UPN Changes for Ag Ed & Ag Dean’s Office users

At 2pm this afternoon, we’ll be adjusting the UPN attribute from the old standard (first.last@oregonstate.edu) to the new standard (ONIDusername@oregonstate.edu).

The following users are on the list for this particular change:

Ag Ed:
Almanza, Melissa
Croom, Barry
Jones, Melanie
Lambert, Misty
McKim, Aaron
Stewart, Josh
Strawn, Kellie
Thompson, Greg
Velez, Jonathan

Ag Dean:
Angima, Sam
Arp, Dan
Austin, Loretta
Auyong, Jan
Boggess, Bill
Burkholder, Carrie
Coakley, Stella
Crannell, Wanda
Cuevas, Gretchen
Curtis, Larry
Curtis, Shelley
Diebel, Penelope
Dorres, Paul
Etherington, Elizabeth
Fausett, Lowell
Gaebel, Katie
Hackenbruck, Joshua
Hartley, Betsy
Herring, Peg
Li, Glen
Sears, Sandy
Sutherland, Susan
Talbott, John
Webb, Elizabeth C.

Windows 10: Updated ISOs

I downloaded updated ISOs for both RTM builds of Windows 10 Enterprise 64-bit and put them up here: \\software.oregonstate.edu\software\Microsoft Desktop OS\Windows 10

The two versions are the Current Branch (CB.10240…) and Long Term Services Branch (LTSB.10240…). I’m assuming we’ll want to install the CB…here’s a good explanation: http://windowsitpro.com/windows-10/microsoft-describes-new-business-servicing-branches-updating-windows-10.


The following applications will be updated tonight via Ninite:

  • Chrome: 44.0.2403.89 –> 44.0.2403.107 (details)
Also, since I missed last week, the following updates were applied last week:
  • Notepad++: –> 6.8 (details)
  • PuTTY: 0.64 –> 0.65 (details)
The following Microsoft updates will get applied tomorrow morning:
Windows 7
Windows 8.1
As for last week, not much to report for Windows 7 but Windows 8.1 received a large number of updates totaling ~1GB in size.
No issues to report.

New Core Migration: OSU Audit Services

Last Friday, July 24th OSU Audit Services was moved to the new core network.

Cyder/IP change

Workstations and printers were moved from zone.conet ( – to zone.cn_univadmin ( –

Printer change

Printers are now being deployed to workstations via GPO:

Printer address: \\iscs-printq\KAd-240-Ricoh-MP-3351
Printer IP:
Printer driver: PCL6 Universal v4.6
Security group: CN_Printers_KAd 240 Ricoh MP 3351
ONID GPO: TSS – Printer Deployment – Audit Services
TSS GPO: Printer Deployment – Audit Services

Note: The GPOs only apply to the department’s OU and domain users in the security group above.

Resolved Issues

  • Andrew Bailey wasn’t getting the printer installed. It turns out he logs in with his ONID account and I forgot to update the printer deployment GPO on ONID with a corrected printer name.
  • Clay Simmons had a history of printing issues. I stopped the spooler service and was able to nuke all of the printers. After that I discovered Clay works out of the OSU Audit office but actually works for the Provost’s Office which meant that the printer GPO wasn’t getting deployed to his user account. To resolve this I had to apply the printer GPO to the Provost’s Office users OU.
  • Some folks didn’t get the printer installed. The resolution was to run a gpupdate /force, log out and log back in.

Update to Managed Java Settings

An update was rolled out to the managed Java settings on Windows hosts in the CN domain. The GPO is currently applied to the CN, G1, G2, G3, and INTO-OSU OUs. If an OU is blocking inheritance or outside of those OUs, the policy will not apply.

The managed settings now also deploy certificate trusts for the certificates on Banner, Appworx, and Nolij. This means that users should no longer be prompted with the usual “Do you want to run this application?” prompt when launching those applications, unless the certificates are changed at a later date.

If you run into users hitting “Do you want to run this application?” or other Java prompts for OSU applications, please let me (Ben) know so I can work on getting the deployed settings to play nice with those applications, or update the existing certs as needed.

The complete list of what settings we’re managing is:
– Force SSLv2ClientHello Format enablement (required for Banner to run properly under Java 8, off by default)
– Force TLSv1 enablement (required for Banner to run properly under Java 8, on by default but we don’t want people turning it off)
– Disable JRE auto-download (disable Oracle’s auto updater as much as Oracle will let us, so we don’t roll to known broken versions uncontrollably)
– Disable “Your Java version is out of data” messages (if we have to stay back on an old version, we don’t need to harass people about it)
– Disable sponsor offers on updates/installs (e.g. browser toolbars, as much as Oracle will let us turn this off)
– Import certificate trusts for Banner, Appworx, and Nolij

COHO outage – Thursday July 16th – 5:15pm-6:15pm


The tracking system, COHO II (helpdesk.oregonstate.edu), is being migrated from a physical server to virtual infrastructure.

To accomplish this, a brief 10-20 minute outage for the cutover is necessary.

E-mail messages will be queued and delivered into the appropriate tickets after COHO is brought back up.


Thursday July 16th, 5:15-6:15pm

Brief 10-20 minute outage. But for rollback times, the outage window is 5:15-6:15pm


Migrating COHO from physical to virtual server to help speed, redundancy and stop using the aging server hardware that COHO runs on.

Questions, feedback, etc?

All the best.


The following applications were updated last night via Ninite:

Many Microsoft Windows and Office updates were applied so a report has been generated here:

\\cn-share.tss.oregonstate.edu\IS\TSS\CN\Patch Tuesday\WSUSJuly2015.xls

For Windows 7 and 8.1 I show updates totaling less than 100MB each with Windows 8.1 having the most updates.

No issues to report.

Plugin Updates

Updates rolled out today for both Flash ( and Java (8u51). The flash update this morning addresses a number of the recent security vulnerabilities, and is not automatically blocked by Firefox (which is blacklisting and lower).

Java 8u51 is a regularly scheduled release, and functions just fine with Banner, Appworx, and Nolij. Firewall exceptions for the updated 8u51 path have been added to the domain firewall policy, and the old exceptions for 8u40 have been removed.