Self-supporting a Cornell computer means taking on additional tasks and responsibilities.
Quick links
IT Security how-to's
Secure My Computers and Mobile Devices
Resources table
| Task or Responsibility | Tips, courtesy ChemIT | FYI: How it is done for managed computers. | Notes |
|---|---|---|---|
| Purchasing | The fastest, easiest, and cheapest way to buy a computer is usually through ChemIT. We invite you to tell us of your needs so we can assist in your computing purchasing decisions. | We purchase almost all computers in Chemistry, saving thousands of dollars every year. | |
| Hardware inventory | Item must be inventoried by ChemIT. Please inform ChemIT if the computer changes location- thank you. | ChemIT is responsible for inventorying all Cornell computers in Chemistry. | |
| Creating an Admin account | Creating a strong password is required by Cornell policy. More security tips: | Group's faculty member and IT Rep. is offered this account, using password entered by IT Rep. | Cornell Policy 5.4.1, p9: Protect the resources under your control with the responsible use of secure passwords and by appropriately establishing an administrator password. |
| Creating and primarily using a User (non-Admin) account | This practice is required by Cornell policy | Automatic, via Cornell's Active Directory | Cornell Policy 5.10, p16: Configure user privileges to be as low as possible while still meeting operational needs. Consistent or regular use of any account with administrative privileges is inappropriate. |
| Keeping the operating system (OS) and applications versions current and patched. | Patch within 14 days, as required by Cornell policy. From IT Security Office: University Policy requires computers connecting to the Cornell network to be updated and patched against viruses and malware. Since no more updates and patches will be available for older unsupported operating systems to meet new threats, these older computers that connects to campus network resources will effectively be non-compliant with University Policy. | We upgrade via active migration to keep on current OS. | Cornell Policy 5.10, p16: Keep all relevant operating system, server, and application software up-to-date (patched). Develop and document a patch management process such that all vendor defined security or critical software updates are installed as soon as possible, but no later than 14 days after their release. |
| Anti-virus | Windows: Use built-in MS anti-virus and keep it updated. Mac: Use MS SCEP and keep it updated. Obtain installer from ChemIT. | Windows: Managed anti-virus (MS SCEP) Mac: Unmanaged anti-virus (MS SCEP) | Cornell Policy 5.10, p17: On all Windows and Macintosh systems, run anti-malware (anti-virus, etc.) software with daily updates and active protection enabled. |
| Responding to IT Security Office inquiries | If system compromised, you must work with IT Security for clean-up and for the system be be allowed back on the network. | ||
| Installing local printers | Use group printer's DNS name: | ChemIT installs. | |
| Installing MS Office | Download from Office 365 account (up to 5 installations) | Use Cornell's central licensing infrastructure and processes for IT support providers for unlimited installations. | |
| Adobe applications (Acrobat, Photoshop and other components of the Adobe CS suite) | Obtain ChemIT's services for them to install, with your Admin credentials, required applications using Cornell's site license. | Use Cornell's central licensing infrastructure and processes for IT support providers for unlimited installations. | CIT's licensing info: |
| ChemDraw | Download from CambridgeSoft, using Cornell license: | ChemIT installs. | |
| Encryption: Whole-disk | Implement and escrow keys. Required by Cornell policy, with a grace period until January 2017 (as of April 2016). | Planning underway (as of April 2016). Will use Cornell's key escrow service built into MBAM, for IT Support Providers. | By Jan 2017: Cornell Policy 5.10, p17: All university-owned desktops, laptops, smartphones, tablets, and other portable computing devices must utilize whole-disk-encryption software to protect all local, persistent storage when the system is powered off. |