Archive for the ‘Windows’ Category

New Microsoft Licensing terms

Wednesday, April 28th, 2021

Last year, the license agreement between ETH and Microsoft has changed. There are some new terms and conditions which are important if you use a Microsoft product from the ETH IT Shop.

If your hardware came with Windows preinstalled from the hardware vendor, you have your own license for MS Office, or you are using non-Microsoft products like Libre Office, then you are not affected by this new license agreement. No further action is needed in this case.

However, if you use any of the following software products from the ETH IT Shop you have to take action:

  • Windows 10 Education
  • Windows 10 LTSC
  • MS Office XXXX (for example MS Office 2016)
  • Microsoft 365
  • Microsoft Teams
  • ETH Exchange Mail (mail.ethz.ch)

either on a managed Windows workstation from ISG or a self-managed workstation or notebook.

In this case you need to request access for a free Microsoft Cloud Subscription in the IT Shop. See here for instructions. If you already use MS 365 or MS Teams, maybe you already have the Cloud Subscription and no additional step is necessary. This can also be verified in the IT Shop. Remember that you need renew the subscription every year.

The new Microsoft license agreement allows only 1 MS Office XXXX (for example MS Office 2016 or Office 2019) installation per user. If you need installations on multiple computers for example in labs, use MS 365 instead.

Note that you will have to take action if you're affected. You cannot sit this one out. The Informatikdienste license team will be coerced by Microsoft to enforce license compliance, and they will contact you if you don't get your Cloud Subscription.

If you have any questions, feel free to contact us in our Matrix chat #D-PHYS ISG Helpdesk or by email isg@phys.ethz.ch

Thank you for your attention, and kind regards.

Update on Matrix (chat)

Friday, October 9th, 2020

Since our launch of Matrix at the D-PHYS in March a few things have changed.

Important changes

  • The subdomain of the D-PHYS hosted Riot Element Web App changed and is now at element.phys.ethz.ch. If you still use the old subdomain riot.phys.ethz.ch, please move over to the new domain and verify your new session. We will start redirecting the domain in 2021. If you have no other way of getting access to your encryption keys, you could lose access to your encrypted messages
  • New documentation is available at readme.phys.ethz.ch/chat

Other changes

  • Federation with other Matrix instances at ETH and the rest of the Matrix network, giving us access to bridged networks like IRC, Slack, etc. as well
  • We now auto-invite new users to two more ISG moderated rooms (News/Status). Opt-out by leaving if you do not wish to receive updates from us (discouraged!). All existing members of the D-PHYS Lobby have been joined last night
  • End to end encryption support (enabled by default). Element Web does not provide a search function in encrypted rooms as that would be a security issue, use the Desktop App instead
  • Secure key backup method has been set to show one option only ('Security Passphrase') to new users, which will still provide the secondary recovery method using a 'Security Key'
  • We opened up public rooms and room aliases for everyone. Publish your room in the public room directory to be discoverable by others on the Matrix network
  • We enabled quota of 2 GiB (initial) quota per user for media (uploads) to protect from accidental or abusive over-usage
  • Bots for gitlab, reminders, RSS feeds and more
  • Bridges for webhooks and Slack
  • Integrations (widgets)
  • Import of the Slack workspace history of 3 groups at the D-PHYS
  • An Element Web instance with experimental (Labs) features like tags
  • A tag manager to organize many rooms in large accounts
  • Jitsi video conferencing and screen sharing solution (still experimental but used by ISG on a daily basis)
  • URL redirecting service to invite people via websites or email

Lookout

  • We will focus on improving performance and less on features
  • Stabilizing 1:1 calls and video (TURN server) and Jitsi (group calls)

For help and discussion about Matrix and Element join #matrix:phys.ethz.ch

FileMaker Upgrade

Friday, August 30th, 2019

We will upgrade our FileMaker server next Tuesday 3rd September 2019 between 20:00 and 22:00 o'clock. This will lead to a downtime of the services that depend on a FileMaker database, for instance experimente.phys.ethz.ch and lager.phys.ethz.ch.

The new FileMaker server will only work with FileMaker clients version 16 or newer. If you need to access a FileMaker database from your computer, we recommend you install the latest FileMaker 18 from the IT Shop. If you have a ISG-managed computer, we will take care of upgrading the FileMaker client.

The end of Windows 7 is coming…

Wednesday, January 16th, 2019

The time has come to upgrade your Windows 7 computer to Windows 10
since extended support for Windows 7 ends on January 14, 2020 (Windows lifecycle).

Why can I no longer use Windows 7 on the ETH network after the end of 2019?

Only operating systems with security support by the vendor are allowed to connect to the ETH network.

Unsupported operating systems that no longer receive security updates render the computer vulnerable to threats like viruses, malware or hacker attacks and also pose a threat to other computers on the network.

What should I do now?

  • If you are using an OEM computer with preinstalled Windows 7 for your daily work, please update it to Windows 10 by the end of this year, at the latest. The easiest way is to use the "Microsoft Media Creation Tool" available here.
    This process is called "inplace upgrade". All applications and configuration settings should be kept.
  • If your computer is installed with the Windows 7 Enterprise license from ETH IDES, order Windows 10 Enterprise from the IT-Shop and use it for the upgrade.
  • If your computer is located in a lab and needs to be highly available to collect measurement data, there is the possibility to use a Windows 10 LTSC version instead of the Enterprise version. Please contact your IT administrator within your group. He should be able to help you or can get in touch with us if he needs additional help. More details about the LTSC version are described on our readme page.
  • If you think that you cannot upgrade your computer, please refer to our readme for possible solutions or contact us.

Note that at some point the network security group of Informatikdienste will start scanning for remaining Windows 7 computers at which point we will be forced to disconnect them from the network.

Access to Windows Remote Desktop blocked from outside ETH

Tuesday, January 3rd, 2017

In the last few weeks we discovered some attempted attacks on the Windows Remote Desktop feature from sources outside of ETH.

In order to protect both your machines and our network, we decided to block RDP access from ETH-external networks. If you still need access from outside the ETH network (e.g. from home) you have to first open a VPN connection to ETH and then start the Remote Desktop client.

More information about installing the VPN client is available here.

Windows Server 2003 reaches its End-of-Life on July 2015

Thursday, June 25th, 2015

Microsoft will provide a final bunch of patches for Windows Server 2003 on July 14th. 2015. After then, no more security and stability fixes are going to be released. This means that still running Windows Server 2003 machines conflict with the ETH Bot (Acceptable Use Policy for Telematics) which requires that every computer connected to the ETH network must be fully updated and secured.

The central IT security group of ETHZ continuously inspects the network streams for signatures of XP and Windows Server 2003 computers. If you have a running Windows Server 2003 machine connected to the public network, please migrate the operating system to a newer version i.e Windows Server 2012.

If you have any questions or need help please do not hesitate to contact the ISG D-PHYS Helpdesk

Maintenance downtime for group share and home directory fileservers

Friday, December 19th, 2014

UPDATE 13:30 - Groupdata is back online
UPDATE 02:25 - Astrogate and Windata are back online, except groupdata
UPDATE 22:20 - Home server is back online and email working again

In order to upgrade the operating system on serveral servers, we schedule a maintenance downtime on

Sunday, 4th January 2015, starting at 22:00.

Schedule:

  • 22:15 start working on the home server (mail services disabled, incoming mail will be queued)
  • 22:20 start working on the group share servers (windata & astrogate)
  • ~ 22:45 home directories and mail services should work again
  • ~ 00:00 group shares will incrementally come back during the night
  • During the downtime you can access readonly backups of your data of the night before, take a look at our readme.

    We apologize in advance for any inconvenience this service interruption might cause.

    Computer support during christmas holidays

    Friday, December 19th, 2014

    The ETH Zurich will be officially closed between Wednesday, 24th of December 2014 and Sunday, 4th of January 2015. During this time, we can only provide limited support. Please follow these rules to save us from superfluous work:

    • Switch off printers
    • Switch off your personal workstation and notebook except for the following:
    • Do not switch off our managed Linux workstations.

    We will try to follow our e-mail, but you may also have luck and meet some of us in our IRC channel.

    How to keep your Windows XP Installations living on after End-of-Life

    Friday, February 7th, 2014

    As announced in an earlier post last year, Microsoft is going to end the support for Windows XP in April 2014.logo

    After this date the central network security group of the ETH will frequently scan our public networks to identify any existing Windows XP machines. Every Windows XP detected by such a scan will be disabled on the network level since it is strictly prohibited to keep this operating system up and running on the public network of ETH.

    Since we are aware that there may be Windows XP machines living on after the end-of-life date, we worked out a solution to support these situations and to help you not to get in conflict with the network usage regulations.

    We founded a project called eXile which provides very locked down network environments that are monitored by advanced security techniques and provide excessive firewall setups. Furthermore eXile provides easy interfaces for you to manage your computers and overview the security state and network access to your machines in eXile.

    You can send your machines to the eXile when they match one of the following scenarios:

    • Lab computers (controlling, collecting measure data, or monitoring other systems)
    • Industrial computers
    • Embedded systems

    The following applications are not suitable for eXile and need to be migrated to a supported operating system:

    • Office Computers
    • Computers on which internet access needs to be available
    • Computers on which emails are received and sent
    • Computers that provide any services to public computers in the internet

    Please note that eXile should not be seen as an excuse not to migrate your Windows XP to a supported operating system as soon as possible. The purpose of eXile is really only to address those few machines that are somehow locked to their operating system.

    Nevertheless we invented eXile to address the Windows XP end-of-live problem, it is capable to take up any other computer for which you want to have an extra level of security or on which you run any other outdated or insecure operating system.

    If you think your remaining Windows XP computers are candidates to send to eXile, we would be happy if you could send a message to isg@phys.ethz.ch  and inform us about the number of computers and what application you are using these computers for. Later this month a web interface will be made available on https://exile.phys.ethz.ch/ where you can directly register every machine you want to send to eXile.

    After eXile is fully online, another post will be submitted here.

    Computer support during christmas holidays

    Monday, December 23rd, 2013

    The ETH Zurich will be officially closed between Tuesday, 24th of December 2013 and Friday, 3rd of January 2014. During this time, we can only provide limited support. Please follow these rules to save us from superfluous work:

    • Switch off printers
    • Switch off your personal workstation and notebook except for the following:
    • Do not switch off our managed Linux workstations.

    We will try to follow our e-mail, but you may also have luck and meet some of us in our IRC channel.