Information Systems recommends that EMU outsource email and calendar systems to either Google Apps for Education or Microsoft Office 365 for Education. Both systems provide more space, more capabilities and more opportunities for collaboration. We’re interested in faculty, staff and students’ opinions on this recommendation and on the choice of Google or Microsoft.
Changing your password annually
Information Systems has begun enforcing annual password changes after a hiatus while we migrated to Microsoft’s Active Directory. You will receive notice to change your password within the next few months.
The rest of this post contains further details about this.
For many years the Information Systems department has required users to change their password annually. During the transition to Microsoft Active Directory, completed in May 2012, we suspended this requirement to avoid problems for users and administrators. With that transition complete we are now re-instating the requirement. (More details on why annual password changes are important may be found below.)
You will receive notice to change your password sometime in the next few months. We’ve randomized the timing of these notices to avoid having everyone change their password at once. We will notify you through email and prompts in Moodle and myEMU.
Please do not ignore these messages! You will need to change your password within two weeks of first receiving notice.
After you have changed your password you will be invited to add security questions and contact information to your profile. These will allow you to reset your password in the future without contacting the information systems Helpdesk.
If you use an EMU laptop or you have linked your smartphone or tablet to institutional email and calendar systems (that is, you use NotifyLink) you should update them after you change your password. We have created a HelpZone article with further instructions.
Our annual password change requirement is a compromise between system security and ease of use. The most secure passwords would be long, complex and frequently changed; the easiest passwords to use would short, simple and seldom changed–or might not be used at all. We have tried to strike a balance: moderate requirements for passwords that are changed annually.
Please contact the Information Systems Helpdesk (helpdesk@emu.edu, 540 432 4357) with your questions or comments. And remember that Information Systems will never ask for your password!
Sophos Anti-Virus: issues from false virus detection
Update 21 Sept 3:30pm: We have released a modified version of Sophos’ clean-up utility for students and home users: Sophos Fix . You do not need to run this on EMU-owned computers.
Download the file and unzip it then right-click ‘Sophos Fix.cmd’ and ‘Run as Administrator’.
Please send questions or comments to the Information Systems Helpdesk (helpdesk@emu.edu, 540 432 4357).
–
Update 20 Sept 5:15pm: We have deployed a fix for the Sophos-quarantined files. While the fix installs you may receive a warning that your computer has been quarantined. Please disregard the message. The quarantine will be removed automatically when the install is complete.
–
Update 20 Sept 4:50pm: Sophos has released a script (available from a new post) that reverses the quarantine. We are deploying it to EMU-owned computers. Check back for a solution for non-EMU-owned computers.
–
Update 20 Sept 9:50am: Sophos has posted information about the problem though it is frequently unavailable as their servers struggle to handle demand. They are also fielding questions on Twitter.
–
Yesterday afternoon (Wed 19 Sep) Sophos Anti-Virus released an update that falsely identified many Windows programs as virus-infected. Sophos denied access to those files and moved them to quarantine. Worse still, one of the quarantined files was Sophos’ own updater.
Sophos is aware of the problem and is developing a fix. Information Systems will deploy that fix as quickly as possible.
-Ben.
End of EMU Technology Era – Novell Shut Down May 29
Next week marks the end of a technology era at EMU, with the final shutdown of our Novell servers. Novell was the first networking system deployed at EMU in about 1994. For the better part of the last two years Information Systems has been planning and then implementing our migration from the Novell networking system to Microsoft Active Directory. Much of the work for this has occurred behind the scenes, but occasionally we have notified the campus community of specific changes that would be visible.
Next Tuesday morning (May 29), prior to 8:00am, we will shut down the Novell servers. This should be a “non-event” because we believe all of our systems’ dependencies on the Novell servers have been transitioned to our Microsoft servers. However, this will be the first time the Novell servers will not be operating which could reveal a dependency we have not identified. We are hopeful this will not be the case.
The Technology Services team, led by Jenni Piper, has been working steadily since January to upgrade all EMU-owned Windows computers from the XP version of Windows to Windows 7 which have no dependencies on Novell. We believe there are only a few employees still using computers running XP and those users should have already been contacted by the Helpdesk to have their computer upgraded to Windows 7.
IMPORTANT: If you are using a Windows computer at the Harrisonburg, Lancaster or WCSC locations that is still running XP (if you login using a Novell dialog box, this would be you) and you expect to be able to login to the EMU network to access network drives (i.e. P, G, Z, etc) or EMU networked printers, you will not be able to login beginning Tuesday morning, May 29. Please send an email to the Info Systems helpdesk (helpdesk@emu.edu) immediately so that we can make plans to provide you with a Windows 7 computer.
This has been a big project, requiring significant expertise and lots of sustained hard work by all members of the Information Systems team. I am grateful for all the efforts the entire team. Kudos and thanks to everyone!
Phishing: Another Reminder – NEVER Give Away Your EMU Password!
With several EMU email accounts having recently been compromised because the EMU mailbox owners were tricked into giving away their passwords, I feel I need to, again, remind the campus community that you should never, never, never give away your EMU password. Did I mention NEVER?
Email messages are being sent to @emu.edu email addresses nearly every day with very clever messages that attempt to trick employees and students into thinking they need to reply or click on a link to go to a web page and provide their username and password. Our systems block many of these but some inevitably get through our filters.
These are called “phishing” email messages which attempt to have you disclose your EMU email password. The “phishers” want your username and password so that they can access your email account, not necessarily because they want info about you – although that could be the case in some rare circumstances. Most likely it is because they want access to an email account from which to send spam – and when that happens to an EMU email account we are ALL put at risk of not being able to send email – because the big email processors (Google, Microsoft, Verizon, AOL, Yahoo) will quickly “blacklist” email servers that they see sending spam. And the process of getting removed from a spam server blacklist is very difficult.
You can absolutely count on the following to be true:
- Information Systems will NEVER ask for your password.
- Information Systems will NEVER send you an email telling you that there is a problem with your account.
- Information Systems will NEVER send you a link** to a page where you need to re-enter your username and password to “reset” your account.
Please – “just hit delete” whenever you see an email message telling you that something is wrong with your EMU account and you need to “do something” to fix it. First, our systems would not have these kinds of problems and, second, if there is ever some kind of problem with your account we will NOT use email to communicate with you to resolve it.
I am baffled as to why users continue to be tricked by these messages. Could it be that we are all drowning in email and we “just want to get through them” and which causes us to zone out and we don’t really stop to think about what we are doing when one of these trickery messages appear?
Slow Down! Think! Hit Delete!
Don’t fall for the clever come-on by the phisher! Everyone is counting on you to “do the right thing” – JUST HIT DELETE!
** We may send you a reminder that your account password will expire in “X” number of days but our instructions will always be to go to MyEMU (my.emu.edu) and then click on the “Royal Password” link on the left column and follow the directions to change your password.
Broadcast Email Messages: Effective Tool or Spamming Ourselves?
Broadcast email messages are those sent to everyone, all-students and non-students @emu.edu. Any EMU employee can send to these email addresses. Info Systems receives unsolicited feedback periodically from the campus community that is often critical of the number and kinds of broadcast messages sent. I offer the following comments for the campus community to consider:
- SGA reps on the Info Systems Planning Committee (ISPC) consistently tell us that students do not regularly read EMU email messages, and many always ignore “all-students” messages, mostly because they consider these messages “internal spam”.
- Students and employees can “opt-out” of broadcast messages by visiting the email broadcast options page. Urgent broadcast messages are sent to everyone-urgent, all-students-urgent and non-students-urgent @emu.edu addresses and are not subject to the opt-out provisions of the system. Only a limited number of authorized persons can send “urgent” broadcast messages.
- Before sending a broadcast message, senders are urged to consider alternative communications venues. These are discussed in the Broadcast Communications section of the Info Systems HelpZone (www.emu.edu/is/helpzone) and include using the EMU Web Events Calendar and EMU eClassifieds.
- Our broadcast email system is aging and due for a major upgrade which will be part of an overall email system upgrade sometime in the next two years. As part of our planning process we will be considering a wide spectrum of communications resources, some of which could replace current broadcast email use.
- When sending broadcast messages, we recommend that you:
- Keep the message short and succinct.
- Proof-read the message carefully. Consider sending it to yourself first to make sure it says what you want it to say.
- If attaching a file, PDF files work best (and they are generally smallest). All EMU-owned computers can create PDF files. If you don’t know how to do this, contact the IS Helpdesk.
- Send to the most narrowly defined list. Broadcast email lists are described on the Broadcast Communications web page.
- Use “plain text” format. Because our broadcast email system is aging it often cannot format full HTML messages properly and the result is “a bunch of garbage”. There is no way for you to know what will format correctly and what won’t (in this case, sending a sample message to yourself does not use the same “email engine” that broadcast messages use).
To summarize: Think carefully as you consider whether to send a broadcast email message. If you decide you need to send a broadcast message, take some time to carefully write it. Review the information on the Broadcast Communications web page to determine how best to send your message.
Internet Bandwidth: A Costly Resource – Please Use Wisely
EMU relies heavily on its Internet connection for a wide spectrum of resources and functionality. As of December 2011, the campus uses a 45mbps metropolitan Ethernet connection which costs about $50,000 each year. This is a relatively low amount of bandwidth for an institution our size because, for a number of reasons, Internet bandwidth in our area is very expensive. A “data traffic shaper” management appliance is used to ensure that this scarce resource is available to those who need it most to fulfill their institutional responsibilities. During traditional work-hours (Mon-Fri, 8am – 5pm) prioritization is given to faculty and staff and outside of these hours the full capacity of the connection is made available to the residence halls.
The types of Internet use determines how much of the connection an individual user uses. Low bandwidth uses include email and casual web surfing. Bandwidth increases significantly for “streaming” activities such as listening to music and watching videos. Some of the most intense use of bandwidth occurs with streaming video from movie sources such as NetFlix. For this reason we block NetFlix in computer labs.
We evaluate our Internet connection needs each year during the budget planning process and project what kind of a capacity increase we should build into the budget. Because of the tight budget situation this year (2011-12) we did not increase our Internet capacity in September. The result is that our Internet connection is now “maxed-out” most of the day (i.e. from about 10am through mid-night).
We are in the process of determining whether to re-prioritize some budget areas to allow for an purchasing an increase to our Internet bandwidth but we also know that the campus community will use whatever capacity is available.
Special Note to Faculty/Staff: Because you are given “top preference” during traditional work-hours, please do NOT use your computer during these times to connect to “entertainment” kinds of web resources. As examples, this means streaming videos (e.g. NetFlix, Hulu, Crackle, etc) and streaming audio (e.g. Pandora, Internet radio stations, etc).
Status Update – Microsoft Migration Project
In 1995 EMU implemented its first campus-wide network using the Novell networking system. At the time it was the most popular networking system in operation, particularly on college campuses. Over time, Microsoft networking systems improved and by 2000 Microsoft became the predominant system used in commercial environments and colleges and universities also began migrating to it. EMU’s decision to move from Novell eDirectory (eDir) to Microsoft Active Directory (AD) networking came in the late 2000’s, primarily because we believed (and continue to believe) that having our core business system converted to a Windows server system (i.e. Jenzabar EX) prior to migrating to Microsoft networking would be advantageous in the long run.
Over a year’s worth of planning preceded our actual migration work. This is a huge project and with countless connections and dependencies, many of which ordinary users will never see or recognize. The main categories of work to be completed for the project are:
| AD Migration Category of Work | Current Status |
| Create the Windows server architecture and domain to host Microsoft AD (our central network system database). The name of our AD is ROYALS. | Completed early 2011 |
| Move users account records from Novell eDir to Microsoft AD. | Completed, June 2011 |
| Move Students’ P-drive and Z-drive files (and classwork files on V) to AD. | Completed, July 2011 |
| Move Faculty/Staff Z-drive files to AD. We completed this in August 2011. | Completed, August 2011 |
| Move Faculty/Staff P-drive and G-drive files to AD. | Completed, September 2011 |
| Replace Novell NetStorage with Cisco ASA Web VPN. | Completed, September 2011 |
| Move Faculty/Staff Media Files (Marketing department, etc) to AD. | Future Activity |
| Retrofit all programs that use EMU EID username and password to use AD instead of eDir. | Many completed, some remain to be completed. |
| Move printers into AD. | Pre-requisite to rollout of Windows 7 computers. |
| Move Lab Computers and Teacher Workstations into AD. | Scheduled for the week prior to start of spring semester. |
| Move EMU-Owned computers (Windows and Macintosh) into AD | Will be done when Windows 7 Computers are rolled out to departments and Macintosh computers are upgraded to OSX 7 (Lion). Needs to be completed by 31 MAY 2012. |
| Modify many “under-the-hood” connections and dependencies from eDir to AD. | Needs to be completed by 31 MAY 2012 when our Novell licenses expire. |
User Impact
In all of our planning efforts we have attempted to minimize disruptions for the users. However, because we must “live in two worlds” (Novell and Microsoft) for nearly a year (June 2011 thru May 2012) at times it is necessary for us to “bridge” these two worlds with special procedures. One of the most visible of these “bridges” is the need for users to enter their password in a second prompt when logging into the network. This is a temporary procedure and will be eliminated when a user’s computer is upgraded to Windows 7. For users of Lab Computers or Teacher Workstations, the second prompt should be eliminated at the beginning of the spring semester when these computers become part of the domain.
Moving employee Z-drive data to Microsoft Royals domain
On Friday evening (08/19/2011), Information Systems will be moving files currently located on the Faculty/Staff Novell server (FS) to our Microsoft Royals domain servers. This will change what happens when employees log into the network during and after the moving is performed. We want to make EMU employees aware of the following details:
Date/time for the student data moving process:
Begins: 5:30PM, Friday, 19 Aug
Ends: noon on Saturday, 20 Aug
Files that will be moved:
- Employee Z-drive files
Moving Student data to Microsoft Royals domain
Information Systems will be moving files on the student Novell server (ST) to our Microsoft Royals domain servers. This will change what happens when students and (some) employees log into the network during and after the moving is performed. We want to make students, faculty and staff aware of the following details:
Date/time for the student data moving process:
Begins at noon on Thursday, 04 Aug
Ends at noon on Friday, 05 Aug
Student files that will be moved:
- Students’ P: drive files
- Students’ Z: drive files (for faculty, these are the W: drive files)
- Students’ G: drive files (few students have G: drives)
- Classdata V: drive files
- Apps M: drive files