron; Wysocki,Allen F; Ruppert,Thomas K; Cromer, Dan
Subject: Re: Turning Point "clickers"

Hi, yes we have that quantity available. Rental charge would be $120 ($1/clicker) for the event + shipping if we need to ship them somewhere.

Side note related to Al's comment below – I have become increasingly disenchanted with TurningPoint for instructional use over the past couple years (works great for workshops like this though). We currently have faculty piloting/using three alternative products, iClicker, TopHatMonocle, and ViaResponse. While we won't 'unplug' anyone using TurningPoint, we will probably shift our recommendation to some combination of those three products for next academic year.

Thomas, if you would like to proceed with that, let me know and I'll have our front desk person get in touch with you to make arrangements.

In case you were not aware the TurningPoint Response System has been used by UF for a few years now. It permits audience members to respond to questions posed in real-time and tallies the results. Apparently it hasn't worked all that well and AT is now looking at alternatives.

HighEdWeb conference

Donna McCraw had kindly spread the word about a HighEdWeb conference that will be held in Emerson Hall on April 22-23; registration is required.

Spring 2013 Peer2Peer workshop

The Spring 2013 Peer2Peer workshop will be held in the morning of April 18th at Smathers 1A. This latest iteration will include presentations about managing Mac/Apple devices in the UF enterprise (Kevin Hanson), an overview of the UF Data Center (David Burdette), Systems Center Configuration Manager (Andrew Carey), and the enhancements and changes in Shibboleth (Martin Smith). This event will be streamed and may be viewed here.

Steve mentioned some interest in the Kevin Hanson talk. He is still trying to understand if there is really any advantage in joining Macs to UFAD. Wayne Hyde expressed concern about controlling access to UFAD-joined Macs asking if there was a means to limit who could logon locally. Jimmy said he believes there is a way to have a GPO enforce that a Mac run an AppleScript file; he mentioned working with Santos Soler on such a solution. Others pointed out that it is rare to control local logon even on Windows boxes, though it is easily done should one wish.

Other discussion about various aspects of Macintosh support ensued. If you want the details you can listen to the audio recording at about the 38 minute mark. Varied discussion also took place on the need to remove WinXP boxes from the network by April 2014; if you aren't preparing for this you could be in for a BIG shock.

Content Management System (CMS) for UF: Entering purchasing phase

Updates not available...

Authentication Management policy draft (previous discussion)

Updates not available...

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

See remedy section below...

KACE (previous discussion)

Updates not available...

CNS working to implement NAC for UF wireless (previous discussion)

UF wireless still too hard?

Updates not available...

UF Exchange updates (previous discussion)

Outsourcing of student email?

Dan Cromer said this is still moving forward. Things may be a little delayed, but they were originally planning to offer Office 365 as an option to students first enrolling this Summer (as a trial). They would then make it mandatory for new students beginning Fall 2013 as well as an option for existing students. Gatorlink mail is planned to go away completely by the end of 2014.

Outlook asking for re-authentication

Updates not available...

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Updates not available...

Split DNS solution for UFAD problems (previous discussion)

Updates not available...


New web cluster (previous discussion)

Updates not available...

Windows 8 Deployment? (previous discussion)

Updates not available...


Work continues on the central SCCM plans.

Updates not available...

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (previous discussion)

Updates not available...


Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection?

UF is looking at moving from McAfee to either IBM or Symantec for its anti-virus protection software. Forefront would be another essentially no-cost option but it first requires SCCM to be deployed centrally.

Dan said the deadline for that is considered to be August 17th; this is the date listed in policy where encryption of all laptops and portable personal computers storing restricted data becomes mandatory. The SCCM component will allow confirmation that laptops are bitlocker encrypted; such proof is a component of the Mobile Computing and Storage Devices Standard.

Wayne Hyde said that if UF doesn't renew the McAfee contract we will obviously eventually move off that platform, probably to ConfigMan with FEP. In the meantime, Wayne will be migrating us from ePO 4.6 to ePO 5 as discussed below.

Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Updates not available...

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

DirectAccess pilot (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Jimmy mentioned a new VMware View Client is available for download from http://www.vmware.com/go/viewclients. The Mac version now offers USB support. VMware has also an entirely new version of the product that is now named VMware Horizon view. Wayne will offer that via http:virtual.ifas.ufl.edu when he retools for the upcoming term. This new version supports HTML Access which means zero install access from a whole host of devices. Very cool.

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex York can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

Updates not available...

ePO updates (previous discussion)

Version 5 of ePO recently became available and Wayne Hyde is already investigation transitioning to the new platform. The release notes for ePO 5 are available here. McAfee Agent 4.8 is also available. Rather than upgrade our current ePO server, Wayne has already stood up a new server with ePO 5 to which he is planning migrating clients. This process will help point out machines which aren't updating agents and the like because they will remain talking to the old server. Wayne also plans to tweak scheduled scanning so it is somewhat more palatable; it will remain a necessary evil however.

The new ePO system will have some new tags such as "Frozen" which is appropriate for systems with disk protection (like DeepFreeze). Such clients will get dat updates but agent or VSE upgrades will have to be installed manually. Wayne will also prepare the new ePO server so it can push agents and anti-malware to Macs. Steve mentioned that we will need to make sure UF wireless detects that product if we go that route.

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

Patching updates... (previous discussion)


Microsoft recently released an enterprise hotfix rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. It is recommended that this be rolled into deployment images. Note particularly the "Registry information" section of that article for details on enabling two of the included hotfixes -- one which improves logon script run performance.

The April Microsoft patches included 9 bulletins (2 "Critical", and 7 "Important") covering 14 CVEs in the usual suspects. A risk assessment will be available here.

McAfee provides podcasts on the highlights of each month's offerings.


There have been two patches for Flash since our last meeting; one on March 12th and another this Tuesday.


There is going to be another release of Java next Tuesday.

Some mentioned believing that SAS won't work with JRE 7, but that is not the case as Steve pointed out at the February meeting. Steve had supplied instructions for reconfiguring this without reinstalling, along with a test program that you can use to assure yourself that SAS is working correctly with JRE 7.

MS Office News update (previous discussion)

Updates not available...

Job Matrix Update status (previous discussion)

Updates not available...

UF apps

Dennis Brown reported going to the meeting of a group charged with determining required features for a Help Desk ticketing system to replace Remedy. Remedy is not lacking in features, but rather would require customization beyond what our current staff could manage to create or maintain. As a result UF is looking for a more appropriate fit to our needs.

Dan mentioned that the endpoint protection products being investigated as a McAfee replacement also overlap with this category as does (perhaps to a lesser extent) Service Manager that Alex York is investigating.

Other Topics

Trouble with chartfield entry in PeopleSoft

Francis Ferguson mentioned frustration with entering chartfields in PeopleSoft. After entering 1,2 or 3 characters the thing "jumps" and you can't enter the rest of the characters. Dan Cromer said that this is due to an autocomplete setting that can be cleared.

If you logon to myUFL and select: "Main Menu" > "My Account" > "My Personalizations" > "Finance Personalizations" > "Personalize Navigation Personalizations" you can disable the troublesome "feature":

disable autocomplete

Winnie Lante mentioned having the same problem when setting NMB when trying to type into the "Department ID to relate field." This is apparently the same issue but Steve found out one must change the setting via the "Portal Personalizations" rather than the "Finance Personalizations." Also worthy of note, in researching this Steve found that the UF Help Desk test application has been extensively re-formatted to a more tabular form.

Redundancy for DHCP at remote sites

Steve asked if there was any consideration being made to support DHCP redundancy at remote sites in the future--perhaps at the next MPS refresh. Wayne Hyde responded that if an MPS server goes down then DHCP has to default to the router which James Moore has set up. ITSA is looking at the possibility of deploying some NAS devices for backup storage; those can also handle DHCP and that might be a possibility.

For on-campus, the DHCP in Server 2012 permits having two DHCP servers that both handout IP addresses. The servers are not clustered, rather they decide which machine will handout addresses based on a hash of the MAC address. The two DHCP servers do communicate, however, so each is aware of what numbers the other is handling. If one goes down, the other will take over handing out all IPs. Wayne has discussed with Alex whether or not this kind of configuration could be used with remote sites where the local system would be primary and handout all the IPs but the campus system could take over should the local MPS DHCP go down. Of course, all bets are off for that when the WAN is down.

Steve added that keeping traffic local as much as possible is an important consideration for remote sites as well. Dan Cromer mentioned this is a particular issue with authentication via the WAPs currently but network services is looking at Flex Connect (as mentioned earlier) to help with that issue. Francis Ferguson mentioned that he may be getting the first few WAPs that support this feature; we'll just have to see how it goes.

UFIRT notices

A number of folks had asked if it was necessary that we all get notices that don't apply specifically to us in our own units. Wayne had responded:

Message from Wayne Hyde to the IFASIRT-L:
"Re: Vulnerability scan results for your subnets" Fri 3/8/2013 10:44 AM

IT workers in IFAS that are responsible for hosts on the UF network will remain on this list.

If members do not wish the list e-mails to all go to their inbox, it is fairly easy in Outlook to configure a server-side rule that moves IFASIRT-L messages to a folder but also leave messages related to your managed machines in your inbox. Two rules are needed -- the first rule looks for IFASIRT-L e-mails and stops processing rules if the message contains various strings. For example, the first three octets of your subnets (ie: "10.251.21") and partial matches of computer names in case you routinely have laptops that pop up across the statewide network (ie: "IF-ITSA"). The second rule moves all remaining IFASIRT-L e-mails to your subfolder.

The increase in mail load starting this week was due to a LISTSERV issue where the IFASIRT-L was held for quite some time. You may have still received alerts which were sent to your GL account in addition to the IFASIRT-L address, but no alerts only sent to the IFASIRT-L list were distributed.

When you do get a ticket for one of your hosts, please follow the procedures, standards and guidelines found at:


Please remember to update the ticket with what information you found about the host and what steps were taken to resolve/contain the incident.

Tickets quite often are generated a day or more after an incident occurred. DMCA violations often come in weeks after an incident. The UFIRT ticket will have a ticket timestamp (when the ticket was generated) but also have the timestamps of the incidents and possibly a hostname. If the ticket is generated close to the incident times, the hostname may be correct. Since hosts come and go and we use DHCP, quite often the current host on the incident IP address is not the host that caused the ticket. This is where Chris' DHCP Search (http://itsa.ifas.ufl.edu/dhcpsearch) will help you track down the host.

A tutorial on handling alerts

Wayne explained the process OU admins should take to handle these notices.

Begin with a close examination of the on-line ticket

The alert e-mail itself is of little value. You must begin with a close examination of the ticket by following the link provided in the UFIRT notice. The ticket will give you at least the IP address along with a BIOS name and a MAC address.

Timing is everything

The problem with the UFIRT alerting system is that they don't always detect something as it happens. Rather, some issues are only discovered by reparsing previous data. Consequently, one must pay very close attention within the "Ticket History" section to the Incident Date as oppposed to the ticket creation date as demonstrated below. IPs are reassigned and the machine currently holding the IP listed in the alert may not be the same as the one that triggered the alert. You need to know when the detection occurred in order to proceed properly.

Ticket History

Locating the device in question

Once you know the Incident Date, then the DHCP search site can be very useful in locating other details of the device. By selecting proper DHCP server (just DHCP for on-campus) you can search on the IP# to get a list of machines that held that IP that day.

Lease times are generally 3 hours so it is not uncommon to have a number of different machines in that list. You can then narrow it down via the time stamp on the Incident Date and get the MAC address of the device in question.

If you check the "Display NIC Manufacturer" box you can determine the make of the device (Dell, Apple, etc.); you can also use one of many on-line vendor MAC address lookup services as well.

If you are on Wall-Plate you can also use the Network Monitoring System and its "Search MAC Data" link to locate the port and thus the room number where the device was connected when the incident was detected.

"Malware Activity" vs "Vulnerability" detections

When you get a "Malware Activity Detected" alert whose ticket contains a bunch of cryptic flow data you can trust that the machine is infected and that this is NOT a false positive. McAfee might not detect it and you might have to use some other tools and/or boot into safe mode to detect the infection. Regardless, it is inappropriate to mark the ticket as a false positive.


After you identify the computer, take it offline and mark the ticket as "contained." UF policy states that containment must occur prior to the end of the business day. If you think you have removed the infection you can then hook the machine back up to the network; should you be wrong another alert will arrive before long. In many cases a rebuild will be the simplest and certainly the surest method of removing an infection.

If this turns out to be an unmanaged machine or you are unable to locate the device, then please send a DHCP filter request to itsa@ifas.ufl.edu so the device will be blocked from network access.

Question or problems?

If you receive a UFIRT ticket and are unable to figure out what PC generated the ticket or need help with any other aspect of the ticket, please respond to the IFASIRT-L list and CC the ITSA group (itsa@ifas.ufl.edu) for assistance. Asking for help in the UFIRT ticket system will most likely be missed as the UFIRT e-mails do not include the comments appended to tickets. That is much less trouble for Wayne or whoever to track and respond to than to have to open each ticket update that folks may make just to find out you are having difficulties.

Slow Boot Slow Login (SBSL) Hotfix Rollup for Windows 7 and Server 2008 R2

About a month ago, Microsoft released an enterprise hotfix rollup for Windows 7 and Server 2008 R2. The potential usefulness of this is described here along with a tool (Xperf) you can use to determine how much this hotfix actually helps. The only real caveat is that there have been a few reports of BSODs; those have been resolved by upgrading video drivers however. Steve downloaded this and has posted it on the file server.

Powershell Workshop video

Nick Smith had shared a link to a Powershell Workshop video by Don Jones. This video is quite long but holds a wealth of information that all could utilize to become much more effective support techs. This is very cool stuff -- the kind of thing you wouldn't pick up on your own. If you work with Windows (and who here doesn't) you will never regret learning PowerShell; as Don Jones says "You can either learn PowerShell, or learn to ask, 'would you like fries with that?'"

Hard Drive Disposal

There had been some discussion on the ICC about methods for hard drive disposal. Wayne Hyde had responded with the following links:

As Wayne had pointed out, the second link pertains to media that contains or has contained restricted data.


Dennis Brown had shared a link to a YouTube video describing the new UFApps "virtualized applications" service that is currently in Pilot. As Dennis pointed out, some of the available apps are Autocad, MS Office, and Adobe Photoshop. More details are available at http://info.apps.ufl.edu/. This service is available currently to all students (grad and undergrad) and Dan Cromer said there has been some thought that it should be opened up to all.

The meeting was adjourned a bit early at about 11:40 am.