...
- Retaining this standard of practice, which has been in place for years and is enabled by CIT's provisioning of these central services, will increase the visibility number of the college's computer assets , decrease the riskin the Chemistry Department made visible to management and audit.
- Increasing the number of assets made visible, concurrent with investments being If investments are made to improve reporting , our increased visibility can more easily within these centralized tools such as putting data into Remedy Asset Management, will also increase the accountability of the configuration of the college's computer these same assets. This can help target technical and social efforts to further improve our security posture without compromising required functions or trust in centrally-provided tools.
- By compelling IT support providers to opt-in to affecting changes to systems under their jurisdiction, it will continue to promote a culture of engagement and accountability on when these powerful centralized tools are most effectively brought to bear on given problems.
At Cornell the The two management tools used at Cornell are each focused primarily on one of two supported computer operating systems (OS):
...
The client is the ONLY method the university provides and makes investments in to get data automatically into Remedy. Remedy has Cornell-specific fields to help ensure university policy-related deviations from compliancecompliance to university policies. Thus we should be promoting the use of these clients and reducing practices which . And not do anything to impede their use, such as making changes automatically to systems just because they have the reporting client installed.
CIT provides these tools. CIT, by default, makes no changes to any system on which the client is installed. Arts and Sciences IT should do the same and let the local IT support providers "own" changes made to their systems, while facilitating installation of the client on all possible university-owned computer assets.
Chemistry IT has been using these powerful central computer inventory and management tools for many years (8?). Indeed, when we add a Windows computer to AD, we have it automatically install the CM client. Always. Not only do these clients provide central visibility of our computers and their "state", but they also afford us other advantages. They These advantages include:
- Enable logging in with NetID.
- This means our department does not have to manage log-in accounts,
...
- such as password resets.
- Using this technology also provides automatically credentialing to central services such as SFS and policy-based mounting, etc., etc.
- Enable logging in with AD accounts (
...
- number of these easy to get? It's many!)
- Centrally-managed passwords provide for one location to update passwords on many systems at once. distributed among different computer making their management untenable
- Enable easy access via Active Directory.
the use of policies independent
...