UAB IT has debuted a cloud storage service for campus faculty and staff. OneDrive

Each UAB faculty and staff member can now sign up for a Microsoft OneDrive account, which provides 1TB of cloud storage and allow file sharing. Individual file size limits are 2GB. Microsoft plans to add unlimited storage and increase file size limits to 10GB in early 2016.

Faculty and staff can also use the Microsoft Office programs including Word, Excel and PowerPoint in the cloud, as well as download those programs to their computers. The Office products are primarily made available for installation on the user’s personal/home system, and faculty/staff should consult with their department or school's IT support before installing any Office 365 products on their UAB system. Office products for installation on UAB systems should be downloaded from UAB IT’s software library.

Photos, videos, spreadsheets and other work documents can be stored in OneDrive accounts, and users can also create, edit and share Microsoft documents within their accounts. Users can access files on any device, including PCs, Macs, tablets and mobile phones.

UAB does not permit storage of sensitive data in the cloud. For guidance, refer to:

Microsoft Office 2016 for PCs will be available for download for faculty and staff in early October.

Office 2016 will be available for download from the UAB IT software site, after Microsoft releases it to volume licensing customers.

Office 2016 has new versions of applications including Word, PowerPoint, Excel and Outlook. The Office 2016 apps are designed for collaboration, with new features that remove barriers for team success and allow co-authoring and Skype in-app integration.

Quick Start Guides for Office 2016 are available here.

Office 2016 is already available for Mac users and is available for UAB students through Office 365.

Microsoft on Monday released a critical patch outside of its normal patching cycle. 

The update fixes a vulnerability in Windows that could allow an attacker to execute code on a system if they can convince the user to open a specially crafted document, or have them visit an untrusted webpage that contains embedded OpenType fonts. 

The update, which requires a system reboot, was released to all UAB IT Desktop-supported machines at 4 p.m. Monday. Users have 72 hours to let the patch install and reboot the system. Users should get a notification bubble pop up at the system tray. After 72 hours, if a user has not allowed the patch to install, it will install automatically and the system will be forced to reboot.

UAB IT urges users to find an opportune time to let the patch install and allow the reboot occur to help protect UAB systems and information.
Microsoft has released a security package to correct a critical vulnerability in Windows, and UAB IT is urging campus technical professionals and users to apply the patch immediately.

Microsoft released security bulletin MS14-066 “Vulnerability in Schannel Could Allow Remote Code Execution (2992611),” for November’s Patch Tuesday.

MS14-066 is a critical vulnerability in the Microsoft Secure Channel (Schannel) security package that allows specially crafted packets to compromise the machine. This affects all Windows servers and clients. Microsoft indicates that there are no workarounds or mitigations.

Please run the Windows update as soon as possible for all your Windows machines, servers and clients.

What is Schannel?

Secure Channel, also known as Schannel, is a security support provider (SSP) that contains a set of security protocols that provide identity authentication and secure, private communication through encryption. Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications.


For more information:

https://technet.microsoft.com/library/security/MS14-066

https://isc.sans.edu/diary/Microsoft+November+2014+Patch+Tuesday/18941

https://isc.sans.edu/forums/diary/How+bad+is+the+SCHANNEL+vulnerability+CVE-2014-6321+patched+in+MS14-066+/18947

http://www.zdnet.com/drop-what-youre-doing-and-patch-the-windows-schannel-bugs-now-7000035738/

February 12, 2013

Office 2013 Install Guide

Office 2013 is now available only for download by TIMGroup members only.

Office 2013 Install Guide

Compatibility testing of Microsoft 2013 is underway.

Microsoft Office Professional Plus 2013

Office Professional Plus 2013 includes Word, PowerPoint, Excel, Outlook, OneNote, Access, Publisher and Lync and will be the version available to UAB under our Microsoft Campus Agreement when released to Campus.

UAB IT is testing Microsoft Office 2013 to determine its compatibility with applications and systems deployed in the UAB environment. Current testing includes Office 2013’s compatibility with the following:

  • Adobe Acrobat
  • EndNote
  • I>clicker
  • Turning Point

In addition to UAB IT’s testing, we request that your department conduct its own testing of Office 2013 with applications and systems that are unique to your environment. This week we will release Office 2013 to TIMGroup for testing purposes. Please report your application compatibility results to Sterling Griffin (Sterling@uab.edu) once your testing is complete. Also include a list of any applications you use that interact with Office.

Until the testing and evaluation of Office 2013 is complete, UAB IT is not recommending it for mass deployment.

You may download Office 2013 from the UAB IT software site HERE.  An install guide is available.  (Office 2013 is available for download to TIMGroup members only.)

Deployment: (with SkyDrive disabled when using Office 2013)

UAB IT will post on the download site 2 versions of the ISO.

  1. As delivered from Microsoft.
  2. With the registry key to disable SkyDrive in a transform file

Office 2013 uses Microsoft’s SkyDrive cloud-based file-hosting service. We recommend disabling SkyDrive at this time. This can be accomplished in two ways: Using the Registry Editor and using the Group Policy Editor.

  • Disabling SkyDrive by using the Registry Editor
      • Launch the Registry Editor by opening the Run dialog box and entering regedit.
      • When the Registry Editor opens, navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\SignIn.
      • If the SignIn key doesn’t exist, create it by right-clicking on Common à New à Key à SignIn.
      • In the right pane of the SignIn key, create a new DWORD value named SignInOptions.
      • Double-click on SignInOptions and change its value to 3. To restore SkyDrive functionality, simply set the SignInOptions value to 0.
  • Disabling SkyDrive by using the Group Policy Editor
    • To use this method, you need to install the Office 2013 Administrative Templates. If you don’t have these templates, download them from the Microsoft Downloads Web site and install them.
    • Once the Administrative Templates are installed, open the Run dialog box and enter gpedit.msc to open the Local Group Policy Editor.
    • Now that you’re in the Local Group Policy Editor, navigate down the tree to User Configuration à Administrative Templates à Microsoft Office 2013 à Miscellaneous.
    • Find the “Block signing into Office” option in the list of settings and double-click it.
    • In the Properties window, click “Enable” and select the option “None Allowed.”

Windows 8 is not recommended for campus use at this time. However, if you have to support a Windows 8 portable device, it must be encrypted. At this time, BitLocker is available to accomplish this task on all Windows 8 portable devices that have a TPM chip and do not run on an ARM platform (such as a Windows 8 RT tablet). Windows 8 devices that run on an ARM platform or those that do not have TPM chips should not be used.

UAB Policy requires all laptop/portable devices owned by UAB or UAB businesses and all personal laptop/portable devices used for UAB business be encrypted. PGP, UAB’s current encryption tool, does not work on Windows 8 and Symantec has not yet set a support date for Windows 8.

BitLocker is an acceptable alternative to encrypt Windows 8 system drives in some circumstances. In the past, BitLocker has been recommended when PGP was incompatible with Windows 7 or specific BIOS versions. Systems that are currently encrypted with PGP should remain encrypted via PGP.  UAB IT is currently researching BitLocker key management solutions and will issue further guidance as available, but in the mean time, BitLocker should be installed using the non-enterprise setup method below.

Non-Enterprise BitLocker Setup

Recommendations for using BitLocker

    • Password set system BIOS
    • TPM chip in the device
    • You must take ownership of the TPM chip
    • Before updating the BIOS, BitLocker must be suspended
    • Escrow the key in some manner
    • Professional/enterprise version of Windows
    • Use a TPM + PIN authentication method
    • System must be formatted NTFS with two volumes

 Escrowing the key

With Windows 8, you may escrow the key in one of the following ways:

  • Save the recovery key to a USB flash drive
This method saves the recovery key to a USB flash drive. This option cannot be used with removable drives.
  • Save the recovery key to a file
This method saves the recovery key to a network drive or other location.
  • Print the recovery key
This method prints the recovery key, but it is not recommended.

It will be up to the department to maintain the escrow recovery keys.

Installation instructions can be found here

Based on the availability of new operating system versions and browser versions, UAB IT has updated its recommendations for both Windows and Mac versions/systems. In addition, with the release of Windows 8, PGP (UAB’s encryption tool for portable/laptop devices) is not currently supported. UAB IT is recommending Microsoft’s BitLocker product for encrypting Windows 8 devices.

For details see:

Microsoft Recommended Systems/Versions

Apple/Mac Recommended Systems/Versions

Microsoft Windows 8 and BitLocker Encryption

The Campus agreement with Microsoft covers a certain set of software on a campus-wide basis... software such as MS Office that is used by almost everyone on campus.  The Campus agreement is an annual term 'site license' based on the number of faculty/staff/students covered. The Campus agreement requires renewal and payment annually to remain in effect.

The Select agreement with MS is basically a volume discount arrangement for software products not included in the Campus agreement.  These products are not widely installed, but more limited to use in certain departments or on specific systems such as servers. UAB projects an annual purchase volume (by category, not by software title) and MS provides discounts based on that projection.  Should UAB not meet the annual projections future pricing would be based on the actual level of purchases from the prior year.usually at a reduced level of discount.  Most product purchased under the Select agreement is granted as a perpetual license with a single upfront payment. No annual renewal fee is required to continue to use the software, but maintenance/support is available as an option.

See the Microsoft Agreement link for more information on what is available under the Campus and Select agreements.

Page 1 of 2