ICC logo IFAS logo

ICC Meeting:



A meeting of the ICC was held on Friday, September 11th, 2009 in the ICS conference room. The meeting was chaired and called to order by Steve Lasley at about 10:00 am.

PRESENT: Eighteen members participated.
Remote participants: David Baudree, Tom Barnash, Micah Bolen, Dan Cromer, Kamin Miller, Louise Ryan, and Daniel Solano.
On-site participants: Benjamin Beach, Bill Black, Dennis Brown, Andrew Carey, Francis Ferguson, Wayne Hyde, Winnie Lante, Steve Lasley, James Moore, Santos Soler, and Wendy Williams.


STREAMING AUDIO: available here.


Agendas were distributed and the sign-up sheet was passed around.

Report from the chairman

Member news:

Steve knew of no memberships changes since our last meeting, but Dan Cromer reported that Daniel Solano is now working a split 50/50 position for Food Science and Human Nutrition and the IFAS Help Desk. At the Help Desk, Daniel will be supporting some of our network infrastructure by assisting Dan Christophy in defining printers and keeping them going. He will also be involved in deployment processes. This was supposed to begin the first of July but there have been some difficulties in getting the paperwork through apparently.

Steve said that this was wonderful news as he knew that Dan Christophy and Ed Steele could certainly use the assistance.

Recap since last meeting:

As per his usual procedure, Steve pointed folks to the notes of the last meeting, without going into any details.

Videoconferencing and WAN discussion

[In order to make meeting participation more efficient for Patrick Pettus and James Moore, these two topics have been moved to reside the top of our agendas.]

Videoconferencing topics (previous discussion)

Integrating OCS with Polycom

While still in investigation mode, some progress has been made. Dan Cromer pointed out that the Codian bridge is now available via OCS. By typing "at-svc" in the name box and selecting the item "AT-SVC-VCS-CDMCU-3":

Access the Codian bridge via OCS

By right-clicking on that connection and initiating a video call, one gets to the Codian Auto-attendant:

Access the Codian bridge via OCS-part two

You may then use the "dial pad" tool as shown above to enter "1111#" to connect to a conference. For now that is a fixed conference number for testing purposes. The currently plan is to create a number of such conference IDs which may be used for various "Meet Me" conference purposes. Via Polycom, one may connect to this test conference by dialing

Currently we have two production Codian systems with 40 ports each. This test has been set up on a third system. There is a concern that we may run out of available ports if OCS begins to be used too widely for this purpose. The two production systems can be joined together, but doing so takes a port on each leaving a total of 78 ports. Dan will be meeting with Mike Conlon, Fedro Zazueta and a Health Science Center representative to look into cost sharing to expand our bridging capabilities to permit up to 200 OCS connections at one time. The cost for that would be about $115,000 (with redundancy); whether that money can be arranged this year is not yet known.

Polycom CX5000 table-top camera/mic system

Dan Cromer stated that he has acquired a Polycom CX5000 system which "easily adds group video collaboration to Microsoft Office Live Meeting 2007 and Microsoft Office Communications Server 2007" according to Polycom literature. This device has five cameras in a circular arrangement and is meant to sit in the center of a table, with participants surrounding it. It displays the output of only one camera at a time, however, auto-focusing on whomever is talking. The device also has six microphones as well. This device was designed by Microsoft and was licensed to Polycom for production. The asking price is not cheap--$4100 or so.

This device must be connected to a computer via USB and it serves as the camera for an installation of OCS. The device also has its own network connection but works fine without using that. Dan is still trying to find out its purpose. The device additionally has an in-built SIP phone which Dan has yet to investigate. It occurs to him, however, that one may be able to assign the device a SIP phone number. It also supports a standard RJ-11 phone connection. Dan will be testing this to see how well it fits in with the things we may want to do.

End-user Scheduling

Patrick Pettus was unavailable so Steve asked Dan Cromer if he had any updates on this. Dan responded that Patrick has been out a good bit lately due to illness and that this project has fallen behind.

End-point documentation / help brochures

Dan Cromer mentioned that Patrick is working on fold-over Polycom guides (8.5" x 11" heavy paper folded in half) which can be custom printed from their database. One side will list device specific info about the particular end-point (IP#, device type, extension, etc.); the other side will have usage guidelines such as "always mute your mic when not speaking".

WAN transition to CNS (previous discussion)

SLO approved without input from ITPAC

The subject of the SLO was presented only as an informational item and not as a policy matter for consideration by the committee. An annual report on the IFAS WAN was presented by Dan Miller as well.

Updates from James Moore

James mentioned that, in researching past records, he discovered that many outages were not due to circuit cuts or equipment failures, but rather coincided with planned maintenance windows by Brighthouse. Changes they made during those frequently resulted in lost connectivity. James said that discussions will occur to see if that aspect can be improved.

There was a major outage at the NAP of the Americas affecting both Ft. Lauderdale and Ft. Pierce this morning. There was a power outage which put the FLR equipment on DC power. When there is a major outage like that, a lot of the providers begin shutting down their equipment to protect it from a surge as the downed circuits are worked on. That leads to longer overall delays before connectivity is restored.

CNS is now looking at next year's budget and determining priorities. James is working with Francis Ferguson to triage his district and locate some of the areas most in need of upgrades. James has made replacement of the older 827 series routers a priority, but the routers at 45 of the CEOs, all older than the 857 model, will be replaced. Thirty-eight of the CEOs will get new switches but the remainder will have to be covered under remediation.

A full LAN upgrade will be done at Quincy replacing the HP equipment currently in place. Balm will be getting an upgrade and Belle Glade's upgrade should run sometime next week or the week after once Chris Leopold returns. This is off last year's money. James said that Homestead is replacing some of their LAN equipment as ports on their HP switches have been lost to lightning and James is also trying to eliminate "transparent" devices like media convertors as well.

CNS has decided to do a full LAN upgrade at Marianna as well in support of the new Star2Star VoIP service being installed. James has a new 1841 router ordered and this will be their first experience bringing in two provider connections to implement load sharing with QoS for voice and video back to campus.

They are looking at circuit upgrades with Kevin Hill for Immokalee. Citra and Milton have been given the go-ahead for new circuits by Dan Cromer. James will be working with Nick Smith at Milton on that.

James conjectured that next year we can replace the rest of the LAN equipment and hopefully start looking at wireless rollouts. This latter step will require considerable study to determine if there are technical workarounds to the authentication issues which UF wireless entails. James expects to have updates on the wireless plans by our next ICC meeting.

The IFAS WAN comes to campus

Steve mentioned that Entomology's Honeybee Lab will be getting a DSL connection with a CNS managed router, creating the first "on campus" extension of the IFAS WAN.


The new ICS?

After getting a much abbreviated picture at ITPAC, Larry Arrington's IFAS-ALL-L memo on the ICS reorganization was surprising to Steve:

Message from Larry Arrington to IFAS-ALL-L:
"IFAS Information and Communication Services"
Fri, 28 Aug 2009 08:28:12 -0400

This is to inform all UF/IFAS employees about the transition and reorganization of IFAS Communication Services, External and Media Relations, and Information Technology. On July 1, 2009, these units were merged to become IFAS Information and Communication Services (ICS) under the direction of Jack Battenfield.

This reorganization will continue for several months, and will follow the objectives and expectations established last year by the Web Working Group, i.e.:

  • Improved IFAS Web presence, distance education, training, and development of new efforts;
  • Greater use of technology for more efficient teaching, research, and extension communication;
  • Integration of staff for enhanced efficiency, training, backup and support; and
  • Increased revenues and cost savings.

The new unit is organized with three key function areas:

  • Web Development and Creative Services, coordinated by Tracy Bryant;
  • Technology Support, coordinated by Dan Cromer; and
  • E-Learning and Distance Education, coordinated by Ron Thomas.

All information technology and communications professionals in this new unit are expected to have overlapping functions and duties, with responsibilities in the following areas:

  • Web-based education (e-learning);
  • Integrated marketing, public relations and branding;
  • Integration, organization and dissemination of all information within IFAS and UF;
  • Technology innovation and training;
  • Professional development (assisting faculty with the application of technology);
  • Webpage development, maintenance and analysis; and
  • Communication support and innovation.

We look forward to a smooth transition and new direction that will improve the quality of information technology, communications, and external relations. We also thank Ashley Wood, who retired July 31, 2009, for his nearly 40 years of outstanding service and leadership in IFAS.

Steve was surprised by the organizational chart which this memo suggests. The core of IFAS IT has been relegated to a functional subset of the newly merged unit and is now termed "Technology Support" with Dan Cromer as "Coordinator". The groups comprising this newly named "Technology Support" function, however are neither mentioned nor linked from the IFAS Information and Communications Services web site currently.

While Steve cannot envision how the proposed overlapping of functions and duties across all personnel could possibly work, his greater concern is the apparent marginalization of core IT functions. Those appear to Steve to have been assigned an "out-of-sight out-of-mind" status, which is exactly the opposite of what he believes to be a healthy situation for continued progress toward the very goals which the memo sets. Further, those goals require resources which do not seem forthcoming nor obtainable via any foreseen improvements in efficiency.

Course Management System Conversion to Sakai 3 (previous discussion)

Steve pointed out again that the UF IT web site now has a Projects tab which includes documentation on a number of ongoing projects, including the CMS Conversion to Sakai.

myuf Market (previous discussion)

Is it IE8 compatible as is claimed?

Steve pointed out that Michelle Quire claimed at the last ITPAC that IE8 was not compatible with myuf Market--even in compatibility mode. Dan Cromer responded that Michelle was working directly with someone at Bridges to investigate that, but he had not heard the resolution.

Steve received an update on this from Michelle the following day:

We are working on scheduling a web meeting with the SciQuest people. I have run several tests with the people at Bridges and I have not been successful in running a fully successful test through a complete purchase.

I still hold firm to my stance that IE 8 does not work 100% with myufl market place.

The answer I have gotten so far has been that the vendors do not have their sites up to par with IE8 and the problem is not on the UF side of things. Well that is great, but if we have to go out to the vendor sites to make the purchases through myuf marketplace, then it certainly is going to give the appearance to the "average" user that myufl market place is the issue. The average user is not going to understand that it is not UF that keeps up with these websites.

Donna McCraw added later via e-mail:

I was just reading your notes from the last meeting about IE8 problems with myUF Market. I went to the PeopleFirst web site today, and there is a notice at the top that says their site is not compatible with IE8.

There is a link to Alert 225 for more information. Very interesting. I haven’t tried compatibility mode yet, gotta find my userid and password first.

UF IT Action Plan (previous discussion)

This topic marked for removal from our agendas

Now that the plan has been accepted and http://www.it.ufl.edu has been recently re-vamped to includes a good deal of information about the reorganization, Steve feels this matter can be dropped as a standing item from our agendas. Note that current documentation includes new sections on Governance and Projects.

After the meeting Dan Cromer shared other related news:

from Chuck Frazier's "Open Letter to UF IT Staff" in the September 2009 "IT Connections" newsletter...

"At his fall State of the University address last week, President Machen announced a number of the changes occurring outside IT including replacement appointments of new senior administrators in several areas. He also announced searches that will begin soon to fill other administrative and faculty positions. Adding to that list, President Machen announced today that a national search for a new UF CIO will begin immediately. This search (not a new position) follows from and is a capstone of a year in which the 2009 Information Technology Action Plan (ITAP) was developed and adopted. The ITAP integrates core and distributed IT components throughout UF in a single organization. A key part of completing that plan is the appointment of a UF CIO to lead and manage the new IT organization. The UF CIO will have the title of Vice President and CIO and will report through the Senior Vice President for Administration Brian Beach. Two senior administrators have agreed to co-chair the CIO search. They are Paul Robell, Vice President of the UF Foundation and Paul D’Anieri, Dean of the College of Liberal Arts and Sciences. Committee members and a search firm will be announced soon."

"Other important searches are either underway or are soon to begin. These include a search for a UF and Shands Health System CIO. This position will oversee IT in the Health Science Center and Shands. As with the IT lead in each of the four Senior VP areas, reporting is to the Senior Vice President for Health Affairs David Guzick with a dual-report line to the UF CIO. The dual-report to the UF CIO is for purposes of facilitating University-wide policies, standards, and coordinated administration of core and locally provided IT infrastructure, systems, and services. Also to begin soon are searches for an Information Security Officer and a Director for University Systems. Both of the latter searches are identified as new divisions or departments under the ITAP. Both will have University-wide responsibility and will report through the UF CIO."


"On the management side of things, we have restarted periodic meetings of the UF Campus IT Directors Group. This group met once in the summer and will continue to meet bi/monthly throughout the year. The goal is to regularize a setting for information sharing and opportunities for coordination and collaborations. For the core unit directors and the IT leads from the four Senior Vice President’s areas, we have formed the UF IT Managers Council. This group has been meeting regularly on a bi/weekly basis through most of the summer. Going forward, we will move to a once a month meeting schedule. The new managers hired to lead the Information Security and Compliance Office and the University Systems Group will also be a part of this group."

UF Exchange Project updates (previous discussion)

Fax services?

Steve asked if anyone had looked into the FAX services which Erik Schmidt had mentioned in a CCC list posting a couple of weeks ago. Apparently, FAX integration with the UF Exchange system is currently in limited production and is being worked towards implementation on a larger scale.

Dan Cromer responded that a third-party product was purchased by Bridges to meet their own needs. Health Sciences wanted to implement this as well and began discussions with CNS. CNS was somewhat reluctant to proceed immediately so the Health Sciences Center bought the product themselves and it is in production for their use. Broader availability is being researched though Dan was not aware of the timeline. This allows one to send a FAX directly from Outlook via a "printer". The discussions have been that for a ~$5/month charge one could have a telephone number assigned as your fax number and images received would be available via Outlook.

Office Communications Server

At Dan's suggestion, Steve began using OCS at the ICC meetings for out-of-band messaging. Anyone who wishes to submit questions and comments during the meeting is encouraged to use that.

Split DNS solution for UFAD problems

Steve wants to keep this on the agenda for future reference.


IFAS WebDAV implementation

There continues to be no progress on the documentation which was to happen prior to announcement. Since this has never been formally announced, the matter remains on the agenda as a standing item.

Windows 7 Deployment via the WAIK, MS Deployment Toolkit 2010, USMT 4.0, WDS, and SCCM

Windows XP deployment

Daniel Solano has developed a "universal" Windows XP SP3 image which he is offering to make available for all IFAS. It includes:

  • McAfee VirusScan Enterprise 8.7i Patch 1
  • Microsoft Office 2007 (Without Groove)
  • Gatorlink/Cisco VPN Client v.
  • Adobe Reader 9
  • Adobe Flash Player 10
  • Adobe Shockwave Player
  • Microsoft .Net Framework 3.5 SP1
  • Microsoft Save as PDF or XPS Add-in for Office 2007
  • Microsoft Silverlight
  • Quicktime 7
  • Real Alternative 1.9.0
  • Windows Media Player 11
  • Java 6 update 15

Daniel said that he has been using this image in Food Science for about two years. It has worked on pretty much every computer model he has purchased, though has stuck mainly to the common Dell offerings. He has tried it on some Gateway and Sony and Lenovo machines and it seems to work there fine as well. It can be updated to support new drivers as needed, but drivers may of course also be added individually upon boot after loading the image as well.

Daniel's idea is to have this available for deployment along with a base Windows 7 image via Microsoft System Center Configuration Manager once we have it in place. Steve asked if this could be added to WDS in the meantime without too much bother; that would permit PXE booting in order to load the image w/o the use of optical media. Andrew Carey said he could look into that, but didn't want to spend a great deal of time should it prove difficult, as SCCM was the long-term plan. Andrew admitted, however, that he wasn't certain of the status of WDS currently as it has received very little use.

Steve asked Daniel about how often he has had to update that image, as updating involves the fairly time-intensive process of loading the image on a reference machine, installing whatever is necessary, sysprepping and then reimaging. Daniel responded that he hasn't done that very frequently--perhaps not as frequently as he should. He did feel that monthly updates, for example, would be excessive and unnecessary. As long as the image has the major patches, the time savings in deployment is enjoyed regardless.

Steve asked about preparing the ePO agent for imaging (ufad\if-admn credentials required), but Daniel responded that he has avoided that to-date by not including the agent in the image.

Steve mentioned that his understanding of SCCM was that it could handle application deployment. Down-the-road with Windows 7 we might want to look at leaving applications off the image and utilizing that feature. Daniel responded that this was indeed his goal as well. Steve asked Andrew if he had been using SCCM with the server rollout. Andrew said that he has been looking into it but has not had nearly as much time to devote to that as he would like.

Windows 7 deployment

Steve pointed out that the Microsoft Deployment Toolkit 2010 was released a couple of days ago. The Group Policy Settings Reference for Windows Server 2008 R2 and Windows 7 is also available. This is an easily filterable spreadsheet which includes all the GPO settings along with the registry keys that implement them.

Exit processes, NMB and permission removal (prior discussion)

Nothing further was available on this topic at this time.

Re-enabling the Windows firewall

This issue has been moved up in priority due to a newly reported vulnerability which apparently will not be fixed in Windows XP. A firewall is deemed the appropriate mitigation, but we have had that disabled via GPO for the last five years.

Wayne Hyde has begun looking into this afresh but had been somewhat stymied by the poor firewall implementation on Windows XP. There is no way to blanket specify "accept all traffic from a location except on this port or ports". Consequently, you have to open up individual ports.

Wayne is currently trying to work out some communication issues, as he is seeing dropped packets from DCs and even the file cluster. It appears that WinXP is doing an LDAP query or some other kind of a connection to a DC and then immediately closing the connection; thus when the DC tries to respond the packet is dropped. Hopefully this is traffic that is not critical and can be dropped, but Wayne is still investigating that aspect.

When applications are installed they frequently create exclusions in the firewall so they can communicate as needed. Wayne is concerned that those settings get configured and are retained even when the firewall has been disabled as has been the case with IFAS. The exceptions included in a machine's firewall configuration may be viewed via a "netsh" command:

firewall exceptions

Once the firewall is enabled, it is hoped that all these exceptions will be implemented; otherwise a huge mess would result. Note that there are separate Standard and Domain profiles; Wayne intends to make the Standard profile (which is used when the machine is off our network--laptops for example) to be more strict.

Steve mentioned that he really didn't see how the Windows XP firewall could be very effective against the sorts of DoS attacks mentioned in any case; as long as any traffic is allowed from the world it would seem to him that an attack is possible. Wayne responded that the great majority of our machines being on private IP helps a lot--limiting such attacks to among internal machines. With lots of laptops hooked up to non-WIPA ports, however, the potential will exist.

Wayne is creating two GPOs; one with the firewall rules and the other to re-enable the firewall. That way we can link the firewall rules first and link the other GPO more incrementally department by department. Once everyone in on-board, the rules will be moved into the co-managed computer GPO as our long-term solution.

GPO for firewall settings

Wayne then went through some of the settings. There will be separate settings for WinXP and Vista/7 due to their different capabilities. File and printer sharing is going to be enabled for pretty much all campus IPs plus the local subnet. He still needs to test whether "localsubnet" in the IP list truly limits things to a unit's /23 or /24 subnet; the documentation isn't quite clear on that.

Settings will be configured to allow remote administration (like MMC and PsTools) and remote desktop connections will be permitted from anywhere. Wayne had thought about limiting it to UF IP space including the VPN, but knows of cases where that would not work. Initially Wayne plans to log dropped packets and successful connections; he will likely drop the successful connections logging once this is deployed and working. Should someone complain of an application not working you can see what is going on with a machine by viewing the file at c:\windows\firewall.log. There is a setting that controls displaying of connection attempt notification via the system tray but those are prevented by default. Consequently, you will need to use the log for clues to connection problems.

You will also be allowed to make local exceptions on an individual machine (Control Panel > Windows Firewall) so you can fix unique issues which may arise:

local control of firewall settings

The ICMP exception is enabled to allow pinging of computers.


Moving away from the IFAS VPN service

Questions of need remain

Steve failed to mention this topic during the meeting, but he did hear recently from a UF librarian, Michelle Foss, that she had been giving a presentation at a remote site which required VPN connection in order to access library resources. During that she found out about the IFAS VPN because the individual using that was the only one who could successfully connect to resources from that remote connection. This same issue had been reported by Joe Hayden for one of our remote locations. We obviously need to investigate these reports more thoroughly.

The IFAS VPN assigns public numbers currently

Santos Soler also pointed out to Steve after the meeting that the IFAS VPN utilizes public numbers. This was news to Steve as he had believed that vpn2.ifas.ufl.edu was public and vpn.ifas.ufl.edu private. Apparently those now point to the same location and public numbers are the rule. Steve believes this should be changed ASAP, and Santos recommended advising folks to enable their firewalls when connecting via the IFAS VPN.

Wayne's Power Tools (previous discussion)

Wayne has put these on the back burner due to other more pressing needs. He mentioned that users of these tools should contact him or Santos Soler if they receive an error; these tools stress the application pool on IF-SRV-WEB and the site sometimes has to be cycled to clear that.

Folder permissioning on the IFAS file server

You are reminded to please take the time to read and implement the new standards. If you have any questions get with Wayne or Steve.

Disabling/deleting computer accounts based on computer password age

As with so many things in these times of inadequate staffing, finding time for implementation is proving difficult.

New MPS/DC testing -- access by unit-level administrators

Steve once again failed to ask, but Andrew certainly continues to work on this.

Core Services status

This topic remains as a standing issue, but was not discussed this month.

ePO updates

New dashboards implemented on the ePO console

Wayne Hyde recently updated some of the dashboards on the web-based ePO console. Wayne had posted a message to the ICC-L regarding this:

Message from Wayne Hyde to ICC-L:
"ePO dashboard changes"
Thu 9/3/2009 10:50 AM

I changed a two of the panels on the “Detections (day/week/month)” dashboards. The top-right panel is now a list of the top-100 computers with detections under \WIN* (drives C thru H, covers \WINNT and \WINDOWS). The bottom-right panel now shows the top-100 computers with On-Demand Scan detections.

If you see hosts on the “Detections in \WINDOWS” panel, please investigate them as malware has most likely already infected the computer. If you see the same file being deleted repeatedly, it is a good indication that there is some other mechanism that is re-infecting the machine and it may need to be wiped. “Nuke it from orbit, it is the only way to be sure.”

The on-demand scan detections will only show detections from the various ODS tasks run in McAfee AV. This may be user scheduled or by ePO policies. Soon enough you’ll be able to schedule your own ODS tasks using tags in ePO.

I will see about creating a new dashboard with trending information to show detections over time periods, etc.

You can also run these queries manually under Queries -> Shared Groups -> WPT

Steve brought up the console so Wayne could demonstrate the new dashboards. Steve complemented him on these improvements. It helps greatly to weed out some of the noise of the many events and to focus on those which are likely most critical. Wayne mentioned that we need to hone our deployment tools and get data off the local machines so that infections can be more easily dealt with by a rebuild; that is the direction we need to head with handling the inevitable infections which will no doubt increasingly occur.

Managed ODS have been instituted

Wayne has instituted two on-demand scans (ODS) which can now be viewed via the local VSE console (except on Windows 7 apparently):

managed ODS tasks

One is set to do a quick scan of more critical areas daily at 5 AM, but he has also added a weekly full scan on 10:30 PM each Friday. This latter scan stops the task if it runs over 3 hours and if you are on battery power or have a presentation running (on 8.7). it The good news is that these scans detected less than he had feared.

Wayne mentioned that when PWS detections are seen, you should warn the users involved to change any passwords they may have entered using that machine as those are password stealing programs. Many of these just steal games passwords, but care is urged.

VSE 8.7 patch 2 is due out by end-of-month

Wayne mentioned that users won't see much effect, but that this should improve a number of things from the server side. Dan Cromer reported an issue on Windows 7 where VSE installation asks to disable Windows Defender. Wayne said that patch 2 will support Windows 7 and addresses that issue.

Wayne had also mentioned that McAfee has released a new 5400 scan engine, which he is testing prior to deployment.

Question about rootkits

Dennis Brown mentioned having read that some rootkits cannot be removed via a simple reformat. Wayne responded that boot sector infections would conceivable survive that. There are also rootkits which hang out in the BIOS. There are always ways to get rid of these, but it certainly will be annoying if they become at all prevalent.

Status of SharePoint services (prior discussion)

This aspect was not covered this month but will remain as a standing item for future discussion.

Public folder file deletion policies and procedures status

Nothing further was available on this topic at this time.

Patching updates...


The September Microsoft patches include five critical updates for Windows. A podcast summary of these patches is provided by "Security Bulletins for the regular IT guy".

MS Office News update

No news to relate.

Job Matrix Update status

This is here as a standing topic--no discussion this month.

Remedy system status

Steve wants to leave this matter as a standing agenda item for future discussion.

Other Topics

Snow Leopard includes built-in support for Exchange 2007 (prior related discussion)

It would appear that an OS upgrade may be the easiest way to improve Exchange 2007 access for Macintosh users. Francis Ferguson reported that he had spent quite a bit of time in an Apple store lately trying to get a Mac mini repaired; while there he noted that copies of this new OS are "flying" off the shelves.

Fergie also noted that Apple has no sympathy for individuals who drop or otherwise damage their iPhones. Such user-caused damage is absolutely not covered in their warranty. He urged any using those to get a protective case as it will be money well spent.

Wendy Williams mentioned having heard of a problem with the latest iPhone OS 3.1 upgrade at the Department of Medicine where they have encryption enabled. After the upgrade the phone reported that encryption wasn't active which deleted the account on the phone and wiped out all the contacts and email. This has since been resolved apparently via changes on the server side.

According to an EnGadget post by Donald Melanson, this...

"upgrade can now enforce the Exchange ActiveSync mailbox policy requiring encryption on the device, which just so happens to only be supported by the 3GS (guess that "S" stands for more than just speed). Not surprisingly, the only solution for non-3GS users is to contact their Exchange Server administrator and hope that they're willing to change the policy to no longer require device encryption."

After the meeting Dwight Jesseman reported not understanding this part of the discussion as UF Exchange has never required encryption and there have been no changes since the settings were first applied. Here are the settings for the ActiveSync policy:

UF Exchange does not require encryption

PDF-Xchange (prior discussion)

Andrew Carey reported that he had received a quote on licensing of this Acrobat replacement. The cost for all of campus would be only $3000. Unfortunately, the company would require a "Corporate County Pack" to support all our remote sites across the state, which would run $13,500. Even though that price tag may seem a little steep, consider that according to LanSweeper IFAS has 307 installations of Acrobat Professional 9 and at the UF price of $62.03 per installation, IFAS has spent $19,043.21 on Acrobat 9 since it was released (June of 2008.) Adding $3,375.00 for two additional years of maintenance would still be a savings over what is currently being spent and would allow us to upgrade to new versions for the next three years FOR ALL USERS.

Steve pointed out that when costs are pushed out to the leaves of the tree, the trunk doesn't care. The $19,000+ spent by individuals within IFAS is not a direct concern to central administration, whereas the $13,000+ cost is likely seen as prohibitive from a central standpoint. Unfortunate, but true.

Steve said that the nice thing about this application is they have a portable version which does not require installation. Consequently, you can place that on a file share and make it available to all in an easily updatable fashion. Andrew mentioned that if there was interest we could put deploy the free reader; Joe Gaspar has a GPO for that which we could utilize.

All Windows 2000 machines should be on private IP

Dan Cromer wanted to reiterate this point which had been posted to the ICC-L and was pertinent to our earlier firewall discussion.

Machine administration is to be done via IF-ADMx accounts

Dan Cromer wanted to remind people that OU Admins should not be adding their Gatorlink accounts to the local administrators group on the machines in their units. While exceptions are allowed for an OU Admin's individual work machine, doing that broadly is extremely poor practice. It runs the potential risk of compromising all machines across an OU. While they can be a bit difficult at times, there is a very solid rationale behind using our OU Admin accounts (ufad\if-admn credentials required).

Directory coordinators should not be an IT function

Dan Cromer said that there is a current effort to separate out the NMB setting role and provide that to IT folks, so that we can do that portion of the job without needing be Directory Coordinators in the broader sense. Steve asked if these roles would be applied for us or if they would require a request. Dan wasn't sure, but seemed to think that requests would need to be made via our units' DSAs.

IT staff awards being planned

Dan Cromer related that plans are underway to create UF IT awards as proposed by Chuck Frazier. Eight awards are planned, one from each of the four Senior VP units and four others from CNS, AT, etc. There would be a single overall selection as well which would then be included as a candidate for the annual UF-level Superior Accomplishment Awards. This is planned to start rather soon, in October.

Further information is available in this month's newsletter:

from Chuck Frazier's "Open Letter to UF IT Staff" in the September 2009 "IT Connections" newsletter...

"Finally, and generally under the heading of engagement, plans are moving forward for a fall assembly. The primary purpose of the fall UF IT Assembly is a social gathering to kick-off a new year and to recognize and celebrate service by IT employees. Expect an announcement on this soon with the target date being October 29th, 2009 in Emerson Hall from 3:00 PM to 5:00 PM. Recipients of the 5, 10, 15, 20, 25, 30 and 35 year pins will be recognized as will the recipient(s) of the 2009 UF IT Outstanding Service Award."

All class materials should be on-line

Dennis Brown reported that one of his faculty came to him mentioning a message which all faculty received from Dean Barrick. The message indicated that all class materials should be posted on-line due to the anticipated flu epidemic. It was discussed that compliance will be the issue there as only those doing so currently are likely to comply.

There is a posting relative to this on the e-Learning Support Services site in the news section of the front page:

Instructors: Please be aware that the form to request new course accounts has been disabled temporarily while LSS staff are creating course accounts for all courses and sections not currently in the E-Learning System for pandemic planning. Because all courses are already being created, there is no need to request accounts for the Fall 2009 term. By Monday, 14 September, you will find your Fall courses simply by logging into E-Learning with your GatorLink username and password. As soon as things settle down in the world of pandemic planning, we will restore the form for instructors who wish to request accounts for Spring 2010 and after. Thanks for your patience!

There was additional information pertinent to this topic from Chuck Frazier

from Chuck Frazier's "Open Letter to UF IT Staff" in the September 2009 "IT Connections" newsletter...

"Anything that happens in the University impacts IT in some way, and vice versa. So, as we start this new semester, it is critically important for all of us to be thinking about and preparing for the H1N1 virus. Academic Technology, in cooperation with the Provost’s Office, has developed a plan to assure that all courses and all sections taught this term have the capability of delivering content to students electronically. More detailed information will be forthcoming in the next couple of days from the Provost’s Office and the Office of Student Affairs. A resource web page can be found at www.at.ufl.edu/flu."

The meeting was adjourned early at about 11:30 AM.