Campus policies related to computers
What are the campus policies related to computers?
Here is a link to the campus policies related to computers and a second link for designated non-capital assets (DNCA).
https://it.umd.edu/about-dit/governance/it-policies-standards-guidelines/standards
https://finance.umd.edu/asset-management/designated-non-capital-assets
Here are specific requirements at a practical level.
- Customer responsibilities
- Patching computers
- Operating systems that are not supported by the vendor are not allowed unless a written exception has been granted by the Division of IT.
- If computers are managed by EIT, reboot the machine monthly to ensure patches take effect.
- If computers are not managed by EIT, apply patches to operating systems and applications to keep machines up to date.
- Physical security
- Keep devices and equipment in locked areas.
- Do not leave portable devices unattended.
- Disposal of old equipment and devices
- There is a required process to follow. No one is permitted to dispose of devices through any other process.
- Contact EIT (eit-help@umd.edu, x51634) for disposal of old devices. There are procedures that must be followed to manage inventory and to ensure any sensitive data is not exposed.
- Patching computers
- Inventory
- All desktops, laptops, server, tablets, and cell phones owned or leased by UMD must be tagged and put into inventory. Any devices that cost less than $5,000 are considered DNCA. Any devices over $5,000 are considered capital assets.
- Engineering IT Operations is acting as the asset specialist for DNCA. The asset comes to us first to be tagged and configured.
- Software EIT installs
- Clearpass OnGuard network authentication
- This is required by the Division of Information Technology for all UMD owned computers.
- Crowdstrike anti-virus
- This is required by the Division of Information Technology for all UMD owned computers.
- Insight VM
- This will be required in the near future by the Division of Information Technology to ensure that all computers are up to date on patches.
- Lansweeper
- This is used by Engineering IT for inventory purposes to help meet DNCA requirements.
- MakeMeAdmin (Windows) or Privileges (Mac)
- In required situations, this allows authorized users to elevate privileges for a brief period of time to install software or make configuration changes. Running as a privileged user on a regular basis is not allowed by the Division of IT.
- Central management and authentication
- This is required by the Division of Information Technology for all UMD owned computers.
- Macs
- JAMF for management and JAMF Connect for UMD authentication
- Self service installation
- Security patches
- Configuration
- Windows
- AD/InTune for management and UMD authentication
- Self service installation
- Security patches (Ninite for 3rd party apps)
- Configuration
- Linux
- Glue Linux
- Kerberos for UMD authentication
- Puppet for management
- Security patches
- Configuration
- Non-Glue Linux
- LDAP/Kerberos for UMD authentication
- Ansible for management
- Security patches
- Configuration
- Glue Linux
- Clearpass OnGuard network authentication