ICC logo IFAS logo

ICC Meeting:



A meeting of the ICC was held on Friday, August 10th, 2012 in Entomology room 1027 due to problem with the equipment in our usual location. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Twenty-one members participated.
Remote participants: David Bauldree, Tom Barnash, Dan Cromer, Chris Fooshee, Wayne Hyde, Marvin Newman, Scott Owens, Mike Ryabin, John Wells, and Gary Wilhite.
On-site participants: Jimmy Anuszewski, Bill Black, David Blackman, Dennis Brown, Francis Ferguson, Al Ibanez, Winnie Lante, Steve Lasley, Chris Leopold, James Moore, and Alex York.

STREAMING AUDIO: available here


Agendas were distributed and the sign-up sheet was passed around.

Report from the chairman

We met in Entomology due to audio issues with the ICS Conference Room.

Member news:

Steve welcomed Alvaro (Al) Ibanez to our ranks. Al has been hired as the new IT Expert at CREC. He mentioned that he previously worked for Kodak providing tech support for almost nine years. In that job he spent about one-third of this time traveling, ranging from South and Central America all the way up to Canada. Steve let Al know that the ICC was available if he had any questions about how things are done here in IFAS and at UF.

Steve was sad to report that Matt Wilson has been hired away by CNS and that IFAS is now looking for a replacement database administrator. We all enjoyed working with Matt and he will be missed here.

Chris Fooshee said that this would be his last ICC meeting as he is retiring at the end of the month. He thanked everyone in the ICC for their input and support throughout the years and stated his confidence that we would be helpful toward his replacement as well. Steve said that we have enjoyed working with Chris and wished him the best on his new ventures.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside at the top of our agendas.]

Videoconferencing topics (previous discussion)

Video Services phone number restored

Updates as available...

Replacing Polycom endpoints with some Lync-based solution (previous discussion)

Updates as available...

Other standing VC topics

End-user Scheduling (previous discussion)

Updates as available...

Movi (previous discussion)

There were recent reports of login problems with Movi. Patrick Pettus apparently resolved that by rebooting one of the two gatekeepers in their cluster.

Dan Cromer related that a new version of Movi has come out; it is now called Jabber. Dan has made the installation files available at \\ad.ufl.edu\ifas\software\Jabber-was-Movi.

Dennis Brown asked about Movi-now-Jabber licensing. Dan responded that their understanding of the licensing has changed and that it is based on simultaneous users rather than per individual user. This means we can enable basically whoever wants to try Jabber; doing so is currently done by contacting Dan Cromer. Dan has purchased 50 licenses and UF has 25 for a total of 75 concurrent users. Patrick Pettus had reported that the highest numbers of concurrent users he has seen to-date has been around thirty. Of course, we can add licenses as needed, but the cost is roughly $100 license and those are available in blocks of twenty-five.

Dan mentioned that they have successfully tied Movi to a service account in some situations so that such an account can be used with conference room installations and each user doesn't need to logon. Dan cautioned that these service accounts have not been working since the inCommon Silver changes, so that part has to be worked out before this solution can go forward.

Lync updates (previous discussion)

As Dan Cromer had posted to IFAS-Announce-L, people are reminded that Microsoft Office Communicator (OCS) will stop working for UF on Sunday, September 16th. Clients still running OCS should be upgraded to Lync on a proactive basis. Dan had made available a list of users still connecting via OCS.

WAN (previous discussion)

Updates from James Moore

James arrived late and we had skipped over the usual WAN updates as a result. Chris Leopold mentioned that he has been trying to get new HP equipment at some of the county offices rather than Cisco campus wallplate hand-me-downs; this would allow for gigabit connections which is the new standard for campus. Chris feels off-campus should get that same level of connection.


Notes from June and July SIAC meetings

The notes from the June and July SIAC meetings are now available.

Steve went over a few of the topics from the July meeting. He encourages folks to keep tabs on this committee and greatly appreciates Dan Cromer forwarding the notes to the ICC-L as they become available. This is where we often can first learn of upcoming UF-level IT projects that may affect us down-the-road. Topics of current interest include the SCCM project, which has great implications for OS deployment and patch management as well as offering a choice in antivirus management. Another point of interest is changes the Wallplate refresh plans which may lead to port reductions in some cases.

New social media guidelines and best practices announced (previous discussion)

Updates as available...

IT Reporting Relationships (previous discussion)

Dan Cromer said that Dr. Payne is ready to move forward on this. The plan is that all IFAS IT support people would have the added responsibility of reporting to Dan Cromer and that Dan would be involved with our evaluations each year.

Dan said that he had modified the plan slightly due to input from the Dean of Research. He wasn't sure whether Dr. Payne would announce this change via e-mail directly or whether there would first be more discussion at the next Administrative Council meeting in October.

New 'Trouble-Ticket' Entry Page for CNS (previous discussion)

Steve noted that http://remedy.ifas.ufl.edu appears to still be working as before. Dan Cromer had thought this URL had been re-routed already. He said that the new Remedy system is something that he intends to promote once we get a little further along. He has asked David Essex to develop some checklists to help our central help desk staff as well as the unit support folks.

Dan said that while it isn't that difficult to submit a ticket on the new system as a user, it is fairly involved to use the system as a support person. Steve mentioned that Dan Christophy was going to get trained and then train unit staff; Steve wondered what happened to that plan. Dan said that Dan Christophy and David Essex have been trained and know how to use the system, but they haven't had the time to develop a training packet.

Dan believes it is very important that all our tasks be entered into Remedy so that administration can track the value of IT. Steve understands the lure of that, but believes it overlooks the fact that it adds extra work to already overworked IT staff and would hinder their efficiency. It is a very difficult sell to suggest we take time away from our duties to help centralized administration manage us. Steve believes that most local units would prefer to handle such management in-house where the needs of the unit are better understood. The idea that support would be improved by increased oversight at higher levels is dubious at best; Steve believes we need local staff responsive to local issues, not staff that is looking to central administration for approval.

Bill Black raised a question about tickets that are generated for WAN outages; he had noticed that these are always listed as "low priority" and was wondering why that was. James Moore responded that during business hours such tickets are dispatched the same as any other ticket. During off-hours, however, only sites listed as critical will be alerted for troubleshooting. This is managed on a site-by-site basis, but generally district and REC staff have not wanted to be called in the middle of the night or on weekends to drive in to verify power. If some site wants that, then CNS is willing to provide such timely support at their end as well.

Migration of DNS and DHCP Services to New BlueCat Platform (previous discussion)

January 15th of 2013 is the deadline for moving to Bluecat for DNS, DHCP, and NTP support. Questions or concerns about this planned change in DNS, DHCP, and NTP support platform are encouraged to send e-mail to ns-soft-l@net-services.ufl.edu or call (352) 273-1363.

Chris Leopold said that this means IFAS needs to make sure that our DNS options are set to refer to the correct nameservers, timeservers, etc. Chris is in the process of ensuring that this is so.

UF File Express now in live production (previous discussion)

Steve said that we should be aware of this service as an option for solving some of the file sharing scenarios that previously would have required enlisting some outside service in order to support. Bill Black mentioned that he has used it quite a bit with the counties and feels it to be a very useful service. He particularly likes the option for being notified when a posted file is downloaded by the intended recipient.

Francis Ferguson asked what the file size limitations were with this service. Steve pointed out that the service has a very good FAQs page which would provide that answer. [The maximum individual file size is 5GB. A user can upload multiple files not exceeding this limit to a single, or multiple, folders. In other words, the total size of several uploaded files can be greater than this limit, but a single file can be no larger than 5GB.]

UF FAX server project (previous discussion)

Updates as available...

Fallout from InCommon Silver implementation (previous discussion)

First the good news

The good news is that IFAS successfully rebuilt our DFS last weekend and it is hoped that this will remove a number of access issues that are believed to have been due to having DFS servers that utilized NetBIOS naming rather than the FQDN. In testing, http://files.ifas.ufl.edu works on Win 7, XP with registry patch, OS X 10.7 and 10.8. Using L2TP VPN, \\ad.ufl.edu\IFAS works on Win 7 and XP with registry patch. smb://ad.ufl.edu:139/ifas/ works with Mac OS X 10.7 (Lion) and 10.8 (Mountain Lion) and the direct path smb://if-srvc-filer2.ad.ufl.edu:139/Software (for example) works with older versions like Snow Leopard.

Now the bad news

Unfortunately, the authentication changes that were implemented July 27th have wreaked a great deal of unanticipated havoc.

Removal of unsecure LDAP

This change broke the IFAS VPN temporarily and triggered discussion by Dan Cromer for its eventual removal.

Another feature that broke initially was the Campus VoIP Single Message Inbox. The email messages containing the .wav file of a phone message were not getting sent. Apparently, that has now been fixed. The system does seem to work differently, however; the close tie between the Outlook message and the phone message seems to have been broken. Reading/deleting a message from within Outlook no longer clears the phone messaging light, for example.

The change also requires some configuration changes for Office 2011 under Mac OS X. ; the configuration change to force secure LDAP is under Outlook -> Tools -> Accounts:

Mac Office 2011 Exchange account settings

followed by clicking the "Advanced" button and configuring as follows:

Mac Office 2011 Exchange account secure LDAP settings

Removal of NTLMv1 support

For background, Steve strongly recommends reading this link which was shared to him by the Alexander Van York. This change also broke quite a number of things, including many networked MFPs. Some of the fixes follow:

Konica: log on to the printer ip as administrator (default pw is 12345678), go to network tab > SMB setting > client setting, and change NTLM to V2 only

Ricoh and some Laniers: Marvin Newman shared the solution for Ricoh MFPs. This may require a firmware update. You can tell if that is needed by telneting to the printer and typing in smb. You will get either "syntax error" (needs update) or "Smb client auth 0" if it is fixable on the spot. (this latter note thanks to Keith Baker, CLAS IT Expert)

Dennis Brown reported having his Ricoh set to send scans via e-mail. In his testing, this was not affected by the changes. This solution requires getting the scanner IP numbers added to relay.ifas.ufl.edu.

Removal of support for NTLMv1 also requires changes on Windows XP. This is being handled automatically via a UFAD-domain-incommon GPO for domain joined machines, but non-domain joined Windows XP will need to make the changes by hand according to Andrew Carey:

Steve noted that his Macintosh users are now having various difficulties accessing secured network resources. Perhaps of greatest concern is the inability to access course web sites that have been secured by denying anonymous read access then adding a security group with read access that is populated with the appropriate course group(s). In most instances Safari works, but alternate browsers always fail. Santos Soler had suggested that it might be a certificate issue with Firefox, but so far that is only an assumption.

UF Connect Sharepoint access was also similarly affected. CNS-OSG performed maintenance on that system in an attempt at mitigation. Steve had heard no word back on the success of that, but ad hoc via the ICC-L suggests that non-domain joined computers will need to apply the following fix proposed by Andrew Carey.

Message from Andrew Carey to the ACTIVEDIR-L:
"Re: [ACTIVEDIR-L] NOTICE of Change for UFAD: Compliance with InCommon Silver AD DS requirements is July 29th, 2012." Mon 7/30/2012 11:21 AM

We’ve received several reports of users using non-domain joined Windows XP computers being unable to access domain joined resources following this weekend’s change.

In most cases this can be resolved by setting “Network security: LAN Manager authentication level” in the computers local security policy to “Send NTLMv2 response only. Refuse LM & NTLM” by utilizing one of the three methods below:

Method 1: Edit the Local Security Policy

  1. Click Start --> Control Panel --> Performance and Maintenance --> Administrative Tools --> Local Security Policy
  2. In the Local Security Settings Window: Security Settings --> Local Policies --> Security Options
  3. Find the Policy "Network Security: Lan Manager Authentication Level" and set it to "Send NTLMv2 response only\refuse LM & NTLM"
  4. Restart the computer

Method 2: Edit the registry from a command prompt (recommended for advanced users)

  1. Click Start --> Run --> cmd
  2. In the Command Prompt Window Type: REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v "LMCompatibilityLevel" /t REG_DWORD /d "5" /f
  3. Restart the computer

Method 3: Edit the Registry Directly (recommended for advanced users)

  1. Click Start --> Run --> regedit
  2. My Computer --> HKEY_LOCAL_MACHINE --> System --> CurrentControlSet --> Control --> Lsa
  3. Find the Name "lmcompatibilitylevel" and enter "Value Data" of 5
  4. Restart the computer

Andrew Carey
Computing and Networking Services

Based on some reports he had heard from the counties, Steve expressed his concern that this reghack may be needed on some Windows Vista and Windows 7 machines as well -- though this did not appear to be the case with his own non-domain joined laptop at home running Win 7 Home Premium. Bill Black responded that he thought the county reports might be due to the fact that those machines were joined to a county domain which might be pushing policies that are incompatible with our required settings.

Accessing protected websites

Steve had noted in an e-mail to the ICC that he has various websites, usually class websites, that have been secured by denying read access to ANONUSER on the web server file system and adding an additional security for read access. That security group is then populated with the appropriate course autogroup(s) to control access by registered students.

Since the InCommon Silver implementation, http access from Macs has been problematic. In many cases, the user is prompted for credentials but repeatedly presented with an "improper credentials" message. This has been making it impossible for students to complete on-line courses in a number of instances.

It turns out that Safari works (with only one noted exception so far) but Firefox and Chrome do not. Alex forwarded a message from Joe Gasper that suggested Chrome could be made to work on Linux and Macintosh by running with command-line arguments:

Chrome.exe --args --auth-schemes="basic"

The question, however, is how to implement commandline arguments on the Mac. Steve believes that can be done with Applescript, but does not fully understand the details. Consequently, he is not sure this would be practical for most end-user situations.

Implementing the Mobile Computing Security policy (previous discussion).

Updates as available...

Wake on LAN support coming to campus: (previous discussion)

Updates as available...

New Secunia site license (previous discussion)

Updates as available...

KACE agent deployed to IFAS (previous discussion)

Updates as available...

Domain Policy and redirect duration (previous discussion)

Updates as available...

CNS working to implement NAC for UF wireless (previous discussion)

UFW going away

Notice was put on NETMGRS that: "On the morning of Monday, August 13th, the "ufw" wireless network will be changed to forward users to the same on-ramping site as "ufinfo". At that point the "ufw" wlan will no longer be usable for general connectivity. All users who have not already done so will need to transition to the new "uf" wlan to gain network access."

Antivirus software on Macs

Jimmy Anuszewski had questioned the requirement for antivirus on Macintosh. At the very least he felt that ClamXav should be considered over the Sophos solution that is being recommended. Steve had pointed folks to a Mac Virus/Malware FAQ that offered some good Macintosh security advice and which seemed to back-up Jimmy's contentions. Dan Cromer said that he had passed Jimmy's comments on to the UF security folks.

Jimmy also suggested that it might be time to consider officially offering Macintosh support within IFAS.

Being proactive on switch-over

Dan Miller put out a plea for getting proactive on the switch-over well prior to the Fall term:

Message from Dan Miller to the NETMGRS:
"[NETMGRS] 'ufw' wireless: active session timeouts begin now and sunset is Aug. 13 - please help with user support" Thu 8/2/2012 9:39 AM

IT Support Staff,

This is a reminder of coming wireless changes and a request for assistance. We still have thousands of people using the old 'ufw' wireless system which is scheduled to be sunset on Aug. 13. UFIT is concerned about the current backlog and the coming wave of new and returning students, staff, and faculty. We have just implemented a timeout of active 'ufw' wireless sessions after 2 hours to encourage people to move to the new 'uf' network now. Some users may be upset due to lost work even though we have been sending targeted emails to them for the past week.

Please help us with this transition in the following ways:

  1. Try 'uf' yourself now, and get familiar with the new system. Report any issues you have to the UF Computing Help Desk.
  2. Spread the word to your users through any and all mechanisms, and ask them to work with you before referring them to the UFCHD. Keep working at this through Sept 5 when the NAC PA system will go back into blocking mode.

Apologies for cross-posts. We are trying to get the word out to everyone. Please refer to the email from July 6 "Major NAC Posture Assessment changes coming July 16, Aug 13, and Sept 5" for more details or go to http://getonline.ufl.edu/.


Dan Miller
Network Manager, UFIT

Steve noted that this is going to create a lot of work at the unit level. He mentioned that when his building went Wallplate, he was essentially relegated to being an end-user on his own network. For anything needing to done Steve has to submit a ticket to CNS and CNS staff resolves the issues themselves. Steve feels it a bit ironic that now that local support is required due to central network changes, that there is no hesitation to push down the responsiblity to us for resolving issues. Steve just wishes the entire system was a little more distributed where unit staff could feel valuable at all times rather than only in those situations where we are needed to help with some particular tricky implementation that was decided on by the higher ups.

Disconnect with UF Security?

James Moore pointed out that the NAC posture assessment was not CNS's doing, rather this was mandated by UF Security. CNS is merely putting their box in front of that connection so that everyone has to proxy through it. CNS isn't particularly happy with the situation either because they will be called upon for resolution in a number of situations themselves and will have to relay some of those to the security folks as well. Steve pointed out that there seems to be somewhat of a communications disconnect with UF Security. He gave the example of the Oct 2011 Security Workshop where the presentation ended with this slide:

We're Here to Help.

Steve had sent a number of questions concerning PGP to the specified list and received no response at all. Similarly, Jimmy Anuszewski has recently sent some queries related to posture assessment with the same result. That seems pretty poor.

New wireless is a great improvement in many ways

James said that the new system is great for connectivity and he (along with the rest of us) has enjoyed being able to roam between WAPs without losing connection or having to reauthenticate. The only downside he has noticed with when the edge of darkspots are encountered his smartphone keeps switching between wireless and 4G and thus battery life takes a considerable hit.

Configuration difficulties

Winnie Lante said hat setting up the new wireless appears to be too difficult for most to handle on their own and that foisting this on everyone within two weeks of the start of Fall term is obviously going to cause major problems for many. Winnie reported doing an informal survey while swimming at the pool yesterday. She asked the four lifeguards if they had used the new network; they were all aware that they were supposed to be using that but only one of them had been able to do that successfully before giving up.

Steve asked where we should go if we can't resolve getting someone connected. Winnie said that she had responded to Tim Fitzpatrick's e-mail and that he had said they are working with the UF Computing Help Desk on creating a FAQ; the only problem is that this is needed NOW.

Steve noted that he had created an administrative install point for this at \\ad.ufl.edu\ifas\software\UFwireless. He based that on the IT wiki instructions and has found it to work well in his limited testing. Steve created a readme.txt file describing the process, but basically you run two programs via the command line, passing the appropriate arguments and the laptop will be ready for use. Steve plans to try adapting this to USB use for installing on student laptops--he is hopeful this will make the process quick and easy but would like others to try it and report the results to the ICC-L.

David Blackman noted that the automatic and manual install processes seem to ask for saving connection credentials. He was concerned with how that is supposed to work with multi-user laptops. Steve responded that he has always declined to save the credentials during the install and that the above mentioned administrative install foregoes that altogether. In his limited experience, one can perform the administrative install and then a user will be prompted for credentials upon first connection. Steve does not know, however, whether or not a different user would connect with the original user's credentials if those had been saved. One would certainly hope not.

Steve mentioned having one Mac that just would not connect. It turned out after the meeting that the solution was to delete a particular certificate from the keychain; apparently the bad cert was preventing the connection. Once that was done things worked flawlessly.

UF Exchange updates (previous discussion)

Viewing of attachments in OWA blocked temporarily

Microsoft released security advisory 2727111 that impacts previewing the content of e-mail attachments in OWA. UF has disabled this feature until a patch is released.

legacy.mail.ufl.edu is being decommissioned

Very few have this in their mapi client configuration settings (like two within IFAS overall), but be warned that this temporary name which was used during the migration to Exchange 2010 is going away.

Outsourcing of student email?

Updates as available...

Sakai e-Learning System now in production (previous discussion)

Updates as available...

Alternate IFAS domains in e-mail (previous discussion)

Updates as available...

Electronic Copy - Print Output Cost Reduction program (previous discussion)

Updates as available...

Split DNS solution for UFAD problems (previous discussion)

Updates as available...


New web cluster (previous discussion)

Chris Leopold reported that Santos Soler has been severely side-tracked from his main web migration tasks by having to fix MFP issues related to the inCommon Silver changes.

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM (previous discussion)

MDT 2012

Updates as available...


Work continues on the central SCCM plans.

Updates as available...

Exit processes, NMB and permission removal (previous discussion)

Updates as available...

Re-enabling the Windows firewall (previous discussion)

Updates as available...

Services Documentation: Is a Wiki the way? (previous discussion)

Updates as available...


Moving from McAfee VirusScan to Microsoft Forefront Endpoint Protection? (previous discussion)

Dennis Brown mentioned having used SCCM to build a machine using a package that Kamin Miller had created. He was concerned that this installed FEP and wondered if that was okay. Alex York responded that until we have the UF SCCM infrastructure in place, that FEP will not be an enterprise solution. Using it prior will be the same as installing Microsoft Security Essentials. Alex said that he can show Dennis what to uncheck in order to avoid getting FEP installed.

Print server (previous discussion)

Updates as available...

Recording lectures for Distance Education (previous discussion)

Mike Ryabin asked about the Mediasite Desktop Recorder that Steve had entered into last month's notes. Steve responded that this appliance was something he had heard about and wondered whether or not it might be supported at the UF level, as Steve continues to look for lecture recording solutions for when our existing Accordent Capture Stations must be removed (once WinXP goes end-of-life in April of 2014). Steve had not investigated further however. Mike suggested that he might go through Patrick Pettus to investigate this further and Steve would be interested in anything he might discover.

New DHCP reservation site created (previous discussion)

You are reminded that Santos Soler has created a new DHCP reservation site which you may use to request reservations.

Restoration of back-ups on the file server

Wayne Hyde intends to document and announce proper usage as time permits.

Membership of ". IFAS-ICC" e-mail distribution group to be narrowed to ICC members only (previous discussion)

Steve will keep this as a standing item on our agendas for now as a reminder. The ICC distribution list is more targeted and restricted to IFAS IT support folks only.

IFAS efforts toward Green IT (previous discussion)

Updates as available...

Creating guest GatorLink accounts: singly or in bulk (previous discussion)

Steve had left this on the agenda in case further discussion was deemed warranted.

Can IFAS support DirectAccess in the future? (previous discussion)

Alex York is looking into the possibility of supporting DirectAccess at the IFAS level. While this would provide a wonderful new service for domain-joined laptops, and in fact be a strong impetus for joining some laptops to the domain which we previously had not, it still will not address non-domain joined machines -- both laptops and personal machines owned by faculty, students, and staff. A VPN will obviously still be required and the question is whether or not IFAS wants to maintain an in-house VPN indefinitely.

Moving away from the IFAS VPN service (previous discussion)

Steve pointed out that he prefers "l2tp over ipsec" rather than the Cisco Anyconnect Client because of the way the former functions on non-managed machines. Upon connection with l2tp, network resources can be directly access via their UNC paths. That does not work with the Anyconnect client because the local user account is assumed and the only way present alternate credentials is to map the resource as a drive letter:

mapping a drive in Windows 7

This requirement makes connecting to shared resources considerably more difficult via the Anyconnect client. Since CNS has declared its desire to eventually remove the l2tp VPN access, Steve feels IFAS should consider maintaining their own solution--but hopefully one that would provide private IPs rather than public numbers.

VDI desktops as admin workstations (previous discussion)

Updates as available...

Wayne's Power Tools (previous discussion)

Updates as available...

Computer compliance tool in production (previous discussion)

Updates as available...

Folder permissioning on the IFAS file server (previous discussion)

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age (previous discussion)

This is yet another matter for which finding time for implementation is proving difficult. Steve wants folks to remember that Andrew Carey had a good plan for dealing with this which perhaps Alex can find the time to address eventually. In the meantime, it would be very good of each OU Admin to consider mimicking the proposed plan manually by keeping their own records and deleting any computer object which have been disabled for 90 or more days; Wayne's Power Tools can identify those. Steve has finally begun doing that for his own unit and it has made his view within ADUC much more agreeable.

Since BitLocker stores its keys within the computer object in UFAD, Alex York and Chris Leopold are considering scavenging those keys for secure storage elsewhere. That would provide a fallback for decrypting a drive should the associated computer object be deleted.

Core Services status (previous discussion)

Updates as available...

ePO updates (previous discussion)

Updates as available...

Status of SharePoint services (previous discussion)

IFAS migrating to centralized MOSS

Updates as available...

Public folder file deletion policies and procedures status (previous discussion)

Updates as available...

Patching updates... (previous discussion)


The August Microsoft patches will include 9 bulletins (5 "Critical," and 4 "Important") addressing multiple vulnerabilities in Microsoft Windows, Internet Explorer, Exchange, SQL Server, Server Software, and Developer Tools.

McAfee provides podcasts on the highlights of each month's offerings.


Flash ActiveX 11.3.300.268 was released late last week. It fixes an issue where the FlashPlayerUpdateService was crashing on many systems. But wait! They soon updated that to 11.3.300.269 and now I hear they've got 11.3.300.270; it's enough to make you dizzy! The latest secure version is still 11.3.300.257.

Adobe has announced plans to release security updates for Adobe Reader/Acrobat this patch Tuesday.

Cyber Self Defense Class Via Videoconference

Message from Dan Cromer to the IFAS-Announce-L:
"Announcement - Cyber Self Defense Class Via Videoconference" Tue 8/7/2012 3:18 PM

Cyber Self-Defense Class
Via Videoconference
Thursday, October 25
2pm – 4pm

The popular UFIT “Cyber Self Defense” class will be held via videoconference on Thursday, October 25.

This is a great opportunity for UF and affiliated staff around the state to learn about a variety of safety and personal information security issues when going online.

Do you use the Web to make purchases? Do your kids spend a lot of time on social media? Participate in this session and find out more about safe Web browsing, encrypting and backing up files, email, and wireless security.

UF information security engineer Derrius Marlin leads an interactive discussion on topics that get participants thinking about how to protect both personal and work-related information.

Videoconference ports are limited!
To register email UFIT Communications (it-comm@ufl.edu) with:

  1. The name of the UF Department/Extension Office – Include name of county
  2. Technical Contact (Name, Email Address, Phone Number)
  3. IP Address for Videoconference Connection

A confirmation email will be sent, followed by additional course information, handouts, and connectivity information the week of the class.

MS Office News update (previous discussion)

Updates as available...

Job Matrix Update status (previous discussion)

Updates as available...

Remedy system status (previous discussion)

Updates as available...

Other Topics

WINS removal

Chris Leopold said that WINs is going away at the UF level on September 16th. His recommendation is to remove it on our machines sooner rather than later, especially since we have moved our DFS to FQDN now. The only issue he could see might be with some very old applications. Steve asked if Chris had talked to Joe Hayden about that as Steve suspects Joe might be one of those potentially running such things.

Windows Update Errors

Francis Ferguson asked if anyone had been getting Windows Update errors. He has seen this with a number of machines lately that he was trying to patch; these were machine that he had not yet joined to the domain. The errors were eventually resolved by shutting down and restarting several times but he has no idea why they occurred or exactly what resolved them. No one else reported having seen such a thing.

Dennis Brown mentioned that his assistant, Jeanne Tucker, had supposedly fully updated machines after a rebuild, begun copying files back, then had the copy interrupted by a reboot forced via WSUS. A number of folks responded that they reboot and rerun a manual Windows Update yet again to ensure all patches are installed first before proceeding. Sometimes there are dependencies whereby one patch is not needed until another one has been done.

Getting IFAS to officially support Apple

Jimmy Anuszewski asked how one might go about getting IFAS to officially support Apple products, since he is seeing more and more students and staff using those products. Steve pointed out that the official means for doing this would be to build a consensus at the ICC level, have us draw up a formal recommendation which Dennis Brown would take to ITPAC as our representative. Should ITPAC approve that recommendation, then it would be up to IFAS Administration whether or not the IMM would be modified to so declare. In Steve's experience, this process is much like walking barefoot on hot coals, but somewhat less satisfying in end result. Steve noted that he supports Apple products locally via a knowledgeable local staff member; he suggests doing this for one's own unit is the way to go rather than trying to turn the entire IFAS system that direction.

WordPress (previous discussion)

Chris Leopold asked if anyone had heard about a de-emphasis on WordPress at the UF level. Jimmy said that this was discussed at the last Web Administrators meeting. Most felt that whatever UF decided on centrally would have little effect on what they were doing currently. There was very little expectation that any CMS would be widely successful here at UF.

We re-discussed the difficulties of backup/restore with mySQL and John Wells said that he is okay with the potential loss of a day or two of data. He feels the applicability of WordPress to their needs overrides these other potential issues.

WebDAV and VDI announcement pending (previous discussion)

Updates as available...

Big Blue Button proof-of-concept server (previous discussion)

Updates as available...

Results of GPO disabling for non-portable devices (previous discussion)

Updates as available...

The meeting was adjourned on time at about noon.