Tag Archives: Accounts

Service Desk Digest 5/16/2017

Student Meeting on 5/18

Most of you are scheduled to attend a mandatory meeting this Thursday from 5PM-7PM. We will record the meeting so that anyone who is not able to attend can catch up later. Food will be included (pizza).

The agenda so far includes the following:

  • Richard Turk – Computer lab support overview
  • Chris Evans – Beaverprint overview and troubleshooting
  • Nathan Power – Citrix XenApp overview and troubleshooting
  • Jason Appah – Exchange troubleshooting and road map
  • Josh Crowl – Wireless network troubleshooting
  • Andrew Wheeler – IS and Client Services strategic plan and direction
  • Max Cohen – Time off and scheduling procedures
  • Kirsten/Max/Andrew – OSU-Cascades tier 1 support
  • Jeff Bonnichsen – Reminders about ticket updates, professionalism
  • Kirsten/Max – Congratulations to graduating students

Appointment Ticket Troubles

Pat has been reviewing all on-site appointments and has been seeing the following issues repeatedly. Please make sure you are following proper process when creating appointments:

  • Ticket type still set to service desk / intake. This should be set to the type appropriate for the appointment.
  • Responsible not set for field technician. Responsible needs to be set so on-site techs can find their tickets.
  • Calendar notes field void of ticket # or ticket URL. On-site techs need these details so they can prepare for appointments.
  • Requested placement time (length) doesn’t match calendar appointment length. This can lead to problems with overbooking. Please pay attention to the placement time notes in the ticket.

Steps to create an appointment are outlined here. If you need a refresher, please talk to Pat or Robin.

LAN Party Finals Week

The next LAN party will be Friday, June 16 at 6:00PM in the Milne Computer Lab.

If you would like to contribute towards pizza, please see Kirsten.

If you have questions about what games we will be playing or what tech to bring, talk to Thomas.

Security Items

If you are not familiar with common strategies for account phishing and identity theft, please read up. I will provide some training materials shortly.

We have had a handful of incidents recently where a Service Desk technician gave really bad advice to a customer. Please be aware of the following common issues:

  • Tech Support Scam. A customer is directed to call a support number due to vague “security problems” on their computer. The person on the call wants to remote into their computer and install software. THIS IS A SCAM. They may be attempting to compromise the person’s computer, gain access to their data, or encrypt their data in a ransomware attack. If a customer asks about an attack like this, tell them it is likely malicious, and not to call the number. If they allowed someone to remote into their machine, help them check for malware. If they are a CN customer, make sure to ask first if they handle PII (Personally Identifiable Information) such as credit card numbers or social security numbers.
  • Account Phishing. If a customer has received an email telling them their account is going to be deactivated unless they take some action, help them review the email. If it does not look like a notice from the ONID system, and/or directs them to a website that is not at OSU, it is most likely a PHISHING ATTEMPT where an attacker attempts to gain access to their account, usually to send spam and more phishing email.  A good technique is to mouse over any links in the email and wait for the URL to pop-up – it is is not an oregonstate.edu URL, they should not click on it. This is a good technique to train customers on.
  • If Unsure, Change the Password. As our CIO Lois Brooks said, if someone is asking whether they should maybe change their password, we should tell them to change their password. If a customer has clicked on a suspicious link and then provided their username and password, help them IMMEDIATELY CHANGE THEIR PASSWORD.  Please also ask them for details about the phishing attack and record that in the ticket. Notify ONID Support of the potential compromise so they can check the account to see if there is any suspicious activity such as open connections from another country.

Client Services Code Moved to GitHub Enterprise

Our code repositories are moving (have moved?) to an IS-wide GitHub Enterprise account. If you have questions, please ask in #sd-development on Slack.

Restricted Groups in Active Directory

For some groups we manage for CN customers, the customers have indicated they do not want us to make any membership changes without explicit approval from the group owner. In the past, we have had a few issues were we made changes to these groups anyway, without the customers’ permission.

To avoid this problem, the naming convention for these restricted groups has been changed to: RESTRICTED-Name-RESTRICTED

If you are asked to make a change to a group with this naming convention, please check the notes on the object. If you are unsure what to do, please check in with a full-time staff member.

Out-of-Order in the Computer Labs

If an item in one of the computer labs is out of order, please do the following:

  • Post an “Out of order” sign
  • UNPLUG THE DEVICE (otherwise helpful customers will turn it back on)
  • Make a ticket with Responsible set to Campus Labs
  • If urgent, post in #is-campus-labs on Slack for assistance

Unified Accounts: Things to Know

As you all hopefully know, the university is working on unifying all Active Directory accounts as a part of the identity management initiative.  Here are a few things you should know in order to support our customers during and after this transition.

Short version:
Look in RefTool to see if an account is unified.
Unified means they have ONE account, in ONID.
Password resets are via the ONID password reset tool.
Directory updates happen via Banner data.

What is Account Unification?

From the customer’s perspective, account unification means they have one set of credentials to login to most university services. They will use the same username and password to login to email, VPN, OSU Online services, etc.

From an IT perspective, a unified account means the following:

  • It is like a traditional “ONID” account:
    • It is automatically created via scripts from Banner data.
    • The customer activates their account when they become a new student or employee.
    • It is synchronized between ONID LDAP, the ONID Active Directory domain, Google, and Office 365 (same username and pass for all of these).
    • Directory information such as name, phone number and office are populated from Banner (and need to be updated there if they are wrong).
    • Password resets are self-service via the ONID password reset tool.
  • An IT unit on campus has claimed the account, and has administrative access to it.
  • The AD account may or may not have an Exchange mailbox attached to it. If it does, the ONID email address will not be listed in the Exchange Global Address List (GAL).

Note: for undergraduate students, account unification doesn’t have any particular meaning, because they typically only had one AD account to begin with (the ONID one).

Is This Account Unified?

In RefTool, you can see whether an account has been unified. Because unification has no impact on undergraduate students, nothing will be listed for them.

So far, the following groups have been unified: Library, Information Services, College of Ag Sciences.

All units should be unified by January 2016.

User Principal Name (UPN)

We are requiring everyone to set their UPN to the new standard as part of the account unification process. People might be confused about how to login after this.

The UPN is another account logon type, in the format oniduser@oregonstate.edu.

The UPN is unique in the AD forest, whereas usernames can be repeated (i.e. you can have forestry\bob and onid\bob and they can be different people, but there is only one bob@oregonstate.edu).

Because the UPN looks like an email address, we decided to make sure that everyone also has an email alias that matches their oniduser@oregonstate.edu UPN. However, that email alias may not be the person’s primary alias, the one they send email from.

For example, my attributes are as follows:

    username: peterkir
    UPN: peterkir@oregonstate.edu
    primary SMTP:kirsten.petersen@oregonstate.edu
    additional SMTP: peterkir@oregonstate.edu
    SIP address: kirsten.petersen@oregonstate.edu

In many places you can login either as domain\user or user@oregonstate.edu.  Office 365 requires you to login with the UPN.

The SIP address is used for Lync, and does not have a standard format yet (unfortunately). Changing the SIP address is a problem – it causes the person to disappear from other people’s contact lists.