Sunday, 01 January 2012 05:00

Data Custodian Responsibilities

Data Custodians must:

  • Designate appropriate individuals with system administration responsibilities, ensuring that their role in securing the system is defined in their job description, and that they are trained in administration and security of the system.
  • Ensure adherence to UAB guidelines and procedures for protecting data as found in IT Security Practices.
  • Ensure compliance with all stipulations of this and other UAB policies and other legal and regulatory requirements including those related to dissemination of data (UAB's Information Disclosure and Confidentiality Policy) and disposal of computer equipment and systems (UAB's Equipment Accounting standards, and "Guidelines for secure disposal of media containing sensitive information").
  • Ensure that risk assessments are performed (including disaster recovery plans, backup and contingency plans) as required by HIPAA for all PHI. Risk assessment is recommended for all other sensitive or mission critical data.
  • Ensure that documentation of data resources created, used, or stored within their area of control is maintained.
  • Ensure that systems containing sensitive information are physically secured from unauthorized access.
  • Ensure that the department/unit follows procedures to mitigate all identified compromises or identified data security threats.
  • Ensure that actual or suspected data security breaches, especially when involving sensitive data, are reported to the Data Security Office immediately and that any recommended corrective action is implemented.
  • Ensure that non-UAB entities or contracted third party vendors handle data in accordance with UAB policies and procedures.

UAB IT has a procedure for secure media destruction of discs, CDs, DVDs, tapes and hard drives. 

Departmental IT personnel should call AskIT or submit a ticket to AskIT requesting an appointment for secure media destruction, then fill out a UAB Secure Media Destruction Custody Form with the ticket number. AskIT staff will make an appointment for you to bring the media and the form to the AskIT help desk in Cudworth Hall (CEC 225).

  • The individual transferring the media to UAB IT's AskIT help desk is required to verify all media listed on the forms is present.
  • All media must be listed on forms and numbered.
  • Media not numbered or listed on forms will not be accepted.
  • All fields on forms must be completed.
  • Each form must accompany the related media.

Once in the possession of AskIT, the media is stored securely until it is picked up by UAB IT staff for transport to the destruction site. The media is delivered to the Waste Holding Facility to be destroyed using the metal shredder or incinerator as appropriate. UAB IT personnel are required to witness the destruction of media and record this on the form you submit. The form will be attached to the work order created with AskIT.

Related procedures:

Destruction of University Records Procedures

Sunday, 01 January 2012 05:00

PGP Guide for Campus Administrators

Jump to a Section:

PGP Deployment Strategy

  1. Create a resource account on the UAB domain under your OU (AskIT can assist you with this). You typically want this to represent your department and PGP (e.g. SOPH-PGP or SOM-PGP).
  2. Login to the laptop and add a PGP account.
    1. If the laptop is on the UAB domain, add the resource account to the administrators group and proceed through the installation documentation while using that account.
    2. If the laptop is on a different domain or no domain at all, you can create a new admin and install PGP with that account.
  3. When you are prompted to enroll with the PGP server, provide the resource  or admin account credentials. This creates a recovery token that you can request to gain access to the machine (should you ever find yourself locked out of the system).
  4. When the installation is complete, you will need to add the user(s) to PGP with their normal login credentials and when the login, they will enter their BlazerID credentials in the enrollment screen (this generates a recovery token in case they ever have password issues).
  5. Remove the resource account from the administrators group at the end of the process. Removing admin rights from the PGP resource account ensures that if the password for either your domain admin account or PGP resource account is ever compromised, that the account only runs at a user level (additionally, compromised domain admin credentials don’t grant access to every encrypted laptop). To work on the system, you would have to input the PGP password, choose “Logout”, and then enter the admin account credentials.


How Different PGP Components Address Different Needs

PGP Whole Disk Encryption
Encrypts the whole hard drive or USB drive. Removable devices are not readable on a system unless PGP is installed. This option is most useful in cases where blanket encryption is needed.

PGP Virtual Disks
Creates a virtual drive (.pgd) that is only mountable on a system with PGP. A virtual disk can be added to portable drive to provide secure storage for sensitive information without forcing the entire drive to be encrypted. This gives the user the power to use the drive on systems without PGP, thus leaving flexibility intact and providing security for sensitive information because it cannot be accessed without PGP.

PGP Zip Archives
Creates a compressed and encrypted archive of files that in most cases can only be accessed on a system with PGP. If the user has PGP installed on a PC, then they are able to create “Self Decrypting Archives”. This particular archive type allows anyone with the passphrase to extract the secure contents of the file without having PGP installed. Self-decrypting archives are particularly useful when users need to move sensitive data and PGP may not be available at the destination.


PGP In-Depth

Installation
During setup, the system must must have access to the Internet or the UAB campus network in order to authenticate on the key-server (the address is embedded in the installer and is later added to the Windows Registry or Mac User Preferences). When you come to the point in the installation that you enter a BlazerID or resources account as enrollment credentials, they are sent to the key-server which checks against LDAP. Once you have successfully authenticated, the server will send some configuration information to the client and also create an entry under your BlazerID that will include information about the computer you are encrypting.

Passwords
Unless the BlazerID credentials are used to login to the system, they are only used to create a Whole Disk Recovery Token (WDRT) with the server; the user name and password for the local user are separate and aren’t sent to the server. Instead, an encrypted hash of the local password is cached in the PGP client once it’s used to login to Windows. So if you change a password, it will be updated only after it is used; not when the password is changed. This means that if the user chooses to restart immediately after changing their password, the old password must be used on the PGP Bootguard screen and the single sign-on feature (Windows) won’t log them in because Windows is expecting the new password. To prevent this situation from occurring, the user should probably choose to logout then login after a password change. The cached password should update immediately and the new password will work with the PGP Bootguard screen.
If multiple users plan to use a Windows system with PGP, ensure that all of the users set unique passwords. If multiple users have the same password, then PGP will assume that the last user to login is the one authenticating.

Accounts

  • Windows
    On a PC installation of PGP, single sign-on is used and accounts are verified. When you add a passphrase user to PGP, it will require that a strong password is used and that it matches the account password on the machine. If the user doesn’t exist or it has a blank password, you will receive an error message and the user will not be added. The relationship between PGP and Windows accounts is limited to those that exist and adding or removing a user in one location does not change the state of the other location. So if you remove a Windows user account, the entry will still exist and work in PGP but single sign-on will not be possible.

  • Mac
    On a Mac installation of PGP, single sign-on is not used and the passphrase users in PGP are not tied to any operating system accounts. This is due to the fact that PGP writes to a preference file under the profile that installs PGP and does not add any important configuration info to the main preferences folder or user folders. Because the preferences are different for every user, when a user other than the one that installed PGP attempts to load the software, they are treated as if they are not licensed and that there is no known key-server. This is now corrected by an application and documentation that is added to installer file under “PGP-User Enrollment.app”.

So when you consider the behavior of PGP for Macs version 9.9 you could view each passphrase user as nothing more than a password that will get you past the PGP Bootguard screen.

Encryption

If the policy (configuration) of your PGP client requires that the primary hard drive is encrypted, the process will begin once you have added a passphrase user and complete the configuration steps. Regardless of whether you start the encryption automatically or manually, the software first creates a Whole Disk Recovery Token on the server under your BlazerID, and then it installs the PGP Bootguard.

  • Windows
    On a Windows system installing the Bootguard means that the software creates a backup of the MBR and then installs a PGPMBR in its place. This is the point where dual-boot systems normally break (the other components of PGP don’t cause this).

  • Mac
    On an Intel-Mac, the Extensible Firmware Interface (EFI) normally hands off to the GUID Partition Table (GPT). But when a Mac is encrypted with PGP, the EFI is backed up and replaced by one that loads the encryption software. This is also the point where Bootcamp is broken.

From this point on, the PGP Bootguard screen is installed and a valid passphrase must be provided before the drive can be accessed. If the drive is removed or booted in an alternate method, the data can’t be accessed or read unless it is on a machine with PGP and a valid passphrase is used to unlock the device.

Recovery Tokens
If you or a user is ever locked out of a machine for whatever reason, you can call AskIT and they can give you the recovery token for your username on that system. The recovery token is a string of 28 characters (dashes are optional) that will provide access beyond the PGP Bootguard screen but will not let you in the operating system. If you don’t have any passwords to the system that can grant you access as an administrator, then you should consider decrypting the drive with the proper PGP boot disk or from an encrypted workstation and then go through your normal recovery procedures. Once a recovery token is created, an entry is logged on the server and the system is flagged as needing a new WDRT. If you successfully login to the account that the WDRT was for, the client will then attempt to negotiate the creation of a new WDRT with the server (which requires a network connection to the server).


Troubleshooting Tips

Update the System Time

If the system time is out of date, PGP may not be installed correctly. If you have already installed PGP before updating the system time so that it is automatically synchronized, you may receive error messages such as "This configured PGP install requires an enterprise license," or notice that PGP is not functioning properly. In order to resolve this issue you will need to update the system time and completely reinstall PGP. Follow the steps below to update system time on a Windows machine:

  1. Open the "Date and Time Properties" by double-clicking on it in the task bar, or by clicking on "Start," selecting "Control Panel" and choosing "Date and Time" (it may be under "Date, Time, Language and Regional options).
  2. Correct the date and time information, then click "OK" to save changes.

Correcting Networking Issues Caused by PGP

  1. Install PGP
  2. Go to C:\Windows\system32\PGPIspRollback.reg
  3. Right-click the file and choose Merge
  4. Restart the PC

Completely Resetting PGP (Windows)

 

CAUTION: DO NOT RESTART THE PC BETWEEN ANY STEPS

  1. Be sure that the computer is online and can connect to the Internet.
  2. Exit any running instance of PGP or PGP Services.
  3. Open regedit and go to HKLM\SOFTWARE\PGP Corporation\PGP. Change PGPSTAMP to be ovid=keys.it.uab.edu&admin=1
  4. Delete the following folders:
    C:\Documents and Settings\All Users\Application Data\PGP Corporation
    C:\Documents and Settings\%userprofile%\Application Data\PGP Corporation
    C:\Documents and Settings\%userprofile%\Local Settings\Application Data\PGP Corporation
    C:\Documents and Settings\%userprofile%\My Documents\PGP
  5. Restart PGP by clicking on Start->PGP->PGP Desktop. Be sure you enter your BlazerID credentials on the enrollment screen and select "New User".

Hard Drive Recovery
If you have the drive slaved to a working machine with the same version of PGP Desktop try the following:

  1. Open a CMD prompt.
  2. Go to: c:\Program Files\PGP Corporation\PGP Desktop\
  3. Run pgpwde -enum (this will list all the drives available on your machine, find the drive number for the encrypted drive, the first will be disk 0 (your boot drive) then disk 1, then disk 2 and so on)
  4. Once you have your disk number, try: pgpwde disk #(one u found) --recover (so if its disk 1 it would be: pgpwde --disk 1 --recover), the pgpwde will search your disk for a backup sector, if it finds one it will restore it.
  5. If it restores the sector, then do: pgpwde --disk # --decrypt --passphrase “enter within double-quotes”
  6. To determine whether the drive is still instrumented (MBR Swapped) run: pgpwde –status –disk #
  7. If the disk is instrumented, run: pgpwde --uninstrument --disk #

Verbose Logging on PGP

  1. Open the registry with regedit
  2. Browse to HKEY_CURRENT_USER->SOFTWARE->PGP CORPORATION->UNIVERSAL
  3. Create a new "KEY" in here called "Debug"
  4. Inside HKEY_CURRENT_USER->SOFTWARE->PGP CORPORATION->UNIVERSAL->Debug, create a DWORD value called "LoggingLevel"
  5. Give the "LoggingLevel" entry a HEX value of "3FFFF"
  6. Right click your pgptray icon and choose Exit PGP Services.
  7. Click Start->Programs->StartUp->pgptray.exe
  8. Open PGP Desktop and select Tools>View Log. Set “View Level” to Verbose.
  9. If the application is crashing prior to launch, click Start->Run and type "%appdata%"
  10. Once you have your Application Data folder up, open "PGP Corporation", then open "PGP".
  11. You should see "PGPlog.txt" with debug logging data in it.


PGPWDE Command Line

Many helpful commands can be issued to PGP from a command line which provides many opportunities for scripting and remote modification.

Windows
The PGP WDE command line utility is installed at C:\Program Files\PGP Corporation\PGP Desktop\pgpwde.exe on Windows machines and "pgpwde  --help" will produce a basic listing of commands. For a more complete listing of commands and explanation see the PGP Windows Command Line Guide at: https://supportimg.pgp.com/guides/PGPwdeWinCmdline_991_usersguide_en.pdf

Mac
The PGP WDE command line utility on a Mac can be accessed by opening a terminal window and typing "pgpwde ". Issuing "pgpwde  --help" will produce a basic listing of commands. For a more complete listing of commands and explanation see the Mac Command Line Guide at: https://supportimg.pgp.com/guides/PGPwdeMacCmdline_991_usersguide_en.pdf

There is certain information you are not allowed to update for your listing in the electronic phonebook. To update items like department, job title, campus address, or telephone number, consult the HR and administrative person in your office. He/she can submit an ACT form to have these items updated for you.

For UAB employees:

Each UAB employee shall be accountable for current and accurate electronic phonebook listings.

Accuracy is critical in order for both all UAB and Health System employees to be contacted. Failure to comply shall result in misdirected calls and erroneous information.

The process for individuals to verify and/or update listing information is as follows:

  1. Establish a BlazerID at http://www.uab.edu/blazerid
  2. Go to http://www.uab.edu/phonebook
    1. Follow online instructions to query the phonebook for your individual listing. The results should list the individual requested.
    2. To verify or make changes to the individual listing, click on the name field. The individual listing information will be displayed.
    3. To make changes to the information listed, click the Change Information button.
    4. Enter your BlazerID and password.
      1. If you have forgotten your BlazerID password, you must complete the BlazerID password reset form at http://www.uab.edu/blazerid or contact AskIT at 996-5555.
      2. Fields with blue buttons can be modified online by the individual.
      3. Fields with red buttons are notmodifiable online and are provided from official UAB records.
        1. If you are a UAB employee and wish to make changes to fields with red buttons, updates must be submitted to HRM Records via an Oracle ACT form.
        2. You can click on the help icon next to each field to determine which office supplied the particular information.
  3. An Oracle Act form must be submitted any time there is a change to the following items:
    1. Office phone number(s)
    2. Office fax number
    3. Physical office location
    4. Department
    5. Job title

For HSF Employees:

Each HSF employee shall be accountable for current and accurate electronic phonebook listings.

Accuracy is critical in order for both all UAB and Health System employees to be contacted. Failure to comply shall result in misdirected calls and erroneous information.

The process for individuals to verify and/or update listing information is as follows:

  1. After establishing a BlazerID at http://www.uab.edu/blazerid
  2. Go to http://www.uab.edu/phonebook
    1. Follow online instructions to query the phonebook for your individual listing. The results should list the individual requested.
    2. To verify or make changes to the individual listing, click on the name field. The individual listing information will be displayed.
    3. To make changes to the information listed, click the Change Information button.
    4. Enter your BlazerID and password.
      1. If you have forgotten your BlazerID password, you must complete the BlazerID password reset form at http://www.uab.edu/blazerid or contact AskIT at 996-5555.
      2. Fields with blue buttons can be modified online by the individual.
      3. Fields with red buttons are not modifiable online and are provided from official UAB/HSF records. If you are an HSF employee and wish to make changes to fields with red buttons, you must contact one of the HR specialists at the Human Resource Center at 731-9600. 
      4. You can click on the help icon next to each field to determine which office supplied the particular information.
  3. If you are an HSF employee and wish to change your office phone number(s) and/or physical office location, contact an HR specialists at the Human Resource Center at 731-9622. 
    1. All other personnel changes, such as Department Name or Title, must be submitted by a departmental supervisor using the personnel action form process.
Published in FAQ - Infrastructure

To access the UAB Electronic Directory, go to http://www.uab.edu/phonebook.

In the row of buttons towards the bottom of page, locate and click the green button labeled Authenticate

On the page that appears, enter your Blazer ID and Password.

Note:If you do not have a BlazerID or have forgotten your Blazer ID and/or password, you must complete the BlazerID password reset form at http://www.uab.edu/blazerid or contact AskIT at 996-5555.

 

Click the "Login!" button

You will be directed to the UAB Electronic Phonebook page. Note the three search parameters available to you. By default, the directory searches "all listings" that "match" the name you type in.

 

Type the name of your entity in the textbox.

Click the "Go!" button. Your search may return several entities. Find the correct one and click on its name to continue to its directory page. The entity's page should appear similar to the example below. 

 

Depending on your permissions, you may or may not see all of the red buttons above. However, if you do not see the red Bluepages button, please consider the following: 

  • Make sure you authenticated (signed in with BlazerID and password). If you haven't, you should see the green Authenticate button on the page. Click on that to sign in.
  • Make sure you are viewing an entity, not an individual. Sometimes, there are several entities and individuals with related names. Conduct a new search by clicking on the green New Search button. Type in a more general name (for example, "Campus Directory" instead of "UAB Campus Directory"). The search should return more listings. Look under the Entity section of the return list for the correct listing, and click its name.
  • If you are still having trouble, you may not have permission to add, edit or delete bluepage listings.

1. To Add a Listing: Click on the red Bluepages button . The bluepage listings page (below) will appear. Towards the top of the page, locate the Insert new listing section. 

 

Type the contact's Social Security number or BlazerID. Click "Add!" The Add Blue Pages Listing page will appear. Type in the additional information and click "Add!" again.

By default, the new add will appear first in the listing. However, you may change its position in the Changing listing(s) order section of the page (above). Click "Move it!" to complete the change.

2. To Change a Listing's Information: Click on the red Bluepages button , scroll down, and locate the name of the contact. Click on the contact's social security number to edit his/her information.

However, please recognize what you can and cannot do. Fields with Blue buttons  can be modified on-line and will display a text box. Fields with Red buttons  are NOT modifiable on-line and are provided from official UAB records.

 

  • If you are an UAB employee and wish to make changes to fields with Red buttons, updates must be submitted through the departmental HR officer via an Oracle ACT Data change form.
  • You can click on the help icon next to each field to determine which office supplied the particular information.

Click "Change!" You will be directed back to the listing.

3. To Delete a Listing: Click on the red Bluepages button , scroll down, and locate the name of the contact you wish to delete. Click on the contact's social security number to bring up the edit information page.

Locate the Check box to delete listing checkbox and click to select the box.

 

Click "Change!"  

f that person is authorized at a higher level, there will not be a "Change!" button displayed. It will have to be unchecked by a person at a higher level. 

If no other changes are needed, then you MUST select the "END SESSION" button  at the top of the screen to logout of the record.

Should you need technical assistance with the Blue Pages listings process, contact AskIT at 996-5555 or at CampusDirectory@uab.edu.

Published in FAQ - Infrastructure

To access the UAB Electronic Directory, go to http://www.uab.edu/phonebook.

In the row of buttons towards the top of page, locate and click the green button labeled Authenticate

On the page that appears, enter your Blazer ID and Password.

Note:If you do not have a BlazerID or have forgotten your Blazer ID and/or password, you must complete the BlazerID password reset form at http://www.uab.edu/blazerid or contact AskIT at 996-5555.

 

Click the "Login!" button

You will be directed to the UAB Electronic Phonebook page. Note the three search parameters available to you. By default, the directory searches "all listings" that "match" the name you type in.

 

Type the name of your entity in the textbox.

Click the "Go!" button. Your search may return several entities. Find the correct one and click on its name to continue to its directory page. The entity's page should appear similar to the example below. 

 

Depending on your permissions, you may or may not see all of the red buttons above. However, if you do not see the red Bluepages button, please consider the following: 

  • Make sure you authenticated (signed in with BlazerID and password). If you haven't, you should see the green Authenticate button on the page. Click on that to sign in.
  • Make sure you are viewing an entity, not an individual. Sometimes, there are several entities and individuals with related names. Conduct a new search by clicking on the green New Search button. Type in a more general name (for example, "Campus Directory" instead of "UAB Campus Directory"). The search should return more listings. Look under the Entity section of the return list for the correct listing, and click its name.
  • If you are still having trouble, you may not have permission to add, edit or delete bluepage listings.

Click on the Add Entity button and the following screen will return. Complete all of the applicable information in the form. Choose the best fit from the list of values associated with the Entity Type.

  • Remember once you click on the ADD button the entity is created and can not be deleted without the assistance of the programmers. Therefore, please verify all information and confirm where the entity should report BEFORE clicking the ADD button.


If no other changes are needed, then you should select the "END SESSION"  button at the top of the screen to logout of the record.

Should you need technical assistance with the add entity listing process, contact AskIT at 996-5555 or at CampusDirectory@uab.edu.

Published in FAQ - Infrastructure
Sunday, 01 January 2012 05:00

Class Email Distribution Service (CEDS)

CEDS provides a mechanism to easily send email to an entire class or group of classes. This page is intended to answer questions you may have about the service. If you have any problems or unresolved queries, please let us know at UserServices@uab.edu.

Who can use the service?

To send an email to a class, you (normally) must be listed as an instructor for it in the Banner database, and you must also have a BlazerID with a valid forwarding address registered in the UAB Electronic Phonebook. You can visit BlazerID Central if you have any questions about the latter.

If you need to post a message to a class you are not teaching, or if you have a need to send a broadcast announcement to all or several of the classes in a given department, this capability is now available. Please see the section below titled "Can I post to classes I am not teaching?" for more details.

What are the benefits of the service?

  • There is no need to predefine broadcast or discussion lists for classes. You can send to the class at any time prior to or during the semester without any special arrangement.
  • All of the class lists are maintained dynamically based on nightly rosters received from Banner. It is not necessary to manually create or maintain the lists through a separate server, in an addressbook, etc.
  • Students who enroll for a class (and who have or register a BlazerID) get access to the e-mail the following day.
  • Students who drop a class are automatically removed from the list the following day.

How do I use the service?

In its simplest form, e-mail is sent to pfxnum@class.uab.edu. For example, if you are teaching EE 123, then sending to EE123@class.uab.edu will distribute the message to all students in that class. Note that spaces should not be included, as they are often interpreted by e-mail clients to indicate separate addresses.

Will the message reach all of my students?

The message will be distributed to all students who have registered a BlazerID and forwarding e-mail address in the UAB Electronic Phonebook. The service will send back an e-mail to let you know who does not, so you can work with them individually to get set up. Remember that you can always refer them to BlazerID Central, http://www.uab.edu/blazerid for more information.

The ROSTER keyword can be used to request that the service attach a list of the students who were (or would be) sent the message. ROSTER is described more fully in the Processing Options section below.

Do I receive an acknowledgement that my message has been delivered?

The service always returns a courtesy notice to let you know the status of your message delivery. If, as noted above, some of your students do not have BlazerIDs, the message will list them. If there is any other problem related to the service, that will be indicated. Otherwise, it should simply let you know it was successfully processed.

The ECHO keyword can be used to request that the service send you a copy of your message through the same route as it is distributed to your students. ECHO is described more fully in the Processing Options section below.

Is there a way to get a list of my students who do not have BlazerIDs?

An easy way to do this is to use the TEST keyword. For example, if you are teaching EE 123 and want to see who all would not receive your e-mails, you can send a trial message to TEST-EE123@class.uab.edu. The message will not actually be distributed, but you will still receive the courtesy notification described above, including the list of students who are not fully registered in the Electronic Phonebook. We highly recommend you do this at the start of the term (or just before) so you can be sure everyone is up to speed.

TEST is described more fully in the Processing Options section below.

What if I am teaching different sections of the same class?

In order to avoid confusion, the service will not deliver to multiple sections of the same class, unless specifically directed to do so. If the service detects any confusion about this, it will not distribute the e-mail and will return a courtesy message outlining the problem. There are Criteria Options (described below) you can use in the @class.uab.edu address to clarify the exact intent.

What if I and others are teaching different sections of the same class?

When the service assembles its distribution list, it only considers which course sections you specifically are teaching. If you are only teaching one section of EH 101, then when you send to EH101@class.uab.edu, it will go only to that section and not any taught by other instructors.

How long are the class lists available?

A class list comes into being the night of the day that students are allowed to register for it. The list "disappears" about a month (35 days) after the official class end date as listed in Banner.

A student just registered for my class, how long until they can receive mail from the list?

Class rosters are updated in the Phonebook overnight from Banner. That means if the student registers today, they will be able to receive e-mail distributed to the class tomorrow. Remember, they must have a BlazerID and forwarding address on record in the Phonebook.

Will the service let me post from a non-UAB(.edu) address?

Your messages to the class list must come from either (a) your listed @uab.edu address or (b) from the mailbox listed as your forwarding address in the Electronic Phonebook. If your @uab.edu mail is being forwarded to an off-campus service such as Yahoo, AOL, MSN, etc., the service should accept posting from there.

What stops someone from forging a post from me?

In order to provide the most expedient and widely usable implementation of this service, it currently has only a minimum amount of security placed on it. One of the reasons for the courtesy notification is so that you will know if someone distributes a message to your class that you did not intend. Further security and verification measures will become available in the future.

Can students post to the class list?

If you do nothing at all, then no. By default, only the instructor(s) for a class is/are allowed to post through the service. However, there is a way to tailor your list so the students can send to the class as well. They will need to be listed in Banner as registered students for the class, and will be subject to the same requirements as for an instructor to post. To request this option for your class, send an e-mail to UserServices@uab.edu.

What if there are multiple instructors for a class?

Each instructor as listed in the Banner database has equal privileges to send to the class list.

What are the processing options?

As noted above, the simplest form of using the service is by sending e-mail to pfxnum@class.uab.edu. This by default causes the system to:

  • Distribute the e-mail to all students in the indicated class.
  • Send you a courtesy message informing you of the successful distribution, along with a list of the students (if any) who did not receive it because they do not have a BlazerID or forwarding address.

Processing Options are special keywords which can be added to the address in order to modify this behavior. These can be added either before or after pfxnum, with a hyphen separating them, and can be used together and in combination with the keywords described in other sections of this document. The order of the keywords is not important, so that ECHO-EE123@class.uab.edu is the same as EE123-ECHO@class.uab.edu. If you have any questions about the use of these optional keywords, please contact us at UserServices@uab.edu.

ECHO Requests that in addition to the courtesy message described above, the service should send you a copy of the message you posted. This will be routed through the same delivery mechanism which is used to distribute the message to your students. This can be useful if you suspect either that the service is not operating properly, or that your e-mail is somehow being damaged in transit (e.g., your students claim your attachment is unreadable.)
ROSTER Requests that in addition to listing the students who did not receive your message distribution, the courtesy message described above should also include a roster of the students who did. Note that this only means the service will send out the message to the students listed; if their mailbox is over quota or if they have an inactive address on file in the Phonebook, they may still not receive it.
TAG Requests that the courtesy message include the class identifier in its subject line. This can be useful if you send off several e-mails at one time, or if your request may possibly be distributed to multiple classes.
TEST Requests that the service perform all actions as it normally would for the message, but that it not actually be delivered to the students. If TEST and ECHO are both specified, you will receive a copy of the message but the students will not. It can be useful to combine TEST with other options prior to sending out a message for real, to ensure it will be distributed as you intended. As noted above, it is also a good way to get a list of your students without BlazerIDs so they can be individually encouraged to do so if desired.

What are the criteria options?

As noted above, the majority of your interaction with the service should be as simple as sending an e-mail to pfxnum@class.uab.edu. However, in cases where you are teaching multiple sections of the same course, or teaching the same course over multiple semesters, it will be necessary to clarify exactly which class(es) your e-mail is to address. You can accomplish this by adding one or more of the keywords in the following table.

The order of most keywords is not important; that is, SPR-EE123@class.uab.edu is the same as EE123-SPR@class.uab.edu. (Two exceptions are the ALL and MY keywords, which must be listed first.) Also, multiple keywords can be used to narrow down the class, as in 200330-EH101-2C@class.uab.edu. These can be used in conjunction with the keywords described under Processing Options.

Like all tools with lots of possible knobs and buttons and levers, we know this can be confusing to sort out just from what is written here, so please do not hesitate to contact us at UserServices@uab.edu for further assistance if you find yourself needing to use these options.

ALL As noted above, the service will normally reject a posting which matches multiple classes. Specifying ALL will override that and build its mailing list from all course sections matching the criteria. The ALL keyword is required in almost all circumstances where the service is expected to match multiple classes with a single address. If you use ALL, it must be the first keyword listed.
FALL
SPRING,SPR
SUMMER,SUM,SMR
Used to request that only class section(s) in the specified semester should be matched.
xx Used to request that only the specific class section should be matched. Ex: EH101-4C
yyyy Used to request that only class section(s) being taught in the specified 4-digit year should be matched. Ex: 2003-EE123
yyyytt Used to request that only class section(s) being taught in the specified year and semester should be matched. 4-digit year plus tt of 30 (Spring), 40 (Summer) or 50 (Fall). Ex: 200330-EE123
ALL-TERMS Used to request that all classes matching the other criteria should be selected, regardless of which semester they are being taught. Ex: ALL-TERMS-EE123 would send the message to all EE123 you are teaching, regardless of year and term. Note that the ALL keyword is required when TERMS is specified.
ALL-MY-CLASSES Used to request that the message be delivered to all of the classes you are teaching. This is useful when passing along announcements of general interest to all of your students. If you are teaching classes in multiple semesters, it will be necessary to use one of the other Criteria Options above so the service knows for sure which classes to select. Note that ALL, MY and CLASSES are all required keywords to select this option, and must be specified in that order.
ALL-pfx-CLASSES Used to request that the message be delivered to all of the classes with the course prefix pfx. Ex: ALL-EE-CLASSES would be posted to all students in all EE courses. Note you must have special approval to use this option; for more details, see the Can I post to all classes taught by my department? section below.
UNDERGRAD
GRAD
Used in conjunction with CLASSES to specify the message should only be delivered to courses at the specified level. UNDERGRAD applies to course numbers 0xx through 4xx; GRAD applies to 5xx through 9xx. If neither is included, the message is distributed without regard to the course number or level.
XLIST (Under development)
Used to request that in addition to the specified class, all classes cross-listed with it should also be included.
ONLY (Under development)
Used to specify that any cross-listed classes should not be considered for inclusion.

Can I post to classes I am not teaching? What if I am a staff member who is not teaching at all?

By default, only the instructor(s) for a particular class can post a message to it through this service. However, there are a couple of options available to those who are not the instructor(s) of record:

  • The department or any instructor of record can designate you as an assistant for a specific class, giving you access to post to that section.
  • An instructor can designate you as their surrogate, which will give you access to post to all of the same classes as they can.
  • The department can grant you access to send e-mail through CEDS to all classes with a given prefix. See below.

In all cases, the authorizing party should send an e-mail to UserServices@uab.edu, specifying your name, BlazerID, and the specific posting access you should have.

Can I post a message to all the classes being taught by my department?

With approval from the department Chair, you can be granted access to send to any and all classes with a given prefix. For example, the chair of Electrical Engineering could request that you be allowed to send to all EExxx classes. Once in place, you could then send to any of these whether or not you are the instructor of record (or even faculty at all). This is a useful option for program coordinators and department-level administrative staff who may need to post messages of general importance, or on behalf of faculty who may be unable to post their own e-mail for one reason or another.

The department Chair can initiate this access by sending an e-mail to UserServices@uab.edu. They will need to include your name and BlazerID, and the class prefix(es) to which you can post. Once in place, you will be able to send to any class in the same manner as described in the above sections, just as if you were an instructor for all of the classes with the given prefix(es).

To send a general broadcast to all students in all classes with the given prefix, you would use the special address ALL-pfx-CLASSES@class.uab.edu. Ex: ALL-EE-CLASSES@class.uab.edu. You will likely need to also include one of the Criteria Options to clarify which semester(s) of classes is/are to be addressed with the post.

Can I post a message to all the students in my program? department? school?

As its name implies, CEDS is oriented towards distributing messages based on students being enrolled in particular class(es). A companion service called PEBBLES allows for message distribution based on program, department and school affiliation, to both employees and students.

This service is intended for real-time distribution of e-mail and attachments to related dynamic populations of employees and students. Users must be specifically authorized to distribute to these populations.

In its most direct form, authorized persons can utilize PEBBLES by sending e-mail to specially formatted e-mail addresses, where the username of the address indicates a criteria for distribution. The criteria can include Oracle orgunits, school and academic department codes, class levels, and so on.

Because remembering all of the possible criteria can be confusing, the PEBBLES Wizard is available for determining and managing its distribution addresses.

A few examples of direct PEBBLES addresses include:

  • 19@pebbles.dpo.uab.edu - distribute to all employees under Oracle unit 19 (Vice President of Information Technology)
  • 19-status01@pebbles... - distribute to all full-time employees under VPIT
  • PA-STU@pebbles... - distribute to all students in the Public Administration program
  • EE-GRAD-STU@pebbles... - distribute to all graduate students in Electrical Engineering
Sunday, 01 January 2012 05:00

Purchasing a Site License

Q: My department/school uses a specific software application for many users and I'm fairly sure several other departments/schools at UAB use it as well.  Is there a more economical way to purchase that software

A: Possibly, through either a volume discount arrangement or through a site license.  First, contact AskIT to see if any discounts are already in place. If not you can send an email to dyother@uab.edu  for review. Make sure and include all pertinent information about the product such as areas known to be using the software, number of licenses currently owned, manufacturer, product name/version, etc., and why you feel a site license may be applicable.

In the case of MS Office and a few other MS products under the UAB Campus Agreement, yes, but with some limitations and not using the same media/download as you used for your UAB owned system. See the related links below for more information.  Keep in mind not all software allows home use rights and each license should be verified before loading any software.