Don’t “Shut Down” your office PC!

Faculty and Staff,

If you’re accessing your office computer with Remote Desktop via the VPN, you’re relying on the actual computer in your office being on and reachable over the network.  When you disconnect from the computer, it’s important you do not click the “Shut Down” option in the Start menu:

The options when you select "Start/Power" in Windows 10.  Don't click "Shut down"!
Don’t click on “Shut Down”!

This will actually power off your machine and make it unavailable until it can be turned on again.  You can call the Helpdesk–often we can turn it back on over the network, but in some cases we cannot and we need to ask Public Safety to restart the machine, which takes them away from other important work.

The "X" in the top right of the corner disconnects your Remote Desktop session and leaves you logged in.
Click the “X” to disconnect without logging out or shutting down your office computer.

The best way to disconnect from a Remote Desktop session is just to hit the “X” in either the upper-right corner of the window, or in the drop down toolbar if you’re full-screen with the remote computer (to get this toolbar to pop up you just need to move the mouse to the top center of the screen and it will pop down.)

Dropdown toolbar when Remote Desktop is full screen
This will appear when you place your mouse at the center top of the screen when in full screen Remote Desktop.

When you click either of these “X”s you will get the following message:

Popup when you disconnect a Remote Desktop session
If you click “OK” your computer will stay running and you can reattach to it later.

This is the safest way to end your Remote Desktop session.  (You can also select “Disconnect” in the “Start/Power” menu above, but there’s a chance you might click the wrong thing.)  When you reconnect to your Remote Desktop you will be able to restart your programs and apps where you left off as well. This is the equivalent of locking your PC when yo u go home, as opposed to logging off or powering it down.

If you do shut down your computer accidentally, or if it crashes or otherwise becomes unreachable, email the Helpdesk to troubleshoot.  If you have or know your computer name it will expedite the troubleshooting.

Zoombombing

We’ve started to receive reports of something called “zoombombing”, which is the practice of people accessing Zoom meetings that may be publicly posted or otherwise made available, and posting obscene or disruptive content.  While Zoom makes it easy to access conferences and can be configured not to require authentication, this unfortunately also makes it easy for malefactors to access meetings as well.  The New York Times has reported on this phenomenon.

Zoom has some techniques that can be used to help minimize this from happening.  I’ll outline them below.

  1.  Do not use your Personal Meeting Room for class sessions.  To schedule a meeting, use the “Schedule a Meeting” link on the top of the Zoom page when you log in.  Check the “Generate Automatically” button when creating the meeting.  This will create a unique number for that session and make it harder for people who are not authorized to attend the meeting to find it.

    Zoom Meeting Security options
    A new meeting ID for each course or session will make it harder for people to access the meeting unauthorized.
  2.  You can also use a meeting password  as seen above.
  3. Don’t put links for class sessions up on public websites. Links in Blackboard are only accessible to students in your class so that is safer.  Links in email are safer as well.  Links could be copied or forwarded but it would have to be from an authorized user.
  4. Restrict or limit screen sharing to only the host, or enable it only for specific attendees at specific times.  People are using screen sharing to post objectionable content.
  5. Using the Zoom “Waiting Room” may help you screen participants and not let in people who you don’t recognize.  Limiting to authenticted users may also help:
    How to select a Waiting Room
  6. If someone does come into your Zoom session in an attempt to disrupt, they can be ejected from the meeting.  See the Zoom help article “Managing Participants in a Meeting” to see some tips and techniques to remove people from meetings if they’re disruptive.
  7. If you experience “Zoombombing” in a meeting, you can report the meeting to the BCTC Helpdesk and we can investigate.  In some cases we may be able to identify offenders and if they are Baruch students refer them to Student Affairs for followup.

Zoom is a powerful tool, and has been used with great success by many Baruch faculty.  With some precautions we should be able to continue to use it without disruption.

Using Dropbox to share large attachments

I just had to share a large file with someone, and since our email system is limited to 35MB attachments, I had to do something different.  The easiest thing to do is upload the file to Dropbox and create a shareable link; and copy that link into your email.

  1.  Log into your CUNY Dropbox by going to https://dropbox.cuny.edu.  Use your CUNY Login credentials.
    Single sign-on to CUNY Login in Dropbox
    Click “Continue” here.

     

  2. You will then get your Dropbox screen.  On the right you’ll see an option to “Upload Files”:
    Menu showing "Upload Files" option
    Use “Upload Files” here.

    You will then get a file dialog from which to upload the file.  This is Windows 10, it may look different on your computer:

    File dialog on Windows, showing the upload of a 65,735KB file
    The 65,735KB file is the one I”m uploading.
  3. Click on the uploaded file in your Dropbox, and click “Share”:
    Screenshot showing the "Share" button on the file I just uploaded
    Click “Share” here.

    You will then get this screen.  The easiest option is to share a link, so click on “Link Settings” (instead of “Link Settings” you might see “Create Link” if you just uploaded the file):

    Dropbox File Share dialog
    Click “Link Settings” here

    And then adjust the settings as you need:

    Options to set an expiration date or to only allow people to view the file instead of download it
    You can set the link to expire after a certain amount of time or configur the link not to download.
    You can set the link security
    “Anyone with Link” is public; “Team Members” means anyone at Baruch; “People with Password” means you can set a password on the file.

     

  4. Once you set the link settings, click the “Copy Link” button from the first image above.  It will copy the link to your clipboard.  You can then paste the link into your email message. It will look something like https://www.dropbox.com/s/27istprve7iue3d/ETF0uNvXYAAGLsH.png?dl=0 .

Remember the CUNY policy of Acceptable Data in the Cloud applies to all files uploaded to Dropbox, including the ones with a password or otherwise restricted.  You should NOT use Dropbox for any CUNY data classified “Confidential”–of course, you should not be sending such data in email anyway.

 

 

Access to BCTC Services starting March 18th

The Kaplan Lab will be closed March 18th.  It will reopen on March 19th from 8am-8pm, and then be open according to building hours of 8:00am-8:00pm Monday-Thursday for Baruch use.  Please note that the building will be monitored by Public Safety but there will be no BCTC lab assistants in the space.  The Newman Library will also be open for access to lab computers.

All Helpdesk support is moved to online only–there is no walk-up or phone support.  Customers can email helpdesk@baruch.cuny.edu, which will be monitored by additional staff.  We are using our available technologies to support off-campus learning as much as possible, and are exploring additional ways to do so.

FAQ about VPN access to resources

As we prepare for more faculty and staff having to work from home, we are getting a lot of questions and confusion about how to use VPN access to do your jobs remotely.  This post will attempt to sort all that out.

 

  • What is VPN, anyway?  It stands for Virtual Private Network.  In our case it’s a piece of software (GlobalProtect) that runs on your computer and connects to the campus firewall, and creates an encrypted connection between your computer and the Baruch network.  This connection means that your computer can access resources that are normally only available if you’re actually on campus. For us this is primarily campus desktops (from which you can access share drives) and Baruch and CUNY-specific servers.
  • You do NOT need a VPN to access any of the following:
    • Baruch email (either through Outlook Web Access or by installing the Outlook client on your home computer)
    • The Baruch website
    • Any Baruch or CUNY resources available from the “Quick Links” menu on the Baruch homepage, including Blackboard
    • Any files stored in Office 365 or Dropbox
    • CUNYfirst, except for the reporting instances.
    • Access to library databases (this is provided automatically through the links from the Library homepage which are configured to require a Baruch username and password.)
    • Videoconferencing solutions available to the campus, including Microsoft Teams (https://teams.microsoft.com/ through Office365), Zoom (https://baruch.zoom.us, use Baruch username and password), or WebEx (https://connectcuny.webex.com, use your CUNY Logon credentials)
  • You need the VPN to access:
    • Data on your office computer’s hard drive (in the My Documents folder)
    • Data on network share drives (usually off the S: drive)
    • CUNYfirst reporting instances
    • Specific servers that for security reasons are only available from on-campus.  This used to apply primarily to technical staff, but there are some  academic systems that are not available from off-campus, and in June 2021 we configured HRAssist to only be available from on-campus or the VPN to enhance security.

The VPN is used to connect to your office computer via Remote Desktop Connection.  This software comes with most versions of Microsoft Windows, and is available in the Mac App Store, as well as for iOS and Android phones and tablets.  (The GlobalProtect VPN software is available for all those devices as well).  The instructions for VPN access are available at https://baruch.cuny.edu/vpn.   These instructions will work for Macs and PCs, and you will basically be connecting to the VPN portal and downloading the VPN client software and installing it.  You can access the VPN from your personal home computer.  We do ask that you are using a current version of your operating system and that you have working antivirus software and a firewall (the VPN connection will inform you if you don’t have that when you log in.)  Please also note that you may not need the VPN for the full workday if you’re doing work from home, and you can connect and disconnect as needed.  While we believe our firewall can handle the additional connections, we may need to conserve resources and bandwidth if we see issues.

We have simplified VPN access and it should be available to users without making a call or email request to the Helpdesk.  You should also be able to access your computer via Remote Desktop without BCTC having to do any additional configuration.  You will need to know your computer name however.  Computer names are usually your room location, a dash, and a 6-digit alphanumeric code.  You can get it by looking at your My Computer icon which has a name like “My Computer name is H930-Bxxxxx”  (“xxxxx” is a number).  You can also go to “Settings/System/Projecting to the PC (or in some versions Remote Desktop)” and reading the address on that page which will be in the format H930-Bxxxxx.bc.baruch.cuny.edu.  You should not need the “.bc.baruch.cuny.edu” part but it will work if you type it in.

Remote Desktop login screen with computername H930-Bxxxxx.bc.baruch.cuny.edu displayed
Remote Desktop Connection computer entry screen

If you’ve logged into the VPN and connected to your computer with Remote Desktop, you may get a few different screens.  This one may show up on newer versions of Windows 10:

Trust this computer text
Dialog asking you to trust your computer for Remote Desktop

You can click “Don’t ask me again” and then “Connect” here.

You will then get a popup about a certificate warning:

Remote Desktop Certificate Popup
Message telling you to accept certificate

You want to click “Don’t ask me again for connections to this computer”  This message is because we use internally signed certificates, it does not mean the connection is not secure–it is fully encrypted end-to-end.

You will then get the login screen.  Note this is after clicking on the “More Choices” text that you can dimly see here. Also note this is on a computer running Windows 10 in dark mode; other computers might display this box different but it will generally have the same information:

Username and password entry screen
This is where you type in your username and password.

You will need to enter your username as “bc\username” to connect to the Baruch domain, since the computer you’re connecting from isn’t on the Baruch domain.  Once you type in your password you will get a popup window (or a full-screen window) and will see a Windows login similar to what you see in the office.  You will then get your Windows desktop just like you’re at work:

Windows desktop through Remote Desktop
This is just like you’re in the office!

To discounnect your Remote Desktop session when you’re done, you can either click “Log Out” from the Start menu, or just click the “x” on the upper right corner of the window, which will give you this message:

Message about disconnecting session after clicking "x" in upper right of Remote Desktop window
This is the same as locking your computer but staying logged in.

You can do this, since it’s the same as locking your computer in your office instead of logging out.

Hopefully this post helps demystify some of the VPN process, and will help you use it if you need it.  Again, remember that for much of your work-at-home work you won’t need a VPN at all.  And as always the BCTC Helpdesk can answer questions, and can work with you on a remote support session to help configure your home computer for VPN and Remote Desktop, as well as help you find your office computer name to connect.

 

Resources for Maintaining Business Continuity during a Potential COVID-19 Campus Closing: Resources for Administrative Offices

(This post will be updated with more information as it becomes available.)

The College’s critical business functions are managed by systems that staff can access remotely.  With some advance preparation staff will be able to perform their necessary work from offsite when authorized.  This guide is intended to remind staff of the resources that are available to support their work and communication.

Remote Access to Systems – The “Quick Links” drop-down menu on the College’s home page provides up-to-date links to access all our major systems, such as CUNYfirst, Email, HRAssist, PRAssist, ePAF, etc. Using “Quick Links” ensures that the address of a site is the most current.

Email – Baruch College email is the primary means of communication among faculty, staff, and students and will continue to be in case staff must relocate from their usual work areas.

Document Storage – All staff have access to both a CUNY Dropbox and Microsoft Office 365 OneDrive account. These resources are accessed via your CUNY Login. The Dropbox account has no storage limit.  Staff may store documents that do not contain sensitive or confidential information in either of these spaces. Please consult the CUNY policy on Acceptable Use of University Data in the Cloud for definitions and details.   Staff who need to access confidential or sensitive information from a shared drive on the College’s network or from their office desktop computer will need to use VPN to access it (see next item).

Remote access to office desktop computers  There are some cases where a staff member may need remote access to their office desktop computer.  The College’s VPN service must be used in those cases.  No other method of remote access is permitted. Other examples of a need for remote desktop access are:

  • A staff member who needs access to special software that is installed only on the office computer.
  • A staff member who needs to work with confidential information, such as employee or student data, that cannot be stored on Office 365 or Dropbox.
  • Data downloaded from CUNYfirst Reporting, as the reporting instances are currently only available from within the CUNY network.
  • A web content manager who needs to use Contribute to update a department’s web site that has not yet been migrated to WordPress.

Every full-time and part-time employee of the College has access to the College’s VPN service. The user must download the VPN client to the off-campus computer by following the instructions on the web site: https://www.baruch.cuny.edu/bctc/vpn/index.htm VPN is not necessary for staff who only need to access CUNY/Baruch systems (email, CUNYfirst non-reporting, etc.) or want to access/share materials and other non-private information. Note:  Users who need access to data defined as “Confidential” by the CUNY Acceptable Use of University Data in the Cloud policy need to take extra precautions when accessing data via the VPN.  This can include only using data on the office computer via Remote Desktop, and/or encrypting the computer from which the VPN is being accessed.  In either case users must acknowledge their need to access sensitive data and consult with BCTC on the best way for the user to ensure they are taking precautions to keep such data secure.

To get VPN access, open a ticket with the Helpdesk who will then consult on your need and provide instructions to ensure your office desktop is available via Remote Desktop and that you can install the VPN client software on the computer you will be using while off-campus

Teleconferencing – Each division and school has at least one account of the College’s teleconferencing service.  Vice Presidents and School Deans have dedicated account on the College’s teleconferencing service.  Each division and school will decide how to use the account to maintain their internal communication.

Videoconferencing – The College has an enterprise license for Zoom, which staff may access from the “Quick Links” on the College’s home page. In addition, every staff member has access to Microsoft Teams as part of the Office 365 suite, which is also listed under “Quick Links”.   In addition, CUNY has secured access to Cisco WebEx available at https://connectcuny.webex.com/  Access to Zoom is via your Baruch username and password; the last two services are available via CUNY Login

Equipment Loans – Some staff may need to borrow equipment, such as a laptop, to be able to work offsite.  As part of the advance planning for business continuity, Vice Presidents and Deans have identified the equipment needs of staff in the event of relocation.  The equipment will be provisioned and available for pickup from the BCTC help desk by the staff member who will be using it.  While at the help desk the borrower will be asked to test and confirm that the equipment is working as needed as accessing the resources that will be used.

Forwarding Office Telephone Calls – While on campus an employee can forward calls to a home phone or personal cell phone by following the instructions To Call Forward Your Extension.  However, only a BCTC administrator can implement call forwarding from off-campus. If the staff relocation occurs before an employee was able to put the forwarding in place, a request will have to be made to BCTC via Helpdesk@baruch.cuny.edu.  Users can also update their voice mail greeting from off-campus to provide instructions to callers on how to best reach them by following the instructions on the voice mail web page.

Staff Checklist: What to Start Doing in Advance of a Closing

√ Make sure that you can log into all the Baruch systems that you might need—Office 365, Dropbox, CUNYfirst, etc.  Please keep in mind that some of the resources you will need require a CUNY login while others use a Baruch username/password.  Contact BCTC if there is a problem.

√ Find out from your supervisor how your department will communicate with one another as a team. You may choose to do a department wide teleconference.  You may wish to use a video conference.  You may wish to create a departmental group in Microsoft Teams.

√ Update your personal contact information in CUNYfirst through Employee Self-Service as soon as possible.  You also may want to have an internal departmental contact list, containing personal phone numbers and email addresses in the event of disruption of CUNY services.  It may also be useful to share CUNY Login usernames to provide access to Office365, Dropbox, and Webex services.

√ Check your access to technology from off-campus using your personal devices. For example, can you use a personal desktop, laptop and/or mobile device such as a phone or iPad to access our systems remotely? This is a good opportunity to make sure that all your operating systems are up-to-date and compatible with any software you might use. Contact BCTC or your school technology team if there is a problem.  Specifically, if you’ve been configured with VPN access, make sure you can access your office computer before you need it in a critical situation.

√ Practice forwarding your office phone calls to your home phone or personal cell phone and changing your office voice mail message.

√ Understand if your job regularly involves the use of “Confidential” data as defined by CUNY policy, and think about additional steps you would need to take to secure that data in the event you need to access it remotely.

Staff Support during a Campus Closing

The College’s usual support services will not be increased during a campus closing. They will instead face the additional challenges presented by the closing (e.g., working remotely and separately from work colleagues; inability to repair local systems when access to campus is restricted; possible incapacitation due to being sick). It is important for staff to prepare in advance of a closing when support staff will have a greater opportunity to work directly with them.

The following types of support are planned to help ensure that faculty are able to use College resources, circumstances permitting.

  • BCTC Help Desk – In the event of a closing staff should contact BCTC via email using helpdesk@baruch.cuny.edu. Please do not try to phone the help desk, because callers are unlikely to get through due to high volume.  BCTC will be assigning all available staff to provide support in the event of a closing.  Support will be primarily through the Helpdesk ticketing system.