Maintenance work ConfigMgr from 21.02.2024 completed

The maintenance work for ConfigMgr has now been completed and the ConfigMgr Console can be used again.

Maintenance work ConfigMgr on 21.02.2024

On Wednesday 21.02.2024 there will be all-day maintenance work on ConfigMgr from approx. 07:00 am.
Please close your open ConfigMgr Console on Citrix with your end of service today and restart it first with the announcement of the end of the maintenance work.
Existing deployments will continue to run so that your Windows clients can continue to install software.

Survey for eToken SmartCard demand to secure administrative access

As reported at the 97th meeting of the IVV Expert:innenrunde on 10.11.2023, the CIT is procuring various types of SmartCards (USB-A/-C eToken) from crisis resilience funds.

These can be used to make logging in to administrative accounts more secure. With the eToken, login does not take place using a username and password, but via a certificate stored on a special USB stick and a PIN that is independent of the password.

Once the USB token with the certificate is in possession and the PIN is known, it is possible to log in. The password is not entered or transmitted and therefore cannot be intercepted and misused by an attacker.

If you have one or more IT administration accounts or accounts requiring special protection, you can register your demand for an eToken using the linked questionnaire until Nov. 30.

https://sso.uni-muenster.de/LearnWeb/learnweb2/mod/feedback/view.php?id=3126818&lang=en

You only need one eToken, even if you want to protect several of your accounts.

In this way, we would like to determine the demand and pass on a quantity estimate for the various types to the CIT for procurement.

Maintenance work on the COMSOL license server

Due to a Comsol version update, maintenance work will be carried out on Tuesday, 14.11.2023 from approx. 07:00 a.m. and the license server will therefore not be available.
We assume that the work will be completed by 09:00 a.m.

New license period for Serif Affinity All Apps (Designer, Photo, Publisher) starts on 10/13/2023

On Friday, 10/13/2023 a new license year for the Serif Affinity All Apps (Designer, Photo, Publisher) will start.

For the old version 1 we did not get any new license keys, so to continue using Affinity it is now necessary to switch to the version 2 apps: Designer 2, Photo 2, Publisher 2.

For version 2 there are new license files and a version update to 2.2.0 available.

For macOS the installation sources are available on the Dfs under Software\Admin\Affinity\macOS.

For the Windows version, updated deployments will not be available in ConfigMgr (MECM, SCCM) until next week due to vacations. Until then, Affinity Apps will probably not be usable from the weekend on. We apologize for this interruption and any resulting inconvenience. Please inform the users in your area accordingly.

KeyServer notification about Sophos Security & Control

Starting this afternoon, we will activate a notification on the KeyServer about the deployment of Sophos Security & Control.
Support for Sophos Enterprise Console will end on July 20, 2023.
As a result, we will no longer be able to run our Sophos Enterprise Console from 20 July 2023. Without Update Server, the affected clients will no longer be protected.

Official devices must be migrated to a Sophos Central instance by July 20, 2023. We have already deployed our own instances of Sophos Central for some institutes of the NWZ and migrated devices.
For all devices that have not been migrated by July 07, 2023, we will roll out a central update via ConfigMgr to migrate these clients to a Sophos Central instance provided by us.
These devices will then no longer be manageable by you as administrators.
However, a later migration to another Sophos Central instance is technically feasible.

Windows 7/Windows 8/Windows 10 systems that are no longer supported will be without virus protection from July 20, 2023. We strongly advise you to update the affected devices.

BitLocker recovery information now visible in Active Directory for relevant admin groups

BitLocker is recommended for encryption of hard disks of portable Windows computers in NWZ. And was presented in detail in an IVV colloquium lecture in the summer semester 2022.

The recovery keys are stored securely in Active Directory on the respective computer object. Previously, these keys were only visible to domain administrators.

As of today, these keys can now also be viewed by the relevant admin groups (Y accounts).

No user provisioning on 23.05.2023

Due to changes in the central user database (WWUBEN), user provisioning in the NWZ failed during the night of May 22-23, 2023.

Access to the required database view is now restored and any tasks that have been incurred will be caught up on the next night.

NWZ Active Directory Domain Functional Level raised to Windows Server 2016

The Domain Functional Level of the NWZ Active Directory has been raised from Windows Server 2012R2 to Windows Server 2016.

The Forest Functional Level of WWU.DE is currently Windows Server 2012, therefore the new features introduced with the Windows Server 2016 Functional Level by Microsoft cannot be activated in the NWZ yet.

Issues with Sophos Enterprise Console

As of this morning, there is an issue with accessing the Sophos Enterprise Console. We are in contact with Sophos Support to fix the problem.

24.11.2022, 17:00h: Network interruption at server location IG1

Due to unexpected updates to the main server switch at the IG1 server location, there was a brief network disruption for all devices located there at 5pm yesterday.

The interruption was long enough for the central file servers' error correction measures to take effect and resources to be moved between sites.

01.12.2022: Adobe Acrobat 2017 expiration date

At this point, we would like to point out again the end of runtime on 01.12.2022, of Adobe Acrobat 2017. Users of the application have already been receiving an info window when launching the application for a few weeks.
. An extension of the license is not possible.
. As a successor product, "Adobe Acrobat DC" is available for use. A Microsoft Azure account is used for use. Each user must explicitly activate this in the IT portal.
. It is a single user license and should therefore only be installed on the main computer.
. 2 Adobe Acrobat DC instances are allowed and usable per user.
. WWU-IT instructions: https://www.uni-muenster.de/IT/services/arbeitsplatz/software/adobe-acrobat-pro.html
.
. A separate version is available for exclusive use in learning and teaching rooms; this is named accordingly in ConfigMgr.

[GPO] Renaming the local admin account

The group policy "IVV4_rename-local_admin" will be deactivated and removed on 07.10.2021 around 16h.
. This will rename the local computer account administrator back to match your institute defaults.
Windows 10 installations are now stagnant and therefore we see no further use for this measure.

Disabling the Windows Defender Antivirus

The Windows Defender anti-virus, which should have been automatically disabled by Sophos Anti-Virus, had to be disabled via the 'NWZ Domain Policy for Windows 10' Group Policy.
In the Windows 10 versions 1903 and 1909 there was a mutual blocking, which resulted in a 100% CPU load.
Additionally there is the "NWZ Windows Defender disabled" policy. This policy also deactivates the Windows Defender Antivirus.

Change to the NWZ Domain Policy

As already announced in various colloquia, the following change has been made to the NWZ Domain Policy. The Configuration Manager client (SCCM agent) is now distributed to all Windows client systems. This means that the "GPSI - 28 - Configuration Manager-Client" is obsolete and you can remove this policy from your OU's.

New form "IT-Administrator IVV Naturwissenschaften" (IT Administrator IVV Natural Sciences)

With the change of the fax number of the NWZ-Hotline a revised version of the form "IT-Administrator IVV Naturwissenschaften" was provided.

Please use the form version 16.01.18 13:52:00 for all applications, extensions and renewals of W- and Y-accounts from now on.

Please fill out the form with Adobe Acrobat and send it preferably as PDF by email to ivvnwz@uni-muenster.de.

[NWZSCCM] Maintenance completed

The maintenance work has been successfully completed. NWZSCCM is now available in the latest version 1710. The updated admin console is available via Citrix. If you installed the Admin Console manually, please update it. Otherwise a connection to the SCCM site is not possible. Installed Configuration Manager clients (client on the end device to be managed) are automatically updated.

[NWZSCCM] Maintenance work

As of Tuesday 13.02.2018 extensive maintenance work will be carried out on the NWZSCCM and the SCCM console will be temporarily unavailable. Stock packages will continue to be distributed via the distribution points. New packages cannot be created or distributed during the maintenance window.

As soon as the SCCM console is available again, the IT administrators are informed via the NWZ Admin-News about it.

[GPSI] and [SCCM] announcements postponed

Now you can find all new and archived [GPSI] and [SCCM] announcements in the Windows News.

Vulnerability in Intel processors

Due to the vulnerability in Intel processors, Microsoft released the monthly update early on 05.12.2018.
The Windows Update is currently being tested on different Windows systems. The game must also be tested with the anti-virus program Sophos.
As soon as these tests are successfully completed, the update is released. Afterwards there will be a new announcement.

Change to the NWZ Domain Policy for Windows 10

The NWZ Domain Policy for Windows 10 specifies that Windows 10 upgrades will be received through the Semi-Annual Channel. This means that feature upgrades, for example from Windows 10 - 1703 to Windows 10 - 1709, will not be installed on clients until four months after release.

If you want to receive the updates directly, you have to change the following in a policy:
1. Under Computer Configuration - Administrative Templates - Windows Components - Windows Update - Enable client-side destination mapping and enter "NWZ-Default Clients fast Updates".
2. Under Computer Configuration - Administrative Templates - Windows Components - Windows Update - Windows Enterprise Update - Select when preview builds and feature updates are received, set to "Semi-Annual Channel (targeted)" and enter 0 days.

Switching off old license servers

On Wednesday, August 2, 2017, the following license servers for old software that was no longer transferred from NWZnet to NWZ were shut down:

  • Compaq Visual Fortran 6.6
  • Comsol Mulitphysics 3.2 (ehemals FemLab)
  • Intel Compiler 2005 und 2008
  • MathCAD 12
  • MatLab 13
  • IMSL
  • Autodesk Inventor Versionen 2013 und früher
  • MestRe Nova (alte Versionen in NWZnet)
  • SPSS SigmaPlot (alter Versionen in NWZnet)
  • HyperChem
If you still use one of the mentioned versions, please update your software to the current version available in NWZ. If you have any questions, please contact the IVV hotline.

[Citrix] CMTrace

The CMTrace application is now available for administrators in Citrix. You can find it in the folder NWZ Management.

Update of Origin licenses

Origin's network licenses were migrated today at approximately 16:45 h to the current 2017 version. This resulted in a brief interruption to the license service.

This was the first step to use the new version 2017 generally in NWZ. The hint of an expired software maintenance disappears immediately at the start of version 2016.

As soon as the Origin 2017 installation package is available, IT administrators will be notified via NWZ Admin-News .

New User Profiles Version 6 for Windows 10 Anniversary Edition and Windows Server 2016

With the introduction of Windows 10 Anniversary Edition and Windows Server 2016, Microsoft has tacitly introduced the new version 6 of user profiles.

For all those who have already used Windows 10 Anniversary Edition and Windows Server 2016, the new profile was automatically created as I:\Profile\[user ID].V6 at the first login of Windows and can be used since then.

However, Y-Accounts support is not yet possible with this new profile version, as the profile directories are automatically created by Windows without the required access rights.

As of 24.11.2016, the profile directories for all newly created user IDs will be prepared in versions 1-6 (previously 1-5).

For all existing user IDs, the .V6 profile directory will be created in the course of 23.11.2016 and provided with the appropriate access rights. If a .V6 directory already exists, only the access rights will be modified accordingly.

Setting the operation of Microsoft App-V in the NWZ

On 30.11.2016 we discontinue the operation of Microsoft App-V in the NWZ. Currently only Corel Painter X3, CorelDRAW Graphics Suite X7 and Corel PaintShopPro X6 are offered via App-V, a newer version of these programs is already available for installation via our SCCM server.

At this time, both the App-V servers will be shut down and an attempt will be made to uninstall the App-V client via the GPSI policy.

Further information about SCCM can be found here

Central change of the Firefox session restore interval

In the NWZ Domain Policy the setting of the Firefox Session Restore Interval has been changed. By default, this feature continuously saves the opened tabs in a file every few milliseconds in order to be able to restore them if necessary. This can result in significant traffic of up to 100 GB per user per day. For this reason, the value has now been set to 15 minutes.

The following setting has been changed:
Computer Configuration Policies-Administrative Templates-Mozilla Advanced Options-Locked Settings-browser

Setting: browser.sessionstore.interval - activated
Number: 900000 (ms = 15 Minuten)

Windows Recycle Bin: Change in the NWZ Domain Policy

Until now, the Windows Recycle Bin is enabled by default in the NWZ domain, so files are not deleted directly, but moved to the Recycle Bin.

As of 14.03.2016 we will deactivate the Recycle Bin by default so that files are actually deleted when they are deleted.

If you still want to leave the recycle bin activated in your OU, you must change the following setting in your policy:

User Configuration – Policies – Windows Components – File Explorer – Do not move deleted files to the Recycle Bin --> deactivated

Execution of macros in Microsoft Office documents now requires manual confirmation in NWZ

Due to the Crypto-Trojan threat, the execution of macros in Microsoft Office documents via NWZ Domain Policy is now only possible after prior confirmation by the user.

When opening Microsoft Office documents from emails in Outlook, they are only opened in safe mode.

If you distribute your own Office configurations via the group policy, you may have to adjust the settings accordingly. You can use the settings made in the NWZ Domain Policy as a template.

Encryption Trojans endanger local, decentralized and centralized data storage

Cryptotrojans encrypt data unnoticed and only release it for ransom, if at all.

The main distribution channels of malware are prepared web pages and e-mails. An up-to-date and secure software configuration (especially operating system, virus scanner, browser, browser plugins and e-mail program) is a basic requirement, but it does not offer 100% security. The conscious and careful handling of the Internet and email is important.

Do not open emails, especially attachments from senders you don't know or that look suspicious. This includes Microsoft Office, Adobe PDF documents or ZIP archives.

If you become a victim of an encryption strojan, notify your IT-Administrator IMMEDIATELY. This is the only way to contain the spread to other data sets and to restore encrypted files from the backup of an earlier version.

Conversion from Firefox to the Community Edition

Mozilla Firefox will be converted to the Community Edition as of today in the NWZ.
The previously known desktop icon will change to a blue globe and the shortcut on the desktop is now "FrontMotion Firefox". The installation is done automatically via the existing GPSI policy. Administrators now have the ability to set certain Firefox settings automatically via Group Policy. For more information please click on the link in the headline.

Autodesk Product Design Suite Ultimate 2016

The Autodesk Product Design Suite Ultimate 2016 is now available in the NWZ as Published Software.

Configuration of Net Access Rules (ACLs) in the NIC_online Net Zone Browser

For instructions on how to change and extend network access rules (ACLs) yourself in the NIC_online network zone browser, see the administrator help in the new "Security" section.

These rules in the network work independently of the operating system and a firewall. They are the preferred method to control network access within the university, but do not replace a firewall.

If you want to protect devices with public IP addresses (128.176.*.*) against external access, please contact ZIV for advice on setting up a firewall.

MathCAD 13 available as Published Software

The software MathCAD 13 is now available in the NWZ as Published Software to every administrator for installation via the control panel.

DNASTAR Lasergene v11

DNASTAR Lasergene v11 is no longer available via App-V for technical reasons. The program will now start again with a central share on DFS. You will find the links in the start menu under Biology - DNASTAR 11.

End devices in NIC_online automatically converted to NWZ for installation

As decided by the IVV4 expert group, the NIC has moved all terminal devices that were still in the NWZnet application environment "WDS-NWZNET" to the application environment "NWZ-WDS"..

Instead of the NWZnet WDS server, the end devices are now offered the NWZ WDS server for installation.

The change of the "Subdomain" from "nwznet.uni-muenster.de" to "nwz.wwu.de" and the check of the "Canonical Name" must still be done manually in NIC_online before a new computer is installed.

Changes of NWZ Domain Policy / New GPSI Policies

A few adjustments have been made to the NWZ Domain Policy (new domain) that affect all client systems..
Some programs that were previously installed unasked via the Domain policy for each client are now available in NWZnet as an optional GPSI policy.
This affects the following software:

  • Java 8 Update 25 GPSI – 01 – Java
  • MACHWeb 1.69 GPSI – 02 – MACHWeb Integration
  • Adobe Flash Player 16 GPSI – 03 – Adobe Flash Player
The eToken Client as well as the KeyAccess Client remain as before in the NWZ Domain policy.

The various Visual C++ redistributable packages, which were previously distributed via the NWZ Domain Policy, will in future be distributed via the existing App-V Client Policy (GPSI - 04 - App-V Client), as these are required for the App-V client.

Please remember to link your OUs with the desired new GPSI policies!

Change of the firewall rules in NWZnet and NWZ

The firewall rules in the domains NWZnet and NWZ have been changed in the following areas:

* File and Printer sharing exception
* Remote Administration exception
* Remote Desktop exception

A subnet was added in each case.

If you have defined your own filter rules in the group policy, add the rules according to the settings in the NWZnet Domain Policy for Windows XP/7 or NWZ Domain Policy.

Surfer 10 available as Published Software

The software Surfer 10 is now available as Published Software. For installation instructions, see here.

Change in Access to Administrator Help and Documentation

In letzter Zeit häufen sich die Fälle, wo der Zugang zu Dokumentationen unter https://sso.uni-muenster.de/IVVNWZ/hilfe/administration verwehrt wird. Dies kann mehrere Gründe haben.

Wir haben dies zum Anlaß genommen, eine bereits länger mögliche Bereinigung vorzunehmen, die eine Reihe von Problemen beseitigt.

From now on, the documentation is only accessible with the standard ID of an IT administrator and not with the administrative ID (W or Y account) as before.

If you are denied access despite using the standard ID and you are an officially appointed IT administrator, please check whether you have not changed your password for a longer period of time.

An outdated password (last changed in 2007), which is no longer accepted after the conversion of the web server park, can be the reason for the login failure. Please change your password via myZIV.

 

[Valid RSS]