Change of the NWZ Domain Policy

Change of the NWZ Domain Policy
The WSUS update path has been changed from http to https.
Current update path:

Canceled: Changeover DFS Folder Target MSI-Install

The planed change of the DFS Folder Target "MSI-Install, for tomorrow morning, will be canceled by now.

Change: NWZ Domain Policy

The “New Outlook” or “Outlook (new)” is part of Windows from Windows 11 2023H2. This is not the conventional “Outlook” as it is known as part of Microsoft Office, but a completely different application with a similar name.
The conventional Outlook as part of Microsoft Office is not affected under Windows.

We have deactivated the button to start the application with the following registry key via the NWZ domain policy:
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General] “HideNewOutlookToggle”=dword:00000001

Changeover DFS Folder Target MSI-Install

On Friday 19.07 from approx. 7:00 a.m. the DFS Folder Target of \\\dfs\Software\MSI-Install will be changed and will point to a new target in the future.
For better manageability and pooling of resources, this will be included in the “SCCM-Install”.
The DFS path “\\\dfs\Software\MSI-Install” will remain unchanged.
Please do not copy any files within the “MSI-Install” on this day.

Wed, July 10, 2024: Maintenance work WDS

The WDS service will not be available on Wednesday, July 10, 2024, as some tests are being carried out.

Maintenance work ConfigMgr on 05.06.2024

On Wednesday 05.06.2024 there will be all-day maintenance work on ConfigMgr from approx. 07:00 am.
Please close your open ConfigMgr Console on Citrix with your end of service today and restart it first with the announcement of the end of the maintenance work.
Existing deployments will continue to run so that your Windows clients can continue to install software.

Change to the NWZ domain policy

There was the following change to the “NWZ Domain Policy” this morning.
Deactivation of the setting: Computer Configuration > Administrative Templates > Windows Components > Widgets
This will deactivate the weather/news widget in the Windows bar.

BitLocker recovery information now visible in Active Directory for relevant admin groups

BitLocker is recommended for encryption of hard disks of portable Windows computers in NWZ. And was presented in detail in an IVV colloquium lecture in the summer semester 2022.

The recovery keys are stored securely in Active Directory on the respective computer object. Previously, these keys were only visible to domain administrators.

As of today, these keys can now also be viewed by the relevant admin groups (Y accounts).

No user provisioning on 23.05.2023

Due to changes in the central user database (WWUBEN), user provisioning in the NWZ failed during the night of May 22-23, 2023.

Access to the required database view is now restored and any tasks that have been incurred will be caught up on the next night.

NWZ Active Directory Domain Functional Level raised to Windows Server 2016

The Domain Functional Level of the NWZ Active Directory has been raised from Windows Server 2012R2 to Windows Server 2016.

The Forest Functional Level of WWU.DE is currently Windows Server 2012, therefore the new features introduced with the Windows Server 2016 Functional Level by Microsoft cannot be activated in the NWZ yet.

[GPO] Renaming the local admin account

The group policy "IVV4_rename-local_admin" will be deactivated and removed on 07.10.2021 around 16h.
. This will rename the local computer account administrator back to match your institute defaults.
Windows 10 installations are now stagnant and therefore we see no further use for this measure.

Disabling the Windows Defender Antivirus

The Windows Defender anti-virus, which should have been automatically disabled by Sophos Anti-Virus, had to be disabled via the 'NWZ Domain Policy for Windows 10' Group Policy.
In the Windows 10 versions 1903 and 1909 there was a mutual blocking, which resulted in a 100% CPU load.
Additionally there is the "NWZ Windows Defender disabled" policy. This policy also deactivates the Windows Defender Antivirus.

New User Profiles Version 6 for Windows 10 Anniversary Edition and Windows Server 2016

With the introduction of Windows 10 Anniversary Edition and Windows Server 2016, Microsoft has tacitly introduced the new version 6 of user profiles.

For all those who have already used Windows 10 Anniversary Edition and Windows Server 2016, the new profile was automatically created as I:\Profile\[user ID].V6 at the first login of Windows and can be used since then.

However, Y-Accounts support is not yet possible with this new profile version, as the profile directories are automatically created by Windows without the required access rights.

As of 24.11.2016, the profile directories for all newly created user IDs will be prepared in versions 1-6 (previously 1-5).

For all existing user IDs, the .V6 profile directory will be created in the course of 23.11.2016 and provided with the appropriate access rights. If a .V6 directory already exists, only the access rights will be modified accordingly.

Setting the operation of Microsoft App-V in the NWZ

On 30.11.2016 we discontinue the operation of Microsoft App-V in the NWZ. Currently only Corel Painter X3, CorelDRAW Graphics Suite X7 and Corel PaintShopPro X6 are offered via App-V, a newer version of these programs is already available for installation via our SCCM server.

At this time, both the App-V servers will be shut down and an attempt will be made to uninstall the App-V client via the GPSI policy.

Further information about SCCM can be found here

Central change of the Firefox session restore interval

In the NWZ Domain Policy the setting of the Firefox Session Restore Interval has been changed. By default, this feature continuously saves the opened tabs in a file every few milliseconds in order to be able to restore them if necessary. This can result in significant traffic of up to 100 GB per user per day. For this reason, the value has now been set to 15 minutes.

The following setting has been changed:
Computer Configuration Policies-Administrative Templates-Mozilla Advanced Options-Locked Settings-browser

Setting: browser.sessionstore.interval - activated
Number: 900000 (ms = 15 Minuten)

Windows Recycle Bin: Change in the NWZ Domain Policy

Until now, the Windows Recycle Bin is enabled by default in the NWZ domain, so files are not deleted directly, but moved to the Recycle Bin.

As of 14.03.2016 we will deactivate the Recycle Bin by default so that files are actually deleted when they are deleted.

If you still want to leave the recycle bin activated in your OU, you must change the following setting in your policy:

User Configuration – Policies – Windows Components – File Explorer – Do not move deleted files to the Recycle Bin --> deactivated

Execution of macros in Microsoft Office documents now requires manual confirmation in NWZ

Due to the Crypto-Trojan threat, the execution of macros in Microsoft Office documents via NWZ Domain Policy is now only possible after prior confirmation by the user.

When opening Microsoft Office documents from emails in Outlook, they are only opened in safe mode.

If you distribute your own Office configurations via the group policy, you may have to adjust the settings accordingly. You can use the settings made in the NWZ Domain Policy as a template.

Encryption Trojans endanger local, decentralized and centralized data storage

Cryptotrojans encrypt data unnoticed and only release it for ransom, if at all.

The main distribution channels of malware are prepared web pages and e-mails. An up-to-date and secure software configuration (especially operating system, virus scanner, browser, browser plugins and e-mail program) is a basic requirement, but it does not offer 100% security. The conscious and careful handling of the Internet and email is important.

Do not open emails, especially attachments from senders you don't know or that look suspicious. This includes Microsoft Office, Adobe PDF documents or ZIP archives.

If you become a victim of an encryption strojan, notify your IT-Administrator IMMEDIATELY. This is the only way to contain the spread to other data sets and to restore encrypted files from the backup of an earlier version.

Conversion from Firefox to the Community Edition

Mozilla Firefox will be converted to the Community Edition as of today in the NWZ.
The previously known desktop icon will change to a blue globe and the shortcut on the desktop is now "FrontMotion Firefox". The installation is done automatically via the existing GPSI policy. Administrators now have the ability to set certain Firefox settings automatically via Group Policy. For more information please click on the link in the headline.

Autodesk Product Design Suite Ultimate 2016

The Autodesk Product Design Suite Ultimate 2016 is now available in the NWZ as Published Software.

Configuration of Net Access Rules (ACLs) in the NIC_online Net Zone Browser

For instructions on how to change and extend network access rules (ACLs) yourself in the NIC_online network zone browser, see the administrator help in the new "Security" section.

These rules in the network work independently of the operating system and a firewall. They are the preferred method to control network access within the university, but do not replace a firewall.

If you want to protect devices with public IP addresses (128.176.*.*) against external access, please contact ZIV for advice on setting up a firewall.

MathCAD 13 available as Published Software

The software MathCAD 13 is now available in the NWZ as Published Software to every administrator for installation via the control panel.

DNASTAR Lasergene v11

DNASTAR Lasergene v11 is no longer available via App-V for technical reasons. The program will now start again with a central share on DFS. You will find the links in the start menu under Biology - DNASTAR 11.

End devices in NIC_online automatically converted to NWZ for installation

As decided by the IVV4 expert group, the NIC has moved all terminal devices that were still in the NWZnet application environment "WDS-NWZNET" to the application environment "NWZ-WDS"..

Instead of the NWZnet WDS server, the end devices are now offered the NWZ WDS server for installation.

The change of the "Subdomain" from "" to "" and the check of the "Canonical Name" must still be done manually in NIC_online before a new computer is installed.

Changes of NWZ Domain Policy / New GPSI Policies

A few adjustments have been made to the NWZ Domain Policy (new domain) that affect all client systems..
Some programs that were previously installed unasked via the Domain policy for each client are now available in NWZnet as an optional GPSI policy.
This affects the following software:

  • Java 8 Update 25 GPSI – 01 – Java
  • MACHWeb 1.69 GPSI – 02 – MACHWeb Integration
  • Adobe Flash Player 16 GPSI – 03 – Adobe Flash Player
The eToken Client as well as the KeyAccess Client remain as before in the NWZ Domain policy.

The various Visual C++ redistributable packages, which were previously distributed via the NWZ Domain Policy, will in future be distributed via the existing App-V Client Policy (GPSI - 04 - App-V Client), as these are required for the App-V client.

Please remember to link your OUs with the desired new GPSI policies!

Change of the firewall rules in NWZnet and NWZ

The firewall rules in the domains NWZnet and NWZ have been changed in the following areas:

* File and Printer sharing exception
* Remote Administration exception
* Remote Desktop exception

A subnet was added in each case.

If you have defined your own filter rules in the group policy, add the rules according to the settings in the NWZnet Domain Policy for Windows XP/7 or NWZ Domain Policy.

Surfer 10 available as Published Software

The software Surfer 10 is now available as Published Software. For installation instructions, see here.

Change in Access to Administrator Help and Documentation

In letzter Zeit häufen sich die Fälle, wo der Zugang zu Dokumentationen unter verwehrt wird. Dies kann mehrere Gründe haben.

Wir haben dies zum Anlaß genommen, eine bereits länger mögliche Bereinigung vorzunehmen, die eine Reihe von Problemen beseitigt.

From now on, the documentation is only accessible with the standard ID of an IT administrator and not with the administrative ID (W or Y account) as before.

If you are denied access despite using the standard ID and you are an officially appointed IT administrator, please check whether you have not changed your password for a longer period of time.

An outdated password (last changed in 2007), which is no longer accepted after the conversion of the web server park, can be the reason for the login failure. Please change your password via myZIV.


[Valid RSS]