AD Clean-up Procedure

We have not been clearing out old objects in the AD for sometime. Hence we have a lot of unused objects in the AD. This has a knock on effect in SCCM which we plan to migrate to 2012 next year.

The following procedure has been proposed:-

A script that will run monthly, this script will:

  1. Create an AD group based on month and year in the format
  2. It will look at the lastlogontimestamp and look for machines that have not been logged into for 90 days.
  3. It will then disable them and add them to the AD group created in step 1.

The group can then be browsed and machines can be enabled and removed from the group.

Then another script will run monthly to delete the computers:

  1. It will get the group from the AD, from 3 months ago eg. “7-2014-DisabledComputers”
  2. It will then delete the computers in the group and then finally delete the group

At this point the machine will have had 90 days from the first script and a further 90 days from the second, giving a total of 6 months.

Please send any feedback to by 7th November 2014.


Security Updates to MBiL Mac OS

Critical OS X updates required

What is happening

The Mac OS on Multi-Boot iMac Lab (MBiL) Service computers must be updated to resolve recent high-profile security vulnerabilities. The updates to be installed are:

These updates will be deployed using the Casper Suite from the dates below and only install between 8:00pm and 8:00am. Following the installation of these updates, a re-install of rEFInd and reboot are required and will be carried out automatically by the update policy.

If a user is logged in at the time when the reboot is due then a message will ask if the user is OK for the reboot to happen in 1 minute. The user can choose not to click OK to postpone the reboot.

How will the works affect me?

The Macs are set to boot at 2:00am on weekday mornings if they are powered off.

  • If rEFInd in your labs is set to boot to OS X automatically (the default behaviour), no action is required on your part.
  • If you have configured rEFInd to boot to Windows by default, you will need to change this to boot to OS X by default to allow the updates to install.

After the installation, rEFInd will revert to booting the Mac OS by default.


The updates will be released to the MBiL Service labs on these dates:

  • N004/5: Monday 27th October 8:00pm
  • All MBiL labs: Monday 3rd November 8:00pm

The machines will install these updates when they next check-in with the Casper server after these times, but not between 8:00am and 8:00pm.

Further information

Please contact the IT Service Desk:<>, 01509 222333.

‘Poodle’ SSL v3.0 vulnerability on managed desktop services

We will shortly be making changes to secure against the well-publicised SSL v3.0 vulnerability (known as ‘Poodle’) on ITS managed browsers on the Windows 7 Service (IE9, IE11 and Chrome) and MBiL Service Mac OS (Safari and Chrome). These fixes will be deployed to the respective services shortly, with exact schedules to be confirmed in the next few days.

Following the deployment, SSL v3.0 will be disabled on the browsers listed above. This is in-line with security advice all web browsers and servers should be secured against any potential attacks by disabling SSL v3.0, as this protocol has been legacy for some time.

More information on the exploit can be found here:

Live Task Sequence Change – Adding support for iMac models

The “Windows 7 Service – 2014-15 LIVE task sequence” and template will be unavailable between 08:30 – 09:00 Friday 24th October.

We will be adding specific drivers for iMac 11,2, iMac 12,2, iMac 14,4 and the appropriate bootcamp package. These changes have been tested successfully in Comp Sci and SBE.

Please don’t try to run the “Windows 7 Service – 2014-15 LIVE task sequence” until after 09:00 as the task sequence will fail when the change is made.

Kind Regards,

IT Services



Some Adobe applications are not working in ITS labs.

We have received reports that some Adobe applications (InDesign, Photoshop) have not been working in ITS labs.

The cause of this problem is that Adobe CS6 Design and Web Premium was install via SCCM after mandatory profiles were created in the custom image. The Adobe installer put crucial files into the default profiles, ignoring the fact the mandatory profiles are in use.

The missing files have been identified and a script has been written to deploy them to ITS labs. (Mandatory profiles are only currently used in IT labs.)

This script has just been deployed to the all ITS labs so all machines should be fixed within the next few hours.

Updates to Live Task Sequence in SCCM

A couple of changes are required to the Live Windows 7 Task Sequence:-

  1. Update the Staff image to further reduce the number of updates required.
  2. Change the name of the “EFI Digital Storefront” printer to be “Online Printing”

The Windows 7 Service 2014-15 LIVE task sequence will be updated at the time below. Please do not use this Task Sequence while these changes are taking place.

These changes will take place between 8am and 9am on Wednesday October 8th 2014.

Labs – Matlab 2014a Download Problems – ongoing

A large number of SCCM clients waiting for Matlab were stuck on waiting for content.  This was due to server side rules blocking some file types.  This has been resolved so clients can download and install Matlab.

Unfortunately, there appears to be a secondary issue where clients are not receiving policies which could kick start this install. We are continuing to look into this as a matter of urgency but in the mean time if Matlab is required for teaching we recomend logging on to run the advert from “run advertised programs” which will take about 20 minutes.

Kind Regards,

IT Services