Versions Compared

Old Version 9

changes.mady.by.user user-29411

Saved on

compared with

New Version 10

changes.mady.by.user user-29411

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpt

Motivations for, and barriers to, using Cornell's MS Configuration Manager (CM) more powerful tools and capabilities, such as application updating. Especially within Research.

See also

Resources

Interesting CM/Casper/Encryption stats CIT website

...

  • CM on all Windows within CU AD is OK as long as nothing else is automatically done to those computers via CM simply because the are on CM. No MS patching, no Flexera, etc!
  • See: CM-related services

We can roll out CM within Research ONLY IF we have the option, per computer, to pick and choose CM capabilities to best meet that research computer's business need.

  • KEY requirement: Do not force use of MS updates (OS, Office, etc.) on a computer simply to benefit from other CM services such as CM SCEP or CM Firefox.
  • Many research computers, especially those attached to instruments, must only be updated and restarted by the user, and not forced on them.

CM-related services

Q: What software is forced on a managed computer?

A: Only two enabling applications: CM Client and Flexera CSI (Secunia).

  • KEY: No software is forced-installed (software that would be new to the computer) on Windows except the following, and only under specific circumstances:
Software forced-installedCircumstanceNotes
CM ClientAdded when system added to CU ADNon-issue, right?
Flexera CSI (Secunia)Added when system added to (CIT?) Central PatchingIf only gets installed if a system is added to CIT Central Patching, non-issue, right?
No other software is forced-installed! Forced-installed should not to be confused with patching, action taken on pre-installed software.

Q: What software gets patched?

A: None by default.

Q: What software can get patched, if patching enabled?

A: Either a group of software or individual software gets patched, depending on configurations to enable specific needs.

Q: What software can be installed auto-magically?

A: Either software for which either a Group Policy (GP) or Managed Desktop (MD)

 

 (1A) CU AD(1B) CM clientCIT Central PatchingA&S Central PatchingChemistry Central PatchingA la carte patching (CM)A la carte patching: (GP)A la carte installs (CM)A la carte installs (GP)
What service gets you or does:Gets you CM client automatically (forced install)Enables all other CM services, and depends on CU AD.Patching ONLY if application already on system.Patching ONLY if application already on system.Patching ONLY if application already on system.Patching ONLY if application already on system.   
Pros of service:

Usernames are NetID and NetID passwords.

Enables all other Chemistry IT management tools, including CM-related ones.

Enables other things, by default is passive.       
Cons of service:Enforced password strength.Reports some hardware (applications?) data to CIT's servers (viewable by?)       
How used in Chemistry It uses in supporting Research:All supported Windows able to get on AD get this.Thus, supported Windows able to get on AD get this.    Java patching Java intalls.

Snap-shot of a la carte patching targets:

ApplicationOwnerNotes
   

 

Snap-shot of a la carte installable applications"

ApplicationOwnerNotes
SCEPChemistry IT

If SEP or other anti-virus software already installed, uninstalls that software first.

Created by Michael Hint, and shared with the AS IT Science cluster.

  • Why not made available to anyone at A&S?
  • Why not made available to anyone at Cornell?
Others?  

...

Table tracking concerns, questions, and progress

...