File Associations for MD2012

Altering existing file associations
Due to requests since being released, for MD2012 we intend to alter the file associations so that media files are predominantly opened by either Windows Media Player or QuickTime, with Real Player only opening file types that the other media players can’t play, such as .rm files.

After consultation with some staff in faculties, Brian Irwin has supplied a list of file types that we wish to open with specific media players.

These updated associations will be applied to workstations with the release of the next patch, which is due very shortly.

File Associations in Windows 7 are quite complicated, in that they can be in three different places, and depending on where they are depends on what takes precedence, with Current User settings the highest precedence.

Using MD Help to determine and reset file associations
In order to help users determine which application will be opened by which file type on their current workstation we have updated the ‘MD Help’ tool on the Start Menu. Select the ‘File Associations‘ tab then select the ‘Run File Association Report‘ button. This will take a short period of time to run.

If you wish to reset the file associations to the default ones then use the ‘Restore MD Default Associations‘ button.

Full list of all File Associations
For a full list of all of the proposed file associations and their associated application please see the page File Associations

Blocking the Dropbox client on Lab workstations

In order to try and ensure the continuity of the Managed Desktop service for Lab workstations, we have decided to block users from installing and using the Dropbox sync client on Lab workstations.

This is due to the fact that the Dropbox client will install for users with USER rights and once installed and configured could potentially download Gigabytes of data from the Dropbox service to the user’s profile on the local workstation.
This could fill the disk of the workstation and cause numerous issues, especially if a few users all did this on the same workstation.

Dropbox files still available via the web portal
Please note that access to the Dropbox service is not being blocked, the recommended access to such services for all users is via the web portal for the service which will allow users to transfer files individually, so only transferring those files that are actually required which is more appropriate than sync’ing every file in their Dropbox account unnecessarily.

AppLocker
The method for blocking the installation of the client is using a technology called ‘AppLocker’ which is available with Windows 7.
This will restrict defined executables from being run, and is configured within a Group Policy.
At present we have set up a Group Policy to block the Dropbox client and Sugarsync client from installing and running and this policy has been applied to all Lab workstations.

If the user tries to run an application that is blocked they receive the following message on screen:

For more information on AppLocker see:
http://technet.microsoft.com/en-us/library/dd548340(WS.10).aspx

Other sync clients
We do intend to add other sync clients to the list of blocked applications as soon as we have tested to ensure they are blocked as expected and don’t cause other issues.
The biggest issue with Dropbox is that it will allow USERS to install the client, where as clients such as Googlesync will not install if the user is not a local administrator.

MS security updates for MD – MS12-063

Last Friday Microsoft released an Out of Band security update for Internet Explorer (MS12-063). The update is rated as critical in our environment and is being actively exploited in the wild so this morning it has been approved for delivery to Managed Workstations via the WSUS system.

For more information on the update see:
http://blogs.technet.com/b/uspartner_ts2team/archive/2012/09/24/out-of-band-security-fix-please-take-action-now-bulletin-ms12-063-critical.aspx

Security Updates for MD2012 delivered via WSUS

Yesterday an issue was discovered by which some MD2012 workstations may not have been receiving WSUS updates as expected. A fix was implemented last night on the WSUS server and MD2012 workstations should now be receiving WSUS updates as expected again.

MD2012 workstations will now begin to install previously authorised updates that are queued up for installation and these may be installed over the coming days.

WSUS is the University’s Enterprise Windows Update Service that will distribute Microsoft Security Updates once authorised by the University.

 

What’s new in MD2012

Managed Desktop 2012 is built upon the MD2011 desktop, so based on the Windows 7 Enterprise Operating System.

There have been a number of updates to software and settings for Managed Desktop 2012.
These updates include:

Software updates

  • CD Burner XP Pro installed to help create CDs and DVDs
  • IE9
  • QuickTime Player 7.7.2
  • SilverLight x64 version 5.1.10411.0
  • Java 1.6 JRE version 1.6.0 Update 32
  • Java 1.6 JDK version 1.6.0 Update 32
  • Adobe Reader 10.1.3
  • Simplified Chinese Fonts Support for Adobe Reader 10
  • Sophos 10
  • Microsoft Mathematics Add-in for Word and Onenote
  • FS Clerkenwell fonts
  • Google Chrome 20

 
Configuration updates

  • Associated .tab files with Excel so SI extracts open automatically
  • Altered associations so when a movie DVD is inserted Windows Media Player is launched automatically
  • Languages altered in ‘Language Bar’ so more appropriate (more languages will be available from the Start Menu this year as well)
  • Disabled Quick Keys to toggle foreign languages and keyboards
  • Altered Explorer so Drives shown in ‘Tiles’ view (will show free space correctly when using Windows file store)
  • Altered Excel to set macros to ‘Disable all macros with notification’

Improvements for laptops

  • Hibernation mode enabled for Office laptops
  • Cached Exchange Mode enabled for staff using Office laptops
  • IPSec VPN client, including routines to map drives during the connection process for Office laptops

 
At present MD2012 is only available by re-imaging an existing workstation, but we will be producing a series of patches in order to automatically update MD2011 workstations to MD2012.

MD2012 updates for staff laptop users

In order to try and improve the usability and experience for staff laptop users, the MD2012 desktop has had a number of updates and improvements in order to improve the user experience, especially when working away from the University.

These improvements include:

  • Cached Exchange Mode
  • Hibernation mode for power saving settings
  • IPSec VPN client, that will map user drive mappings when connected
  • Skype and Video camera software for laptops that are part of SLS Loan Laptop service
  • Privilege Guard so that users have elevated rights to install and configure applications, printers and networks
Some of these updates will apply to MD2011 laptops as well, but not all.

 

Cached Exchange Mode
Cached Exchange Mode will cache the user’s mailbox to the workstation so that emails and calendar appointments will be visible whilst away from the University. Users can read, create and send new emails whilst offline, then when connected to the internet the mailbox will sync new and existing emails with the SHU Exchange Server, whilst sending any emails in the Outbox.
Note: Users of the new Exchange 2010 service will currently need to use the VPN for the sync’ing to occur whilst away from the University

 

Hibernation Mode
In order to conserve energy whilst improving the usability of laptops, MD2012 laptops can enter hibernation mode, which effectively saves the contents of memory to a file and then switches the workstation off. This will save battery power and allows users to restore the laptop to the previous state quickly.

 

The IPSec client will allow more concurrent connections to the SHU VPN service.
As part of the connection process, users will have the same drive mappings as when in the University, so will have access to Homespace, Shared drives etc.

 

Privilege Guard
Privilege Guard is a service to allow users to have elevated rights to install applications, install printers and configure wireless networks as required.

 

Future Enhancements
Networks and Infrastructure intend to implement Window file store shortly and then move users existing Homespace and Shared folders to this file store.
When this occurs laptop users will have Offline files enabled, which will automatically sync certain directories within Homespace with their laptop, allowing access to the files stored in these directories whilst not connected to a network.
The directories that will be sync’d include ‘My Documents’ and ‘IE Favorites’.
Any updates to files within these directories will be sync’d on re-connection to the SHU network.

Software List

IS&T have produced an updated software list that currently lists the availability of software for the University’s Managed Desktop within the student IT laboratories.

The list will display a list of currently available software and where it is deployed within the University, as well as a list of software deployed to each room.

The list is a quite comprehensive list with a large amount of the software, but it is not yet complete as software is still being deployed and some software that is deployed manually is not currently included in the list.

The list does not currently include the location of software within the Learning Centres but we hope to include this very soon.

The list can be found here:
Software List

MD Info application available on the MD7 menus

In order to help users and IT Help staff diagnose issues with a workstation or user code, IS&T have made available an application that will analyse the workstation and user code in order to provide important information for support staff, as well as providing users with some self service tasks to resolve common problems.

The information can be emailed directly to IT Help if requested, where it will be entered as a new Unidesk call.

Menu Shortcut

The ‘MD Info’ menu shortcut is available at the root of the workstation menus on all MD7 workstations.

Future Development

We expect the application to have quite a lot of development of the next few months as new features are added and any issues are rectified. Suggestions for new features would be welcomed. Please let IT Help know of any ideas.

At some point the application files will be installed on the workstation so that they will be available for laptop users whilst away from the University.

 

Google Chrome browser updated to version 20.0.1132.57

Google Chrome is currently being updated for the Windows 7 Managed Desktop to version 20.0.1132.57.

The update will apply when the machine is not logged in as Chrome can not be updated whilst it is in use.

Updates and New Functionality

This version fixes a number of known security issues and updates Adobe Flash to the latest version.

Chrome to Mobile

Version 20 now automatically supports the ‘Chrome to Mobile’ extension which allows users who have signed in to the Chrome browser to send web pages from their computer direct to their Android device if they are using Android 4 and have the Google Chrome browser installed. The option to allow this to occur needs enabling within the settings of the Chrome Browser on the Android device.

For more information about this feature and the latest Chrome update please see:
Chrome to mobile extenstion
Chrome Stable Update Release

Updated VPN client and settings for MD7 laptops

From the week beginning 6th August 2012, Networks and Infrastructure will be releasing an updated VPN client to all MD7 Office laptops in order to improve the user experience for MD7 laptop users.

The updated client will allow more concurrent connections to the VPN service and provide enhanced security.

Installation Process

The VPN client update will install during the workstation startup process and once available there will be two icons on the desktop to allow connection to the SHU VPN and to disconnect when finished.

Connecting to the SHU VPN

In order to connect to the VPN the user should double click on the ‘Connect to SHU VPN’ desktop shortcut. This will launch the the application and display the login screen where the user will be required to enter their SHU usercode and password.

The client does have a slightly different login screen to the previous client as this is an updated version of the client software.

Drives Mapped

As part of the updated settings, once the connection has been successful the user should receive a message informing them that the network drives have been mapped successfully and the user will then have same drive letters mapped as they get whilst working within the University.

Access to the University Resources

Once connected to the VPN the user will be using  the SHU network and so will have access to SHU resources that are not normally available from outside the University, such as Homespace, shared drives and University services.

Using the Internet

Whilst the user is connected to the VPN all internet traffic will be directed through the SHU VPN network until the VPN is disconnected, when traffic will revert to using the ISP network.

Disconnecting from the SHU VPN Network

In order to disconnect from the SHU VPN network users should double click on the Disconnect desktop shortcut. As part of the disconnect process this will remove the drive mappings to the SHU network file store.

Gallery