Are you tired of patching your computer? Unsure of where one worm ends and the other begins? Do you wish your software were somehow always up-to-date? Let Information Technology do the work for you with Microsoft’s Software Update Services!
Software Update Services (SUS) builds on Microsoft’s Automatic Updates client to automatically distribute critical security patches for Microsoft Windows 2000, Windows XP and future Microsoft operating systems on the campus windows.uwyo.edu domain. Microsoft digitally signs each update, and for security, Automatic Updates downloads only those software patches that it verifies as authentic. Automatic Updates runs in the background at night and performs updates without the need for you to be at your computer, so you can use your computer as usual during business hours.
Currently SUS provides only security patches. As the technology matures IT will be able to roll out other types of patches to provide more complete protection for all computers within the windows.uwyo.edu domain. In the meantime SUS can help you make sure that security patches are installed in a timely manner on the computer you use.
There are major benefits to UW with this service. A computer, blocked from the Internet because it is lacking security patches, can choose to opt in to the SUS service and have patches applied from a local source. Having Windows security patches centrally managed will simplify patching for everyone, particularly those who already put a lot of time and effort into staying up to date.
Starting in February, Software Update Services will be offered automatically to all windows.uwyo.edu domain computers unless users contact an IT user consultant or the IT Help Desk, 766-4357, and specifically request that their computer be "opted out" and excluded from the SUS updates.
To receive the full benefit of this and other services,
departments are strongly encouraged to have their systems join the
windows.uwyo.edu domain, however IT will offer this service to
departments that have chosen to maintain a separate domain. SUS
will not be offered to other domains automatically but users of
other domains can, following IT-provided instructions, choose to
manually configure the Automatic Updates client on their computer
to use the campus Software Update server. If you are unsure what
domain your computer belongs to please follow the instructions
located at "How to determine a computer’s name and domain"
If you are the type of person who stays up-to-date with computer security and likes to patch your own computer, you may think this service is not for you. However, even if you visit the Windows Update Web site regularly or have already configured your Automatic Updates client to keep your computer updated, consider the time you can save and problems you can avoid each month by not worrying about patches to correct the latest Windows security bugs. A vulnerable computer can be hacked and have its data destroyed. You may find that it’s more convenient than imagined to have security patches automatically applied. Users can still request to opt out at any time.
UW’s Microsoft Campus Agreement now offers a program called Work At Home. Information Technology is extending the new offering to UW faculty and staff. The Work At Home (WAH) program allows faculty and staff to run Office and Windows XP at home while employed by the university, as long as the Campus Agreement is in place. The current Campus Agreement is in effect from Dec. 1, 2003, until Nov. 30, 2004. As long as the university renews the Campus Agreement annually, users may continue to use the software. The university expects to renew the Campus Agreement annually, however, if the university does not renew the license in any year users are required to remove the software from their home computers upon expiration of the licensed period. Users must also remove the software if their employment with UW ends.
For a minimal cost of purchasing the media (CDs), faculty and staff can install and use these products at home for campus-related work. Software CDs are provided to install the software at home, and are the user’s to keep. Installation does not require a Volume License Key. The software must be registered with Microsoft to ensure continued operation. Once registered the software cannot be installed on another computer. If after approximately the twentieth execution of the program a user has still not registered the product, the software will default to a "read only" mode, which will essentially render the programs unusable unless they are registered.
To order CDs under the WAH program download, print and sign the agreement form at www.uwyo.edu/infotech/services/software/wah/. Send the form and a personal check (sorry, no cash accepted) to:
Information Technology, Client Support Services
Ivinson Building, Room 140, CAMPUS
The CDs will be delivered through campus mail or may be picked up in the Ivinson Building, Room 140.
Important Note: Information Technology is not responsible for installation, configuration, or troubleshooting of WAH products on personally owned computers. This offer is only available to UW staff and faculty. Student employees are not eligible.
Sophos, UW’s email virus scanning software provider and PureMessage, UW’s spam filtering provider have recently merged into one company, Sophos PureMessage. Email virus scanning and SPAM message tagging services are now provided through an integrated product on UW’s central email gateway server. Despite a recent law passed in an attempt to reduce the flow of SPAM, it is expected to continue to grow. Sophos PureMessage recently noted that "USA SPAM laws are unlikely to stop spammers." Users can read the article and get information on the law at www.sophos.com/spaminfo/articles/gwbush.html.
The UW central email gateway processes approximately 4.5 million email messages a month. Recent statistics indicate that about 60 percent of this email is SPAM. The basis for tagging email as SPAM is a 50 percent or higher threshold probability indicator, which is calculated by the Sophos Puremessage software. When the probability threshold is 50 percent or higher the software adds the word SPAM to the message’s subject line.
Are you getting the most out of SPAM filtering? Outlook and WebMail users may create their own SPAM filtering rules to take advantage of the spam tagging UW provides. For users who receive legitimate email tagged as SPAM when it shouldn’t be, individual white-listing of senders can make SPAM filtering more useful. For examples and help see www.uwyo.edu/infotech/services/email/spam/.
In contrast to SPAM, virus-infected email only totals about 12,000 pieces received monthly at UW. W32/Dumaru-A and W32/Bagle-A were the most common viruses seen recently, with about 6000 detected in the last 30 days. For details about these and other viruses see www.sophos.com/virusinfo.
Even though UW’s current virus volume is not particularly high, a single virus can severely damage the infected computer as well as UW’s systems and networks. Users should continue to take measures to protect their systems from viruses. This means frequently updating their computers with software patches (see Automatic Central Security Patch Management), keeping the OfficeScan virus software current, not opening attachments from unknown users and not responding to suspicious or unusual emails.
Recent security reviews revealed that the university’s electronic mailing list software (known as Majordomo) presented several potentially undesirable exposures for the university. Adjustments were made to make it more difficult for spammers to obtain list names, post to existing lists, or acquire lists of subscribers.
Unfortunately the changes had some negative impacts on usability, especially for subscribers using the Web interface at http://majordomo.uwyo.edu/cgi-bin/majordomo.
One problem related to spammers’ ability to obtain easily a list of all mailing lists. This was blocked, but as a result the Web interface no longer displays list names and therefore cannot be used for subscribing and/or unsubscribing. The major difficulty is that the Web form uses no authentication and thus cannot verify that you are who you claim to be. The alternative is to use the more traditional e-mail interface with Majordomo, by sending plain-text messages to email@example.com with various commands in the body of the message. For example, sending a "which" command (without the quotation marks) will return a list of the mailing lists to which you are currently subscribed.
Note that you must use the same email address for sending the command as the address by which you are subscribed. Another useful command is "help," which will return a brief list of commands and their usage. The most common usage is either "subscribe list-name" or "unsubscribe list-name."
For the owner of a list, the Web interface remains mostly unaffected because list management requires the use of a password. As in the past, the email method is also available.
A second problem was spammers’ ability to obtain email addresses from lists. This potentially allowed spammers to harvest a large number of target addresses, and this was also blocked.
A third problem was the opportunity, by default, to send messages to a list even if the sender was not a member of the list. This will be turned off by default on all new lists; existing lists can be modified by the list owner by setting the "restrict_post" configuration item to the list name.
In the past, email display names have been created from a person’s first, middle, and last names, for example, "Jonathon R. Doe." Recently, due to numerous problems parsing middle initials, email display names have been changed to match a person’s official name as registered with the Registrar and/or Human Resources. For example, either "Jonathon R. Doe" or "Jonathon Robert Doe" is used depending on whether Mr. Doe’s middle initial or middle name is registered with HR.
Many people have requested that their display name reflect their nickname. For example, Mr. Doe may prefer to be known as "Jon Doe" or "Bob Doe." IT and Human Resources are working to soon make this possible. Faculty and staff can now submit the "PS - 9 Personal Data Change Form" (www.uwyo.edu/hr/hrformslist.htm) to Human Resources, requesting that a nickname be added to their personnel record. Students can also request the addition of a nickname. This requires that the student appear in person at the Office of the Registrar’s service desk with picture identification.
In the near future, central email services will be updated to include nicknames. Since Exchange supports a special field for display names, the display name field will be created from the nickname and last name, for example, "Jon Doe." Mr. Doe’s first, middle, and last names will still be used in their respective Exchange fields so that senders can verify the correct "Jon Doe" before sending email. ASUWlink does not currently support a separate display name field. Therefore, email names on ASUWlink will be formed using the first, middle, nickname, and last names, for example, "Jonathan Robert ‘Bob’ Doe."
Microsoft Office 2003 is now available to UW users. IT user consultants are ready to offer support for the upgraded core Office 2003 applications: Access, Excel, Outlook, PowerPoint and Word.
PeopleSoft users are advised to continue using either Office 2000 or Office XP. Compatibility testing between PeopleSoft and Office 2003 has not been completed and PeopleSoft has not issued a compatibility statement for Office 2003.
FrontPage 2002 users may experience problems with the Office Assistant if they upgrade to Office 2003. It is not recommended that FrontPage 2002 users upgrade their Office applications at this time. IT is aware of the problem and has reported it to Microsoft. Microsoft acknowledges the issue and may provide a solution to this and other reported problems at a later date. Please check www.uwyo.edu/Infotech/css/office03.htm often for the latest updates on this and other topics that we discover for Office 2003.
Microsoft has added Publisher and InfoPath to this release of Office Professional. Publisher was included in Office 2000 and separated in Office XP, and then disappeared from any Microsoft product list during the past year. InfoPath is a new application. (IT consultants will provide installation support for the Publisher and InfoPath applications and ensure that they are functioning after installation. However, the consultants are not yet able to provide application and feature support of Publisher or InfoPath.)
Users may install Office 2003 on Windows XP or Windows 2000 operating systems with Service Pack 3 or later. Some departmental computers may not meet the minimum system requirements (www.microsoft.com/office/editions/prodinfo/sysreq.mspx). Contact your user consultant about upgrading. He or she can help you evaluate the current hardware configurations, operating systems, and capacity.
To install Office 2003 refer to How to Install Microsoft Office 2003 Professional (www.uwyo.edu/AskIT/displaydoc.asp?askitdocid=236&parentid=1); call the Help Desk at 766-4357, option 1; or contact your user consultant for assistance.
If you install Office 2003, it is important to apply any available patches immediately. Users will need to have access to the CDs with which they installed Office 2003. If it was installed from the network, ensure that a network connection is available during the update. Start a browser and enter http://office.microsoft.com/officeupdate in the address bar. Allow the update process to install recommended updates.
One of the big benefits of Office 2003 is Outlook 2003. Outlook 2003 has a whole new look and feel. It is now easier to categorize and organize emails and see favorite or most used email folders all together. Users can also read emails in the upgraded Reading Pane, which can now be located to the side rather than under the list of email messages. Of all the upgraded applications in Office 2003, Outlook "looks" the most different.
IT will offer hands-on, instructor-led training classes for Office 2003 beginning in the summer of 2004. Computer Based Training (CBT) training opportunities in Office 2003 will also be available in the summer. Until then, IT will continue to schedule Office XP classes.
UW has successfully implemented the PeopleSoft Human Resources Management System (HRMS) version 8.3 Service Pack 1. In fact, the paychecks that university employees received at the end of October, 2003 came from the new system. The success of this project was due to the hard work of many people across campus, and each of these people should feel proud of their accomplishment. The team is currently working on a number of cleanup items, but the university is now positioned to begin tackling some of the advanced functions available in PeopleSoft, including functions to aid with tenure and promotions and training administration.
All departments have now been offered formal training in the use of HRMS. It is understood that there will continue to be questions as people use the system; anyone with questions about the new system can call Duane Timmerman (766-9601) or Chad Marley (766-4874).
The PIStOL upgrade continues to move forward. During extensive testing by functional users, several key issues were identified. Those issues were forwarded to PeopleSoft, who responded by informing UW IT that an additional upgrade to both our toolset and the application would be required. Due to the complexity of the software and our position in the middle of an upgrade, it was necessary to engage PeopleSoft to determine exactly what steps we needed to take to ensure that our work to date was not lost. PeopleSoft has provided experienced consultants at no charge to help guide us through these critical steps in our upgrade.
It was recently determined that we needed to upgrade our application (i.e., perform a double upgrade) to Financials 8.4, Service Pack 1, Fix Pack 2. With the hard work of UW employees and the assistance of the PeopleSoft consultant, this has been completed in a test mode and is currently being tested by functional users. As this testing appears to be successful, the decision has been made to proceed with a Test Move to Production (TMTP) in which we convert data from the older version of the software to the newer version. The TMTP will confirm that our data conversion is successful despite having to do an additional upgrade. Once the TMTP is completed and the data is reviewed, additional TMTPs will be completed to help us minimize the amount of system down-time required during the go-live time period.
No timeline for the completion of the project has been defined at this point. The project team agrees that we will have a much more accurate idea of the remaining work after the completion of the next TMTP.
The "PeopleSoft at UW" Web site (www.uwyo.edu/peoplesoft) has information on both projects and is updated frequently. If you require additional information, please contact Chad Marley, IT project manager, at 766-4874 or firstname.lastname@example.org.
Over Winter Break Information Technology installed wireless gateways and Virtual Private Network (VPN) services on the UW wireless network (also know as "WiFi," or "802.11"). These additions will help to make the system more accessible and easier to use, as well as provide an increased level of security.
The wireless gateways authenticate users by prompting them for their UW username and password. The VPN services allow users to create VPN connections that will allow them to sign on to the network and encrypt their data, keeping it secure from others (for a description of VPN see www.uwyo.edu/Infotech/aboutIT/news/newsletter/2002/02fall.asp and www.uwyo.edu/infotech/services/network/vpn/).
For Cisco wireless card users, the Lightweight Extensible Authentication Protocol (EAP/LEAP) will continue to function as usual. Users have three different methods to authenticate with the UW wireless network:
EAP/LEAP and VPN are the recommended methods, since these also encrypt data. Users who don’t use EAP/LEAP or VPN can be authenticated for wireless access by opening a Web browser and entering their UWYO or UWSTUDENT username and password. (When you attempt to access a Web page, if you haven’t already authenticated using EAP/LEAP or VPN the wireless gateway will present you with a specific Web page where you can enter your Windows domain username and password.) MAC addresses will no longer be used for authentication.
Guest user accounts are available for visiting faculty and staff, and for conference and event attendees. Call the IT Help Desk, 766-4357, option 1, to obtain the password for the guest account. Guest users are able to connect to off-campus Internet sites but for security reasons UW network access capability is restricted
The Central Student Fee Committee (CSFC) made a large contribution to help bring this central solution to university students, faculty, and staff. Recently CSFC placed wireless logos in campus locations where the CSFC provided the funding for wireless access. CSFC-funded wireless access points are located primarily in student study areas and other student open areas.
New wireless access points funded by the CSFC include the Geology Library and atrium, the Fine Arts open-study areas and lobby, the student congregation (vending) areas in Engineering on all four floors, the Animal Science lobby and study area, the first-floor study room in Business, and the student lab and library in Hoyt Hall. For up-to-date information on the UW wireless service, including instructions, maps, security, plans, locations and more, please visit www.uwyo.edu/infotech/services/network/wireless/.
The University of Wyoming is now a participating member of Dell’s Education Personal Purchase Program. UW faculty, staff, and students are eligible to receive special discounts and offers that are not available to the general public.
Some of the benefits of this program include
To take advantage of the program, contact the electronics department of the University Bookstore at 766-3264, email email@example.com or go to www.uwyobookstore.com and use the links at left under the Dell logo.
It is important to note that the telephone technical support is provided by Dell’s "relationship" organization, rather than the typical home sales support organization. This means that the "escalation path" for problem resolution is similar to the university’s technical staff support channels. Additionally, users enter the Dell support phone queue through a different path. The path gives users access to a higher level of Dell’s technical support and customer service.
Many university computers remain vulnerable to hackers and viruses. Security patches are not always being installed in a timely manner (or at all). This creates serious problems and substantial risks for UW:
As noted in previous emails and newsletter articles1, to protect the university’s network, Information Technology may restrict network access for computers that become infected with a virus. Network access may also be restricted for vulnerable computers that are not "patched" in a reasonable amount of time.
In order to keep your computer updated with security software patches, IT recommends that Windows users either:
Users can refer to www.uwyo.edu/Infotech/services/security/ for a current list of vulnerabilities deemed critical by IT, including deadlines after which Internet access may be restricted for unpatched computers.
Many users have been successfully using Microsoft’s Automatic Update feature. The importance of installing critical system patches cannot be overstated. Unpatched computers are vulnerable to exploitation (i.e., the computer may be controlled remotely and/or infected with viruses). In several recent cases computers have been infected without the computer owner even opening an infected email or clicking on a Web page designed to exploit the computer. Unpatched, vulnerable computers may be taken over by hackers simply because the computer is attached to a network. Depending on the vulnerability, hackers might gain administrative access to the computer to copy or delete any data stored on the computer and possibly other networked computers and disks.
Viruses have caused massive amounts of data to flood the local data network and negatively affect other users (denial-of-service attacks). In extreme cases, the entire campus data network has become unusable until the infected computers could be identified and disconnected.
IT will continue to scan the network to identify computers with "critical vulnerabilities" and will begin to patch vulnerable computers automatically (see Automatic Central Security Patch Management). Any computers that remain unpatched are subject to disconnection from the network. Normally a one month grace period will be in effect but the time period will vary with circumstances and associated risks.
IT is working on a solution that will notify the user or administrator that their computer is vulnerable and will be disconnected from the network. In the meantime, network restrictions may be placed on infected and vulnerable computers without user notification. Users should contact the IT Help Desk at 766-4357 (6-HELP), option 1, if they have questions, experience any outages or have problems accessing the network. Please leave a message if you are transferred to a hold queue due to high call volume. Alternatively, email firstname.lastname@example.org and a Help Desk representative will respond to your inquiry. IT will post a notice to email@example.com (the Partners mailing list) whenever the Security Web page is updated, at www.uwyo.edu/InfoTech/services/security/.
1For more information please see
Early in 2003 UW started the search for a replacement to our aging Student Information System (SIS). Three vendors (PeopleSoft, SCT, and Oracle) were selected to receive the university’s Request for Proposal, with PeopleSoft and SCT responding. After a thorough analysis of the products and conversations with other higher education institutions, it was determined that the SCT Banner and SCT Luminus products were the best fit for UW. The SCT Banner product includes functions for admissions, registration, financial aid, accounts receivable, institutional reporting, and many other areas. The SCT Luminus portal could provide enhanced student email and calendaring as well as a central location for students to get the information they require.
A recommendation was forwarded to President Dubois that UW proceed with a "fit-gap analysis" on the SCT Banner product as well as the SCT Luminus portal product, and that recommendation was approved. A fit-gap analysis reviews the business processes of UW and fits them to the functions provided by the software. Any gaps identified are rectified by either modifying the software or modifying the associated business processes.
In December of 2003, the fit-gap analysis was successfully completed. SCT provided UW with a detailed estimate of the cost of the software and the cost of the necessary consulting services to aid in completing the project. SCT also provided a timeline in which implementation tasks would be completed. UW staff worked to complete a 6.5 year total cost estimate for the project which included hardware, software, consulting and training components. Utilizing these documents, UW is currently negotiating with SCT. While no timeline for the completion of these negotiations has yet been set, it is hoped that the project will begin early in 2004.
More information on the SIS Replacement Project is available at www.uwyo.edu/newSIS or from Jim Berrigan, project manager, at 766-2636.
Information Technology’s user consultants offer full support of standard hardware and software on university owned standard desktop computers. Standard desktop computers are business class systems that UW campus Partners Program subcommittee determined to be acceptable for use in the normal office and student computing lab environment.*
There are many different models of laptops that are in use at the university, and the user consultants offer a best efforts support approach for common laptops and peripheral equipment. The consultants are able to install common software and set up network connectivity for most brands without any problem. Consultants will work with various vendors to provide solutions to common computing problems, should they arise. On the rare occasion when normal troubleshooting techniques have been exhausted and a consultant cannot resolve the problem the laptop owner has responsibility for pursuing a resolution with the vendor.
Recent additions to the computer market are the Tablet PC and the Media Center PC. Information Technology is testing and evaluating the Tablet PC. Software compatibility will be tested and the decision on future support will be made after sufficient testing with UW related applications has been completed. No support or testing will be provided for the Media PC. The Media PC is primarily intended for the home entertainment consumer market.
The user consultants will continue to focus efforts on supported operating systems – Windows 2000 and Windows XP Professional – and expanding support, where necessary, for academic and administrative computing.
* The UW Partners Program is an assembly of UW campus technology professionals and other interested individuals, working to improve the use of computer technologies and the services and products of the Division of Information Technology by promoting and encouraging open communication and information exchange between all areas of the University of Wyoming campus. The Partners Program hardware recommendation is located at http://www.uwyo.edu/partners/HardwareRec/reasons.htm. The standard hardware and software list may be viewed at http://www.uwyo.edu/InfoTech/services/Support/standards/.
Information Technology has long had a router firewall between the campus network and the Internet. Several months ago a Cisco PIX "hardened" firewall was installed on the campus network. Segments of the UW network are gradually being moved behind the hardened firewall. The Residence Halls were one of the first to be moved behind the new firewall. Several departments were moved behind the firewall when they moved to other buildings. The Ivinson building and UW’s computing center were moved behind the firewall over Winter Break.
All the computing systems in the Ivinson Building computing center except for publicly accessible servers were moved to the 10.x.x.x subnet. The next phase is to continue to move sections of the campus network behind the new firewall.
The process of moving departments will take place in two steps. In the first step all work-stations and servers, with the exception of publicly accessible servers, will be moved behind the firewall. In the second step all publicly accessible servers will be moved behind the firewall.
The first step will be very simple for most users. Information Technology will issue a notice when parts of the network will be moved. Users with dynamically assigned IP addresses (most users) will simply reboot their system the morning after their building is moved behind the firewall. Users who require a static IP address (discouraged except for servers and specific situations) will need to manually change the IP address currently assigned to their system to a new IP address assigned by IT and then reboot their system.
Technical Information for Server Administrators
The second step is expected to take place over a single night this coming summer. In short, all publicly accessible servers will be moved at once behind the firewall. (Publicly accessible servers are servers that need to be accessed by the general public without use of a VPN session.) These systems will have two addresses: an outside address, which the outside world will see, and an inside address for campus users. The domain name servers (DNS) will be separated into an inside DNS and an outside DNS at this point. The outside DNS server will contain the 129.72.x.x addresses, and in most cases this will be the previous address of the server. The inside DNS server will contain the inside addresses of all publicly accessible servers and will not contain any 129.72.x.x addresses. Once the DNS servers are separated, the outside DNS will be updated to reflect the outside addresses of the servers, and the inside DNS will be updated with the inside addresses. Static entries will be placed in the firewall to translate the outside addresses to inside addresses. The network segment on which the publicly accessible servers are connected will be moved to a VLAN inside the firewall. The owner of the server will then change the IP address to the inside address.
The firewall Web pages at www.uwyo.edu/infotech/services/security/firewall/ contain (1) information about the procedures to be followed in moving behind the firewall, (2) a form for requesting addresses for publicly accessible servers and static IP addresses, and (3) the dates when the moves are to be completed. Due to the high cost of maintaining static IP address, they will be issued only to systems that need them. Users will be asked to justify the need for a static IP address before one will be issued.
A new Information Technology help Web site is now available for University of Wyoming (UW) computer users. The site is called AskIT and is located at www.uwyo.edu/AskIT. AskIT is a new centralized portal for self-help resources and utilities, including how-to documentation, frequently asked questions (FAQs), Web site requests, hardware work order requests, computer training opportunities and UW software licensing. Future additions to the site will be troubleshooting tips, Web-based software installation points, the ability to submit a problem or issue to IT via the Web and numerous other utilities as they become available. The documentation provided on AskIT is fully searchable and categorized in a manner that will make finding the information you need as easy as possible. So, please take a look at the site, and come back often to see what new online utilities or information are available to you. Feel free to e-mail us with any comments you may have at AskIT@uwyo.edu.