CalNetAD Planning Committee

October 14, 2005

2195 Hearst, 200C Conference Room, 11:00AM-12:00 PM

Updated: 10/14/2005

Agenda

1. EFS Pilot Deployment (John Weber)

2. SNS Scanner GPO (Allison Henry, CNS)

3. BearShare (Michael Leefers)

4. Other Business

Notes

EFS Pilot Deployment

John discussed the forthcoming CalNetAD EFS pilot. The pilot will initially consist of a select, small group of OUs and will begin on November 1. A production implementation for general use should be available after the first of 2006. The pilot will help to determine pricing and the final wording of a service level agreement.

A draft copy of the proposed CalNetPKI key management plan is available here. Users interested in joining the pilot are asked to contact the CalNetAD administrators.

The key management plan will be presented to the Campus Information Security Committee (CISC) for comments and review before EFS is available for general use.

SNS Scanner GPO

Allison Henry from CNS discussed how to allow System and Network Security's (SNS) new scanning product, McAfee's Foundstone Scanner, through the Windows Firewall native to Windows XP/2003. She authored a Group Policy Object to allow specific port exceptions for the scanner's IP range. These port exceptions are for the scanner to probe common services, such as HTTP/HTTPS, FTP, and Windows file/print sharing.

The GPO is available to CalNetAD users to be used as a template for allowing the SNS scanners through their host based firewalls. The GPOs name, CAMPUS - SNS Scanner Ports, should not be linked directly to, since it will override all other Windows Firewall port exceptions an OU already has. OU admins should use the Group Policy Management Console (GPMC) to achieve this.

Although it is not mandatory to allow SNS' scanners though a machine's host based firewall, it is strongly encouraged. As an incentive, SNS will give custom reports to groups who allow the scanner through their firewall as part of a test process. Contact SNS for more details.

BearShare

Michael Leefers gave a presentation on BearShare, CCS' new web based collaboration product based upon Microsoft Sharepoint. BearShare allows users to easily create, manage and build collaborative web sites and make them available to other users of BearShare. In addition, BearShare offers content management, strengthens security, and extends interoperability. Bearshare makes great use of CalNetAD for authorization and access controls.

Users can demo BearShare via the About BearShare site. Pricing starts at $300 per year for a 1GB site.

Other Business

CalNetAD's deployment of Software Update Service (SUS) will be abated early next year in favor of Windows Update Software Service (WSUS). WSUS offers numerous advantages over SUS, including the deployment of Office patches and web reporting. The CalNetAD team is investigating if the web reporting feature can be delegated on a per-OU basis.

CalNetAD and the College of Engineering are partnering to test schema extensions in the CalNetAD test forest for other Microsoft products, such as Systems Management Server 2003 (SMS) and Microsoft Exchange. Results will be presented to the planning committee in a future meeting.

If there are updates to be made to either the CalNetAD planning committee or admin lists, please notify the CalNetAD team so that those updates can be made.