Skip to content
Endpoints@Duke

Endpoint Management Meeting – December 16, 2021

By: John Straffin

The recording of the December 16 Endpoint Management Meeting is now available (Duke NetID required):

Also available as video (MP4), audio (M4A), transcript (VTT), and chat (TXT) in the Endpoints Box Share.

Items discussed:

  • Patches: six 0-day patches for Windows. Please test and provide feedback. macOS and iOS as well.
  • Chrome update available. Possible future discussion how Duke is implementing updates on Chrome and other “self-updating” applications?
  • Zoom update – Group policy setting joins the BigFix Task that will allow users to perform auto-updates and receive Duke SSO settings.
  • ConfigMgr – No updates.
  • BigFix – Upgrade from Beta to RTM, very light. Updates pushed for Console, Relay, and Client. Console seems to work fine on Windows 11.
  • Jamf Pro – Working with Jamf to get upgrade issues fixed. Server manually remediated for log4j vulnerability. GSX Connection fully restored. Bad user information has been blanked. Please enter the actual user information and not your own when enrolling a computer.
  • OIT DE will be testing an increase in Jamf Pro inventory frequency from weekly to daily. Hope to enable globally after next meeting if there are no issues.
  • Log4j. So much log4j.
    • Vulnerability is NOT remediated by OS updates, need actual application updates from developers that fix the issue.
    • This is not a short term project: the log4j Java library runs in a LOT of things, will be chasing down applications for a while to fully remediate. IPS/IDS systems have been updated to catch exploit traffic.
    • Relying on CrowdStrike and BigFix (which have direct access to the file system) to report numbers of potentially vulnerable computers. Vulnerability scans (especially without credential scanning) can’t do much to find vulnerable files.
    • DU and DH currently collaborate on Tenable SecurityCenter scans and some BigFix infrastructure, but the instances of both are distinct.
    • Helpful Links:
      https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
      https://github.com/cisagov/log4j-affected-db
      https://isc.sans.edu/diary/28120
  • Early Adopters Test Group has been approved with information published on the Endpoints wiki.
  • Similarly, IT Council has approved the OS Upgrade Cadence plans discussed last meeting.
  • Reminder that macOS 10.14 Mojave going EOL in January. macOS 10.15 Catalina will be EOL year later, so start planning upgrades now! macOS 12 Monterey v12.1 has been released and testing has been good. Expect blocks to drop early in January.
  • Windows 10 2004 went EOL on December 14 and 20H2 Pro/Home goes EOL in May 2022. Make sure all computers are running Windows Enterprise to get the longest support coverage available and, as with macOS, don’t wait until the last minute.
  • Windows 365 is a Microsoft-hosted VM and, while it is available under Duke’s license, it is very expensive. Duke IT should encourage users to use (free!) Duke VCMs instead.

Sites@Duke Express is powered by WordPress. Read the Sites@Duke Express policies and FAQs, or request help.