ICC logo IFAS logo

ICC Meeting:



A meeting of the ICC was held on Friday, July 13th, 2012 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Sixteen members participated.
Remote participants: Bill Black, Dan Cromer, Chris Fooshee, Kevin Hill, Marvin Newman, John Wells, and Gary Wilhite.
On-site participants: Jimmy Anuszewski, David Blackman, Francis Ferguson, David Huelsman (guest), Winnie Lante, James Moore, Steve Lasley, John Sowers, Nancy Watson (guest), and Wendy Williams.

STREAMING AUDIO: available here


Agendas were distributed and the sign-up sheet was passed around.

Report from the chairman

Steve gives his apologies for the local audio issues and has gotten with Lance Cozart to learn some better troubleshooting steps should that occur in the future. Thanks to Dan Cromer for suggesting dialing the bridge via the conference phone; that certainly saved the day.

Member news:

Dan Cromer recently added Matthew Nash to the ICC-L. Matthew has been working with Ed Howard in FRED as OPS for the last couple of years but we were tardy in hearing of him. Steve was very pleased that Matthew was able to attend today and hopes he can continue to actively participate.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

Video Services phone number restored

Patrick Pettus had reported via Dan Cromer that, as of the afternoon of June 19th the 392-2533 number rings directly to the helpdesk -- bypassing all of the menu items. As Dan put it, "The video help number 352-392-2533 has been reinstated for assistance with videoconferencing problems."

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

Logitech BCC950 ConferenceCam

Steve noted that he had purchased one of these camera/speakerphones and it seems to work fairly well for what it is. It should definitely be useful in un-complicating conference room software-based videoconferencing by reducing the number of components needed in such a system. Steve still doesn't see it as a Polycom replacement for classroom usage however.

Steve said that he had noticed a few glitches in his brief testing. The video quality seems to vary when using Movi; sometimes all is fine and other times the video is all messed up. Steve suspects a video driver issue, which is the sort of thing we are bound to run into with any software based solution as opposed to a codec. Steve also noted that the answer/hang-up buttons on the speakerphone did not work quite correctly with Skype even though the necessary plugin had been installed. Steve felt that the overall sound quality was very good, however.

Other standing VC topics

End-user Scheduling (previous discussion)

Updates not available...

Movi (previous discussion)

James Moore had indicated via email to the ICC-L his recommendation that on DSL connected sites that upload speed settings be configured to 384Kbps on video endpoints -- including Movi. Any more than that and you are likely to overwhelm the modem long enough to cause an authentication failure. Some modems only authenticate during POST and will not attempt to re-authenticate until the modem is cycled. This can cause an outage to the site in question.

Lync updates (previous discussion)

Dan Cromer had relayed that there is a plan to sunset Microsoft Office Communicator (MOC) on July 29th and Joe Gasper came out with an update setting the date at Sunday, August 5th.

Our users should be migrated to Lync before that date and Dan had asked about interest in pushing Lync via Group Policy. Steve feels that pushing Lync out to all might cause more issues than it would resolve as many might not want that installed. Joe Gasper had supplied a link to a daily updated list of machines with MOC installed. Steve feels that this might be enough so that IT support could attend to those prior.

Joe's post via the ACTIVEDIR-L list had a wealth of related information as well...

Installation software for Microsoft Lync (Windows, Mac, mobile) is available here:
\\ad.ufl.edu\ufad\software\Lync (including June CU)
Update Resources for Lync

Microsoft Lync installation information and methods:

Microsoft Lync Help:
Microsoft Lync Help Home
What's New in Microsoft Lync
How-to Videos
Training: Scheduling Lync 2010 Online Meetings
Training: Joining a Lync 2010 Online Meeting
Training: Download Lync 2010 training (Self-paced PPT)

WAN (previous discussion)

Updates from James Moore

James reported being busy working on VoIP projects for various RECs and also has many wireless access points to install as well. They are looking at point-to-point wireless solutions using REC property to install some towers. Dr. Stophella, Director at Ft. Pierce, has given a tentative thumbs-up to such a plan so the St. Lucie CEO and the Agricultural Lab may be the first two to benefit from such use.

Steve asked James about the intended order for the REC VoIP installs. When James responded that Apopka and Quincy are both in progress currently, Steve mentioned that he had thought there was a bandwidth issue at Quincy. James said they just got a new circuit at Quincy, doubling the bandwidth to 20Mbps. Quincy will be the first site to utilize a VPN connection back to campus for the VoIP call control. There is an SRST gateway (voice router) that can take over if the SLA comes back bad; in such cases it can dump all the calls onto the local PRI (as mentioned at our April meeting).

When Steve asked for estimates on when these projects would be done, James responded that he plans to go to Quincy in two weeks for that install; Harry is doing Apopka currently. Homestead, Jay and Milton will likely be next and then they plan to begin talking with Marvin Newman about Ft. Pierce. They are working with Shands on a circuit at Vero Beach; that might be another potential location for VoIP eventually.

Steve asked about Immokalee; James responded that he plans to send Kevin Hill some switches early next week. He believes things are about ready because he has the IP space for the VoIP and the gateway is on order. James estimated that project could be finished in about three weeks.


UFIT Contributions

Dan Cromer had passed along the link to a new UFIT promotional site.

New social media guidelines and best practices announced

Al Wysocki, ITPAC chair, announced this via IFAS-ALL-L:

Message from Al Wysocki to the IFAS-ALL-L:
"[IFAS-ALL-L] New social media guidelines and best practices announced" Tue 5/29/2012 12:31 PM

IFAS Colleagues,

See the email below from Bruce Floyd, Social Media Specialist at UF. This is a reminder that anyone creating social media websites (including county agents) relating to work you do at the University of Florida, must register their sites.

For UF/IFAS Units http://ics.ifas.ufl.edu/social_media.html

Approval and Registration

ICS will grant approval and will contact University Relations on your behalf. E-mail your social media account request to webteam@ifas.ufl.edu and include:

  • A description of the account
  • Your overall plan for the account
  • Contact information for the account manager(s)

To register on the official UF social media account directory, visit the registration page: http://www.urel.ufl.edu/marketingCommunications/socialMedia/registration.html

Let me know if you have any questions or issues.

IT Reporting Relationships (previous discussion)

Dan Cromer said that he has written up a plan and meets with Dr. Joyce and the executive team (the VP and all the IFAS Deans) Monday at 2:30 PM to discuss it.

The plan is to implement dual reporting for IT support folks in units that have such staff as well as direct reporting for locations that have shared services hubs.

Steve asked Dan about the advantages that he sees in such a system. Dan responded that the purpose is to streamline and improve services. He feels that if he has input on local IT staff evaluations and some directional authority over all the IT people then Dr. Payne can hold Dan responsible where IT is not working right.

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

The new Remedy system is now live. For those having difficulties in using it, on-line tutorials are available, as discussed prior.

There are several way to access the system:

Migration of DNS and DHCP Services to New BlueCat Platform (previous discussion)

Updates not available...

UF File Express now in live production (previous discussion)

Dan Cromer had reported that http://file-express.ufl.edu is now live, as reported on the UFIT News site. There are excellent instructions and a FAQs page that can answer most questions folks might have.

UF FAX server project (previous discussion)

Updates not available...

Upcoming requirements for InCommon Silver (previous discussion)

Updates not available...

Implementing the Mobile Computing Security policy (previous discussion).

Posting regarding incompatibility of PGP with Ivy Bridge CPU'S

Message from David Huelsman to the NET-MANAGERS-L:
"[NETMGRS] PGP Issue with new Ivy Bridge CPU's" Fri 7/6/2012 11:46 AM

It was brought to my attention by Michael Seufert form ENG IT that Symantec put out a bulletin about PGP and Ivy Bridge CPU's. Please do not try and encrypt machines with these CPU's Mac or PC. Linked is an article describing the issue. They are working on a patch, we will notify all of you as soon as a patch is made available to UF. If you have any other questions please feel free to contact me.


Wake on LAN support coming to campus: (previous discussion)

Updates not available...

New Secunia site license (previous discussion)

Updates not available...

KACE agent deployed to IFAS (previous discussion)

Updates not available...

Domain Policy and redirect duration (previous discussion)

Updates not available...

CNS working to implement NAC for UF wireless (previous discussion)

There is a new "Welcome to the UF wireless network" web site for helping users get up and running on the new "UF" wireless network.

Chris Hughes had shared the means for installing during machine setup with Paul Smith who posted that on the UF IT Wiki.

Dan Miller recently sent out the following via the Net-Managers-L list:

Message from Dan Miller to the NET-MANAGERS-L:
"Re: [NETMGRS] revised draft - Major NAC Posture Assessment changes coming July 16, Aug 13, and Sept 5" Fri 7/6/2012 11:20 AM

IT Support Staff,

Some major wireless changes are are taking place now. Many Public Relations outlets are being targeted, but many people have not yet heard this news. We need everyone to help spread the word. The UF Computing HelpDesk would appreciate converting as many users as possible during Summer B to minimize the last minute rush that we expect early in Fall term. There is an email below that we encourage you to customize and forward to your user communities.

Note that there are two main changes described here:

  1. The new wireless SSID "uf" which requires 802.1x,
  2. The NAC Posture Assessment (PA).

Network providers on campus have been working together for over a year to specify, design, and implement an integrated wireless and NAC PA system. This will provide a common access method for wireless users all around campus, and will soon replace the old, public SSID wireless networks: ufw, hnet-public, and dhw. Most areas on campus are already live with the new systems, and the Academic Health Center will join us very soon. We're also working with UF Athletic Association and UF Foundation to include common wireless service in their areas. Changes to wireless in UAA and UFF areas should begin in Fall semester.

The new general use SSID is "uf", and "ufinfo" is also available everywhere for initial configuration. GatorLink authentication is required. Other improvements include use of 802.1x to allow credential caching, and encryption via WPA2 Enterprise. We recommend that users first establish 802.1x connectivity during warning mode, and then work to remediate any NAC PA issues. We *highly* recommend the Auto Config option (see getonline link below) for users.

A third shared SSID, "ufvisitor", will also be available later this summer. It will only be offered in high-traffic public areas, and is intended for causal use by people who are not affiliated with UF, and do not have a GatorLink ID. UF affiliated individuals with GatorLink IDs should use "uf" and not "ufvisitor". This network will be open to the public and require the visitor to register with their cell phone, and will receive a 4 character pin via text message. These accounts will be valid for one week, and the visitor must re-register after that time if they wish to continue using the "ufvisitor" network. The "ufvisitor" wireless network will be much more restricted than the standard "uf" network. It will appear as an outside network to UF resources, and all UF / Shands VPN services will be blocked. Stay tuned to IT-News for more details coming soon.

The NAC PA system is currently in "warning" mode where users receive web browser messages about lack of compliance. On July 16, that will change in all areas to "blocking" mode, and users will need to remediate before they regain full network access. At the start of every term, the NAC PA system will be reverted to a "warning" or grace period. The NAC PA system will be looking for the following items:


  • SafeConnect Policy Key is installed. The Policy Key can be installed by IT Staff using SCCM or Group Policy or by allowing users with administrative privileges on their computer to go to the GetOnline site and choose Auto Config.
  • Windows Update is enabled and set to automatically download and install updates
  • Active anti-virus software is installed, running, and fully updated
  • P2P software is not running
  • Anti-malware and checks for Java, Flash, Reader, and other exploitable software will be added to all sites after Sept. 5


  • SafeConnect Policy Key is installed. The Policy Key can be installed by IT Staff using SCCM or Group Policy or by allowing users with administrative privileges on their computer to go to the GetOnline site and choose Auto Config.
  • Active anti-virus software is installed, running, and fully updated
  • P2P software is not running
  • Anti-malware and checks for Java, Flash, Reader, and other exploitable software will be added to all sites after Sept. 5

The dates for coming PA changes are:

  • July 16 blocking begins for Summer B,
  • Aug 13 warning, grace period begins -- NOTE: old public SSIDs are also sunset on this day,
  • Sept 5 blocking begins for Fall, grace period ends.

Support groups that push updates from central servers such as SCCM will need to request an exemption from NAC enforcement. Please open a remedy ticket to process these requests:
https://request.it.ufl.edu/ and then select "Computing Infrastructure & Networking".

Specific changes will be announced during our normal network change cycle to this list. Please also keep an eye on IT-News for updates about this project and other exciting IT developments:

This link is where users on the "ufinfo" SSID will land:
It includes links to the Auto Config tool, Manual Config instructions, HelpDesk FAQs, and a general FAQ. We are still working to improve the links on this page.


Dan Miller,
Network Manager, UFIT

----- suggested email for your users -----

Subject: Notice of wireless changes coming soon

UFIT is pleased to announce that all wireless systems are undergoing a major upgrade this summer. These upgrades provide improved security and allow you to reconnect without having to enter your password. If you are connecting via wireless, try the "ufinfo" SSID which should take you to the Auto Config tool. Please try that first to gain access to the new wireless network "uf". If you connect to "uf" before July 16, then you may see Posture Assessment (PA) warning messages on your browser. These indicate that your system needs to be updated to be in compliance with UF IT Security standards. On July 16, the new system will begin blocking access for any host that is not in compliance. Try to resolve the warning messages before July 16 in one of these ways:

  1. Contact local IT support.
  2. Contact the UF Computing Help Desk 392-HELP.
  3. Fix the problem yourself if it a self-managed device. The UF Computing Help Desk is also prepared to assist in these cases if needed.

NOTE: the old public wireless networks will be removed on August 13. These include "ufw", "dhw" and "hnet-public". Please try the new "ufinfo" and "uf" wireless networks listed above before August to beat the last minute rush.

Discussion about off-campus Wireless with David Huelsman

Dan Cromer had asked David Huelsman from the UF Information Security and Compliance Office to attend today in order to be a part of a discussion regarding wireless at IFAS locations off main campus. Consequently, David Huelsman was on-hand (along with Nancy Watson) to answer any questions we might have.

SafeConnect vs. XpressConnect

Steve asked for clarification on the SafeConnect vs. XpressConnect applications. David explained that XpressConnect is the portion that can assist with configuring a device to connect to the new UF wireless. It is not strictly necessary, as you can configure that manually if you wish as well. The XpressConnect utility, however, will walk the user through the entire process from "I'm not on the network" on to the installing of the SafeConnect agent, ending with being on the network.

ufvisitor is coming

Steve noted that in the past RECs have utilized open wireless in order to handle outside folks attending conferences and the like. From there that progressed to employing protection via an advertised shared password that could be changed after each event. Now, it appears that shortly the ufvisitor SSID will be the way to handle such thing.

ufvisitor is for use at limited locations

David explained that ufvisitor is designed to support only certain locations on campus (the libraries and the big conference center at the Reitz Union) that service large numbers of non UF-affiliated people requiring wireless network access. The UF Guest Gatorlink creation process has been available as a placeholder solution for some time, but it is cumbersome to use in many circumstances. The security office has been working with CNS to create a "ufvisitor" wireless network whose sole purpose is to provide non UF-affiliated people with casual Internet usage while on campus at specific locations.

ufvisitor will be more restricted than the UF network

The "ufvisitor" network will be rate limited and will have some restrictions implemented via inline packet inspection (IPS) in order to secure that network as much as possible. P2P networks will be disallowed and adult web sites, hacking sites and the like will be blocked. The intent of this is to be able to relax the requirement for authorization.

ufvisitor will use cellphone-delivered PINs for authentication

That said, they do plan to have some level of authentication will this network as well. That process will involve a captive portal self-registration system using either SMS or voice to deliver a PIN. When users connect to "ufvisitor" they will be presented a self-enrollment authentication page which will provide some basic information about the "ufvisitor" network and will also give them the ability to register. They will enter a cell phone number to which a PIN will be delivered; for those w/o a cell phone a utility is being developed for the Help Desk so they can create accounts for people as well.

These four-digit PINs will be valid for one week and the phone number/PIN combination will be the login credentials required for access. Users will need to re-authenticate daily, but can continue doing so for up to one week. After that time they would need to re-register.

ufvisitor is currently in "alpha" test mode

This ufvistor network is available at the Help Desk currently in a very much "alpha" testing phase currently. Once they are convinced the system is working as intended they intend to move to a "beta" phase where they will put it out there for IT people to try out.

David said that the locations where this ufvisitor network will be available will be intentionally limited. They don't want this network to be a replacement for UF-affiliated individuals, including students, as a way to avoid using the actual UF wireless network.

ufvisitor will not be on UF IP space

The "ufvisitor" network will be completely off the UF network IP space and will live on Cox IP space. This should ensure that traffic on this will not affect UF's network reputation immediately. They have locked out the UF VPN services including Shands and the HealthScience Center; David is guessing that they will do the same for IFAS as well. If a person tries to get to these VPN from the "ufvistor" network they will be denied. They are really trying to limit the use of this system because they have only purchased a limited amount of bandwidth for this function. They are purposely making the UF network more attractive to those with Gatorlink credentials.

David said that there will be a Remedy queue for adding locations and reasonable requests will be approved.

David Blackman asked if the ufvisitor network utilized separate WAPs. David Huelsman responded that this network is hosted on the standard UF WISM network; it is the backend where the network goes off UF network IP space.

Open access to be eliminated

Dan Cromer related that the Straughn Center will definitely be added to the list of sites where "ufvisitor" is supported. Dan also stressed that IFAS is getting UF WAPs for all locations; as a result of this and "ufvisitor" being available, we will no longer allow any open access once the new network is in place.

James Moore briefly described steps that will be taken to locate rogue WAPs and eventually purge all those from the network.

ufw vs uf vs ufinfo

Winnie Lante asked for an explanation of the differences between these three SSIDs. David Huelsman responded that "ufinfo" is an open SSID that takes the user to http://getonline.ufl.edu/. By following the "Auto Configuration" instructions, the user is walked through the process of getting the connection configured for the "uf" network. Once that is done, the machine is moved off "ufinfo" and dropped on "uf".

http://getonline.ufl.edu/ is useful by itself for preparing for later access as well, such as for students preparing to come to UF for school.

"ufw" will be going away along with "dhnet" and "hnet-public" and "uf", "ufinfo", and "ufvisitor" will be the only broadcast SSID left here at UF for production use. This doesn't include the private non-broadcast SSIDs.

Posture assessment

Steve asked David what the user will see once the posture assessment begins to be enforced. David explained that starting on Monday the posture assessment on the "uf" SSID will go into effect. In housing areas it went into effect about a week ago. If a machine is non-compliant they will be presented with the same explanation page that is being delivered currently; the difference will be that they will no longer be able to bypass this until they have remediated the issue. They will have Internet access for fixing the issue, but nothing else.

Wendy Williams asked about users who do not have administrator rights on their machines. David responded that this should not be a large constituency because hopefully such machines are getting managed through their IT support. Steve mentioned that this will be nice because we will finally get those laptops coming in that we haven't seen for who knows how long.

UF Exchange Project updates (previous discussion)

Outlook prompting for credentials

Winnie Lante had reported that these issues continue, especially with one particular user within her unit. Joe Gasper suggested trying the following:

As the user:

  • Control Panel, User Accounts, Manage My Credentials (upper left pane)
  • Remove credentials related to Outlook:
    • outlook.mail.ufl.edu
    • MS.Outlook:username@ufl.edu

You may be prompted again for your credentials in Outlook, but your current password will be remembered (by checking the remember my credentials option).

Winnie reported that the above steps were ineffective in her case, unfortunately.

Steve suggested that we keep reporting the issues so that the Exchange folks are at least aware that the issue continues.

Outsourcing of student email?

Dan Cromer said this is still on the table but has been pushed back for now. He believed that Summer 2013 would be the soonest we might see such a thing implemented.

Sakai e-Learning System now in production (previous discussion)

Updates not available...

Alternate IFAS domains in e-mail (previous discussion)

Updates not available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Updates not available...

Split DNS solution for UFAD problems (previous discussion)

Updates not available...


New web cluster (previous discussion)

Steve mentioned that site migration is in progress. Winnie Lante's department, for example, has now been moved. Winnie reported that all went fine with that process. Winnie noted that the URLs were unchanged but she needed to help folks with the new UNC paths for accessing the server as a file system for uploading/editing.

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM (previous discussion)

MDT 2012

Updates not available...


Work continues on the central SCCM plans.

Updates not available...

Exit processes, NMB and permission removal (previous discussion)

Updates not available...

Re-enabling the Windows firewall (previous discussion)

Updates not available...

Services Documentation: Is a Wiki the way? (previous discussion)

Updates not available...


Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection? (previous discussion)

Updates not available...

Print server (previous discussion)

Updates not available...

Recording lectures for Distance Education (previous discussion)

Steve noted seeing an announcement about a new Mediasite Desktop Recorder and wondered if anyone had heard anything about plans for that at UF. Steve continues to look for a replacement for the Accordent which Steve feels is too expensive and not flexible enough to be a long-term solution for lecture capture.

Steve also mentioned that he has been able to use the AVer codec to record VCs and then convert them into QuickTime MOV files. From there we can convert to other formats as necessary. Steve still has high hopes that the AVer can work as an inexpensive IP recorder for recording bridged VCs from his office for later playback via the web.

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates not available...

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (previous discussion)

Updates not available...

Moving away from the IFAS VPN service (previous discussion)

Updates not available...

VDI desktops as admin workstations (previous discussion)

Updates not available...

Wayne's Power Tools (previous discussion)

Updates not available...

Computer compliance tool in production (previous discussion)

Updates not available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

Updates not available...

ePO updates (previous discussion)

Updates not available...

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates not available...

Public folder file deletion policies and procedures status (previous discussion)

Updates not available...

Patching updates... (previous discussion)


The July Microsoft patches included 9 bulletins (3 "Critical," and 6 "Important") addressing 16 vulnerabilities in Windows, Office, IE, and Visual Basic for Applications.

There also apparently is a security update for Lync that came out at the time of last months patched that will not be on WSUS or Windows update and will need to be downloaded manually.

While other versions of Microsoft XML Core Services were patched this month, the security updates for version 5.0 are yet to be released (see bulletin MS12-043). You may wish to consider mitigation processes in the meantime.

There is also a new security bulletin, Vulnerabilities in Gadgets Could Allow Remote Code Execution, along with mitigation procedures to disable gadgets until a fix is forthcoming.

McAfee provides podcasts on the highlights of each month's offerings.


Steve reminded folks that Adobe does have security patches for Illustrator and Photoshop versions CS5 and CS5.5 that can only be obtained via manual download and install here for Illustrator CS5/CS5.5 and here for Photoshop CS5/CS5.5. Using the Update menu from those applications themselves will report falsely that they are fully patched.

Adobe Air had a security update since our last meeting. You should be at version 3.3 now.

The most recent versions of Flash can now be set to auto-update, but the timing of can be mysterious.

Apparently there is an issue with Adobe Reader 10.3 that can lead to it eating up CPU cycles.


A new version of iTunes was released since our last meeting that addressed some security issues.


There were new JRE updates that came out on the afternoon of our last meeting. The upcoming halting of security updates for JRE version 6 in November is bound to cause problems. As just one example, Steve recently found that the Florida Department of Agriculture and Consumer Services has a Pesticide Applicator Certification CEU Database which is used by his department and which fails when JRE v7 is installed.

The other point worth noting is that the auto-update notifications (or updating via the Control Panel Java applet) will replace JRE version 6 with JRE version 7:

JRE 7 update replaces JRE 6


An update to Flash plugin version 11.3 caused crashes in Firefox 13 on Windows; it was somehow related to the new Flash "Protection Mode." Additionally, some crashes seemed to be due to bad interactions between Flash Player and other plugins, particularly one from RealPlayer. Firefox has since come out with version 13.0.1 that resolves most of these issues. The remainder were addressed in a new version of the Flash Plugin (11.3.300.262).

Malware that fakes hard drive failure

Steve mentioned that he had run into a couple of instances of malware that fakes hard drive failure. Other related links may be found here, here, and here.

MS Office News update (previous discussion)

Updates not available...

Job Matrix Update status (previous discussion)

Updates not available...

Remedy system status (previous discussion)

Updates not available...

Other Topics

WebDAV and VDI announcement pending (previous discussion)

Dan Cromer said that he plans to make an announcement to the IFAS-Announce-L about the availability of http://files.ifas.ufl.edu as well as http://virtual.ifas.ufl.edu.

Steve asked if we could get a web page up on the IFAS IT Home Page (or elsewhere) that provided some details on those two items. It is always good to have something to point folks to for the details about such services. Dan said that he would try to prepare that before sending out the announcement.

Winnie Lante said that she has sent a number of people to the virtual machines and they have been very pleased with that. It is particularly useful for those needing mobile access to ArcGIS.

Wendy Williams announced that the new computer lab on the third floor of McCarty B is just about ready.

Big Blue Button proof-of-concept server (previous discussion)

Updates not available...

Results of GPO disabling for non-portable devices (previous discussion)

Updates not available...

The meeting was adjourned well ahead of usual at about 11:00 AM.