Self-supporting a Cornell computer means taking on additional tasks and responsibilities.
Quick links
IT Security how-to's
Secure My Computers and Mobile Devices
Resources table
Task or Responsibility | Tips, courtesy ChemIT | FYI: How it is done for managed computers. | Notes |
---|---|---|---|
Creating an Admin account | Creating a strong password is required by Cornell policy. More security tips: | Group's faculty member and IT Rep. is offered this account, using password entered by IT Rep. | Cornell Policy 5.4.1, p9: Protect the resources under your control with the responsible use of secure passwords and by appropriately establishing an administrator password. |
Creating and primarily using a User (non-Admin) account | This practice is required by Cornell policy | Automatic, via Cornell's Active Directory | Cornell Policy 5.10, p16: Configure user privileges to be as low as possible while still meeting operational needs. Consistent or regular use of any account with administrative privileges is inappropriate. |
Keeping the operating system (OS) and applications versions current and patched. | Patch within 14 days, as required by Cornell policy. | We upgrade via active migration to keep on current OS. | Cornell Policy 5.10, p16: Keep all relevant operating system, server, and application software up-to-date (patched). Develop and document a patch management process such that all vendor defined security or critical software updates are installed as soon as possible, but no later than 14 days after their release. |
Anti-virus | Windows: Use built-in MS anti-virus and keep it updated. Mac: Use MS SCEP and keep it updated. Obtain installer from ChemIT. | Windows: Managed anti-virus (MS SCEP) Mac: Unmanaged anti-virus (MS SCEP) | Cornell Policy 5.10, p17: On all Windows and Macintosh systems, run anti-malware (anti-virus, etc.) software with daily updates and active protection enabled. |
Responding to IT Security Office inquiries | If system compromised, you must work with IT Security for clean-up and for the system be be allowed back on the network. | ||
Installing local printers | Use group printer's DNS name: | ChemIT installs. | |
Installing MS Office | Download from Office 365 account (up to 5 installations) | Use Cornell's central licensing infrastructure and processes for IT support providers for unlimited installations. | |
Adobe applications (Acrobat, Photoshop and other components of the Adobe CS suite) | Obtain ChemIT's services for them to install, with your Admin credentials, required applications using Cornell's site license. | Use Cornell's central licensing infrastructure and processes for IT support providers for unlimited installations. | CIT's licensing info: |
ChemDraw | Download from CambridgeSoft, using Cornell license: | ChemIT installs. | |
Encryption: Whole-disk | Implement and escrow keys. Required by Cornell policy, with a grace period until January 2017 (as of April 2016). | Planning underway (as of April 2016). Will use Cornell's key escrow service built into MBAM, for IT Support Providers. | By Jan 2017: Cornell Policy 5.10, p17: All university-owned desktops, laptops, smartphones, tablets, and other portable computing devices must utilize whole-disk-encryption software to protect all local, persistent storage when the system is powered off. |