A better ZOOM experience

This article was published on: 16/12/19 9:48 AM

Augmenting and improving our Zoom experience on campus

The (rather excellent) Zoom video conferencing software has become the default standard for our staff, but as with any software-based conferencing solution, there are a number of ways to automate and improve our user’s experience with the tool.  If you’re supporting a Zoom conference or setting one up for your own use there are a number of things that can make the process easier.

Single Sign-on
There are multiple methods of logging into the Zoom client, but only one method gives full access to our hosted Zoom environment.  When a user loads the Zoom client directly (instead of just clicking on a Zoom meeting invitation they’ve received) they are invited to sign in:

For a first-timer, it isn’t immediately obvious what should be done here.  Our ICT Self Help page has great documentation but most people are exposed to this screen long before they get to our helpful guide.  While any of these options will work to login to Zoom, the preferred method is to use the Sign In with SSO option.  Doing so will display a request for the company domain, which in our case is “”.  Clicking Continue after this will take the person to our standard sign-in page in their browser, eventually leading to the web console where meetings can easily be booked, configured, and communicated.

Scheduling a meeting
While the web-based console can be used to create a scheduled meeting and send out Google Calendar invitations to invitees, there is an easier method.  Zoom has a Chrome extension – Zoom Scheduler.

After installation, the Scheduler adds extra options to your Google Calendar environment.  Using this you can easily create a meeting in a meeting room or office, and send the Zoom invitation to everyone else.

Rights in a scheduled meeting and audio
The most common support issues with Zoom calls (aside from the eternal game of canyouseeme/canyouhearme common to all software video conferencing) are the access rights to the meeting and the functionality of the mute option.  

When a person schedules a meeting, we suggest that if they are unable to attend themselves or are booking a conference on behalf of someone else they select the option to allow others to start the meeting on their behalf.  This can be found in the web-based Zoom console after login, and more easily located under the options in the Zoom Scheduler. Using the Alternative Host option and designating other attendees can make the launch process much easier to support.

The other common issue we see is the accidental muting of participants.  The symbol for mute in Zoom is very subtle, and often the meeting host will mute participants while adjusting their own audio, leading to confusion about who can hear whom and on which side the problem lies.  When troubleshooting such issues, look first for a mute symbol overlayed on the camera window of any participants, and check the host’s mute options are not silencing the audience.


ICT Donations to New Zealand Schools

This article was published on: 1/08/19 4:24 PM

This week ITS at the University of Waikato made one of it’s largest School donations ever; with more than 80 computers and other devices gifted to Schools from the Coromandel to the Bay of Plenty.  We’re excited at the opportunities and education potential these devices will offer to our community and young students.  If you have old devices in your office you’d like to get rid of, log a request in our Kuhukuhu site (use the Disposal template) and we’ll arrange a great new home for them.  So far, we’re delivered:

Hillcrest Normal School
1 x Mac Mini
4 x Macbook Pros

Pirongia School
5 x Dell laptops

Tatuanui School
4 x Dell Laptops

Te Rapa School
4 x Dell Desktops
10 x LCD Monitors
1 x Mac Mini
4 x Macbook Pro

Maeroa Intermediate School
4 x iMacs

Te Wharekura o Te Rau Aroha
4 x iPads
7 x Dell Laptops
5 x LCD Screens

Bombay School
4 x iPads

Ransomware and how it can affect YOU.

This article was published on: 4/07/19 4:56 PM

What does a Ransomware attack look like?
The usual way a person becomes infected with Ransomware is inadvertently clicking on a “dodgy” link or installing rogue software from an untrusted website. Once Ransomware takes hold of your machine it will begin to encrypt selected files on your device. These encrypted files cannot be recovered without a code purchased from the Ransomware creators, usually at a significant cost. After this happens the malware solicits you to pay this fee, usually with a strict deadline before your files are unrecoverable. Ransomware typically uses strong encryption methods that make it impossible to get your files back without the original key, which only the Ransomware creators hold.

In summary, the Ransomware nasty is holding your files hostage and asking for a payment to unlock them, hence the name Ransomware.

Attackers usually only accept payments in the form of Bitcoin, providing an anonymous Bitcoin wallet address to send to. One of the attractive aspects for malware creators of Bitcoin is that the currency doesn’t provide any method of recovering the funds and all transactions are final. This means that the victim is powerless to retrieve any money paid even if they successfully recover their files, and the transaction is totally anonymous.

In Florida, June 2019, three government agencies were infected with Ransomware. In all three cases, the origin of the Ransomware was an employee opening an email attachment from a malicious sender. Once open the software is capable of traversing through a person’s local network and spreading to other machines. In one of these cases, Lake City paid out $460,000 USD in Bitcoin to the attackers with no guarantee this would actually result in their files being restored.

What you can do to stay safe?
Make sure that email attachments come from someone that is trustworthy and the attached file is something you would expect to come from them. Remember, if you don’t trust an email, please contact the ITS helpdesk on 4008 or forward your email to where one of our friendly consultants can verify it’s authenticity and safety.

Max Gernhoefer

What happened to my browser?

This article was published on: 15/05/19 2:25 PM

If you’re like most of us you mainly use Google Chrome or Firefox to access your online tools, resources, and email. They’re both great browsers, but sometimes things seem to change on their own. You might open a new tab and see a strange new search engine, or start getting strange popups from websites you’ve previously visited but which aren’t currently open. More alarmingly, you might notice strange downloads happening you didn’t initiate, or your email tells you someone else is logged in from another location. What’s going on?

In many cases the answer is malware, but unlike the really nasty stuff that contaminates your computer, this variant lives entirely inside the Chrome web browser. This might seem innocuous, but considering how much of your personal, financial, and private information passing through the web it’s worth taking seriously if you think you might be “infected”.

Browser-based malware is a form of unwanted software that modifies a web browser’s settings without your permission. The usual result is the placement of unwanted advertising into the browser, and possibly the replacement of an existing home page or search page with a new page entirely. The idea is to make you visit certain websites whether you want to or not so the hijacker receives advertising revenue. Worse, browser hijackers and malware may also contain spyware to obtain banking information and other sensitive data.

How can I tell if I have browser-based malware?

Signs that your browser is hijacked by malware include:

  • searches that are redirected to different websites
  • multiple pop-up advertisements
  • strange new toolbars in the browser

Or if you see any pages referencing any of the following:

  • Ask Toolbar
  • GoSave
  • Coupon Server
  • CoolWebSearch
  • RocketTab

How did this happen?

Unfortunately what happens in your web browser is difficult for our Trend virus scanner to detect, as there are many extensions and Chrome apps that are entirely desirable and useful, and distinguishing between them and malicious variants is difficult. The good news is your browser is actually very secure, each tab you open is entirely separate from any other tab and they cannot cross contaminate each other (a technology called “sandboxing”). In all cases of browser malware, you must click a button to agree to install the extension or app before the infection can occur. Examples of these prompts look like this, and if you see one you almost certainly want to hit “Cancel”.

An example of a Chrome extension installation request


The dreaded Ask Toolbar malware

What do I do if I think my browser is infected?

It’s time to ask for some expert help! Log into our Self Service portal at and look for the Software Assistance option. FIll in the form and a friendly IT consultant will get in touch. We can remove the problematic extension or app and give you some advice on how to stay safe online.

Nga Mihi,
ITS Service Operations

Why do people send Phishing email? What does it achieve?

This article was published on: 4/07/18 5:22 PM

First, what is “Phishing”?

Phishing is the vernacular for an attempt by a person to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication (usually an email). Here at the University of Waikato these messages usually claim to be from ITS, another colleague, social web sites, auction sites, online payment processors, or IT administrators.

Phishing emails often contain links to websites that masquerade as an internal Waikato login page, and can look quite convincing. Falling for a Phishing email can be quite devastating, and can involve personal financial loss to the staff member involved as well as the loss of corporate or student data.  Once a “Phisherman” has access to your University account, they have access to your email and Google Drive.  Ever emailed your credit card or bank account details to anyone?  Now the hacker has those too!

Spotting a Phishing Email

1. The message contains a mismatched address

2. Addresses contain a misleading or misspelled domain name

3. The message contains poor spelling and grammar

4. The message asks for personal information

5. The offer seems too good to be true

6. You didn’t initiate the action

7. You are asked to send money to cover expenses

8. The message makes unrealistic threats

9. The message appears to be from a government agency


Still not sure if that message is legit?  Forward the email to and well check it out for you.

Ever wanted to see what your back yard looked like 750 million years ago?

This article was published on: 18/06/18 10:17 AM

Hi everyone, we’re going to talk about a fun topic today – but hopefully one with teaching and research uses.

Have you ever looked at a picture of the supercontinent Pangea and wondered where your current address would have been 250 million years ago? A new online map provides this very service, allowing us to see modern locations across 750 million years of our planet’s history.  It’s like using Google Earth in a TARDIS!

This awesome 3D map is the invention of Ian Webster, curator of one of my favorite sites, Dinosaur Database. It defaults to 240 million years ago, when our planet was dominated by the giant Pangea supercontinent, and it makes little sense from our current perspective.  To overcome this, Webster overlays the map with modern political boundaries, and you can even search for present-day addresses to pinpoint specific locations. Using the left or right cursor keys, you can scroll back or forward in time to see the shifting of the continents. In all, the map goes from 750 million years ago to the 21st century, so you can watch how a specific location on Earth changes across the Devonian, Jurassic, Neocene, or whichever period strikes your fancy.

It’s got pride of place on a laptop in my office, with my house as it as 500 million years ago rotating serenely.  Technology can be a complicated, confusing and often dangerous thing – but sometimes it’s great to be reminded that it can also be a work of art and provoke us to experience moments of wonder and joy.

Ngā Mihi,


A handy guide to the wireless options at our Hamilton campus

This article was published on: 16/05/18 12:21 PM

If I told you that the wireless networks at our Hamilton and Tauranga CBD campuses were fast, reliable and (relatively) easy to connect to would you be skeptical?  It’s true! In this post, I’ll attempt to explain how our Wifi works and provide some troubleshooting tips for navigating the common problems people have connecting their devices to the Internet.

First, let’s cover the somewhat confusing list of wireless network choices you will encounter when you click the wifi icon on your device.  This is not a concise list, as there are some specific purpose networks only available in certain spaces or on event days. But in general you’ll see the following:

  • Waikato: This wifi network is for guests and contractors using their own equipment, or conferences on campus.  When you connect to it a screen will load on your device asking you to identify yourself.  Supply the requested information and you’ll have full access to the Web.  File shares, some enterprise applications, and direct printing are not available on this network.
  • Lightwire: This is something of a legacy from a period when a third party company provided Internet access to students.  This network also requires no password, but it will load a splash screen asking for a credit card after you connect.  You almost certainly don’t want to select this option.
  • eduroam: Are you a staff member or a visitor from another University?  This is the network for you! When you select this network for the first time you’ll be promoted to authenticate yourself, please make sure you use your entire email address (don’t use and your usual password.  Your device might throw up a request for you to accept a certificate as part of the initial login too, it’s OK to tell your device to trust it.
  • UOW Students: As you might expect this is the wireless network for all our enrolled students.  The only difference compared to eduroam is the username to use for the student wifi is (please note the plural of students).

Still having issues?  Most likely you’ve selected one of the other password-less wifi networks in the past and your device is confused about which one it should be using.  Most wireless issues on campus can be easily solved by simply deleting the waikato, Lightwire and UOW Guest networks from your trusted wifi list on your device.  Once you’re down to either eduroam or UOW Students (whichever is appropriate) you should find your connectivity works pretty much campus wide.

Finally, your device saves your password into an internal database so it can connect again later without bothering you.  When you change your Waikato password you’re also resetting the connection details to eduroam and UOW Students, so the saved password on the device is no longer valid.  You’ll need to forget and rejoin the network on most devices after doing so, which is another great reason to sign up for two-factor authentication and never worry about changing your password again!

For technical guides on connecting to our wireless networks, please consult our ICT Self Help portal.  Staff/Guest Wifi & Student Wifi documentation is available.

Nga mihi,



Why is that nice lady from China always calling me?

This article was published on: 4/05/18 4:58 PM

Kia Ora, from Te Manaaki Rauhanga

If you’re like me, you’ve lately been receiving the odd call from unknown numbers on your cell, home or work landline.  Usually, when you answer the call you’ll hear a recording of strange noises, perhaps someone speaking in a foreign language, or silence.  Occasionally you’ll also get a call that rings once and hangs up, and when you call back you’re greeted with the same kind of bizarre audio.  What’s going on?

In short, it’s a rather clever scam.  A very profitable one that can generate a significant bill for the University or you personally.  Here’s how it works, and what you need to know to protect yourself from these callers of dubious virtue.

The basic idea is to entice you to call the scammer back using your phone or device, which initiates the call from your end.  There are usually some sophisticated techniques employed that makes the number the call originates from appear to be a New Zealand cell number, or something else reasonably local.  However, regardless of what you dial, the call will be received by what you might recognize as a “0900” number – one of those nineties-era relics where you pay an extra fee to call for the weather or some other service.  Except instead of $0.99 a minute to hear the latest royal gossip you’re charged a slightly less reasonable $10-$50 a minute. This is a good deal more complicated than the good old days of Nigerian Kings asking for your bank account number!

So what can you do to stay safe?

  • If you receive a call that’s obviously a recording or in a language you don’t recognize hang up immediately.
  • If you get a missed call from a number you don’t recognize, don’t return the call.  If it’s an actual person calling they’ll call again or leave you a message.
  • Use your phone’s ability to block callers when you receive a robocall you suspect is from a scammer.  Android instructions.  iOS instructions.

There are a great many scams via email, phone, malware and social media these days – this is only the latest iteration in an increasingly confusing and sophisticated field of IT security where there’s little risk to the scammers and great potential gain (ie. your money).  We’ll do our best to keep you in the loop as these things pop up, but for now our best advice is to assume that any strange communications you receive are dodgier than a ten dollar iPhone.

There’s a great podcast you can listen to in your browser that does a deep dive on one instance of this scam.  It’s very non-technical and a really interesting listen:

Finally, there’s been a bit of media coverage on this issue.  Feel free to read it, but have some sympathy for some of the reporters who get a bit confused on exactly what’s going on.

Have a great weekend,


Your University email experience is about to get a whole lot better!

This article was published on: 27/04/18 4:37 PM

Kia Ora, from Te Manaaki Rauhanga

This will be something of a long post.  I’ll attempt to be as concise as possible, but today we’re going to explore the really interesting new features Google is rolling out to it’s Gmail web interface.  Gmail is the tool we use at the University of Waikato for our browser-based email service.  When you load Chrome and access your inbox you’re using a version of the Gmail interface, so all these wonderful new features will be impacting you in the next little while.  If you primarily receive your email via a third party tool like Outlook or Apple Mail you may never see these changes, and if this describes you, then this might be a good opportunity to revisit the web version.  These new changes are already available (if you opt in) in any personal Gmail account you have, and our staff and students will be receiving the new interface in a few weeks.

The new interface, click to enlarge

Wait, is that my Calendar?

Let’s talk about the most significant change (from my perspective) first.  A new pane on the right side of the new Gmail interface contains buttons for Google Calendar, Google Keep, and Google Tasks.  The last two options are handy tools, but it’s the Google Calendar integration that really shines.  Now, you can generate a new Calendar appointment directly from an email, see your calendar for a given day before replying and view a co-workers calendar – all from within your email.  I refer to my Calendar as my “Brontosaurus Brain”, in that it takes care managing all the things I might otherwise forget to do (like eating, breathing, and sleeping).  Having it right there alongside my email is a fantastic convenience.

I can’t remember when my calendar was ever that empty.

Confidential mode for messages you send

Ever want to send someone a message they can’t (easily) copy, that evaporates from the recipients’ Inbox after a set period of time or send someone a message you can remotely destroy like those really expensive looking Mission Impossible explody briefing documents?  The new Confidential Mode gets you most of the way there, without the hazard of potential bodily harm.

Less dramatic than self-immolating sunglasses but it does the trick.


Emailing a sensitive document to a third party is now a whole lot less risky. Unless they have a camera on their cellphone…

Hover Buttons

Now you no longer need to open an email to archive, delete or mark it as unread.  Simply hover the mouse pointer over the message in your Inbox and new options will appear as buttons on the right of the thread.  The handiest is the new “Snooze” option, which allows you to temporarily dismiss a message that you may not have time to deal with currently in the sure and certain knowledge that it will be back to vex you again.

Hmm, Archive, or Snooze?


Improved detection of dodgy email

Are you as sick of phishing scams as I am?  Google is too, and they’re rolling out a new warning system for telling you about messages they think may actually not be from the son of a wealthy, deposed African despot.  Trust the scary red banner, not Prince T’Challa.

And the rest

And a few additional sweeteners if you need them,

  • Computer-generated Smart Replies like those seen in the mobile Gmail app (the suggested reply buttons with waaaaay too many exclamation marks).
  • A new “Nudge” feature will point out emails that have sat untouched in your inbox for some time.
  • View and download attachments without needing to actually open the email.
  • New ways to filter and sort your default Inbox view.
  • Using Raiser’s Edge, Trello or another productivity tool?  The new add-ons and features can help you do things faster on all your devices directly from your email with just one download.

Feel free to ask us any questions about Gmail, how it works and how you can make the best use of it.

Nga mihi,


Nau mai, Haere Mai!

This article was published on: 23/04/18 10:54 AM

Author:  Paul Cowan, ICT Relationship Manager

Kia Ora,

Testing one two three.  to all our University of Waikato staff, students, and whanau, and welcome to the inaugural article of our new technology focused blog Tech Talk.

Your friends & colleagues at ITS are excited to introduce what we hope will be a valuable resource to help keep you informed of upcoming changes to the technology you use every day.  It won’t have escaped your notice that the digital environment we all work with tends to change rapidly. Whether it’s a new calendar environment, Moodle upgrade, phishing email, or operating system, it’s easy to feel overwhelmed by the speed with which a previously familiar tool or online experience can suddenly change.  Technology obsolescence that used to take years for many apps now seems almost instant, new devices are constantly becoming available, and why do we still need to restart our routers all the time?  (I’m looking at you Spark).

To help keep you up to date with pertinent changes to your digital life at the University of Waikato we’ve launched this blog, which we’ll use to give our individual subject matter experts a place to let you know (in plain English about upcoming changes we feel you should know about.  To that end, let’s kick things off with some exciting new changes coming soon to the GSuite environment.

What is GSuite?
The rather clunky moniker “GSuite” is Google’s catchall term for it’s package of cloud-based services that our staff and students use for email (GMail), calendar (Google Calendar), storage (Google Drive) and collaboration (Google Docs, Sheets and Slides).  There are many more tools and apps wrapped up in the GSuite bundle, but those four are the most popular and frequently used. All of these terms tend to get used interchangeably quite a lot, and you may find someone talking about Google Drive when you suspect they really mean Google Docs.  GSuite is a wonderful cloud based resource, but like many Google products, it can become quite confusing to determine which part of it you’re interacting with at any given time. Because it’s a cloud based web resource that Google updates often, it’s not unusual to login and find everything is rather different!

There are some significant changes to the Google Sheets component of the GSuite environment that have just been launched, and we’d like to introduce them today.

Starting today, you can record a macro in Google Sheets. Let’s say you need to format new data imports or build the same chart across multiple sheets of quarterly data. Repeating the same steps manually can take hours, but the Sheets macro recorder lets you record those actions and play them back on command without having to write any code.

Here’s how it works: when you record a macro, Sheets converts the macro actions into an Apps Script automatically. If you want to update your macro, you can simply edit the script directly instead of having to re-record the macro from scratch. You can also write your own Apps Script functions and import them as new macros.
The best part about Sheets macros is that they’re built for use in cloud-based files, which means that teams can run macros at the same time that others are working in the sheet without interrupting them. For example, a team of students working together on a spreadsheet can run macros while reviewing the same spreadsheet. It also means that staff or students won’t be forced to download sensitive files to use your macros. Since your Sheets files are in the cloud, you can keep tighter controls over who can view and re-share your data.

You can learn more, and see a demo of this functionality at Google’s own blog.

Add checkboxes to a list in Google Sheets
You can turn a list of items into a checklist with the new checkbox feature. See the Help Center to learn how to add and use checkboxes.

Improved date-based pivot tables
Google is making it easier to work with dates in pivot tables by adding an option to create groupings by time and date, including hour, day, month, quarter, year, and more. See the Help Center to learn how to add and use pivot tables.

Better spreadsheet printing
There are now new features to make it easier to print spreadsheets. Specifically, you can specify custom paper sizes and set custom page breaks. This makes it easier to get the right content from a spreadsheet on a printed page. See the Help Center for more about how to print from Google Sheets.

Nga Mihi,