Articulating expectations and understanding to reduce surprises.
Glossary
Un-supported computer: A computer not set-up by Chemistry IT. It is not on AD so cannot be managed, either.
Supported computer: A computer set-up by Chemistry IT. It's on AD. May or may not be managed.
IT managed computer: A computer set-up by Chemistry IT and also set-up to be managed using Cornell's management tools. Includes patching.
Q: What software is forced on a supported computer?
A: Only one enabling application: CM Client.
Q: What software is forced on a managed computer?
A: Only one more enabling application: Flexera CSI (Secunia)
KEY: No software is forced-installed (software that would be new to the computer) on Windows except the following, and only under specific circumstances:
| Software forced-installed | Circumstance | Notes |
|---|---|---|
| CM Client | Added when system added to CU AD | Non-issue, right? |
| Flexera CSI (Secunia) | Added when system added to (CIT?) Central Patching | If only gets installed if a system is added to CIT Central Patching, non-issue, right? |
| No other software is forced-installed! | Forced-installed should not to be confused with patching, action taken on pre-installed software. |
Q: What software on a supported computer gets patched by Cornell?
A: None, by default.
Windows by default is set to be patched by Microsoft directly. Some third-party software may similarly be auto-patched.
Q: What software can get patched, if patching enabled?
A: Either a group of software or individual software gets patched, depending on configurations to enable specific needs.
Q: What software on a managed computer can be installed auto-magically?
A: Only software for which a Cornell IT group has created a "package".
Q: If software is installed
Either software for which either a Group Policy (GP) or Managed Desktop (MD)
| (1A) CU AD | (1B) CM client | CIT Central Patching | A&S Central Patching | Chemistry Central Patching | A la carte patching (CM) | A la carte patching: (GP) | A la carte installs (CM) | A la carte installs (GP) | |
|---|---|---|---|---|---|---|---|---|---|
| What service gets you or does: | Gets you CM client automatically (forced install) | Enables all other CM services, and depends on CU AD. | Patching ONLY if application already on system. A bundle. On CIT's schedule. | Patching ONLY if application already on system. A bundle. On A&S IT's schedule. | Patching ONLY if application already on system. | Patching ONLY if application already on system. | |||
| STATUS | Need? | Not exist: Need? Possible? | |||||||
| Pros of service: | Usernames are NetID and NetID passwords. Enables all other Chemistry IT management tools, including CM-related ones. | Enables other things, by default is passive. | |||||||
| Cons of service: | Enforced password strength. | Reports some hardware (applications?) data to CIT's servers (viewable by?) | Forced reboots | Our schedule | |||||
| How used in Chemistry It uses in supporting Research: | All supported Windows able to get on AD get this. | Thus, supported Windows able to get on AD get this. | Java patching | Java intalls. |
Patching schedule
CU's default
A&S IT's default
Chemestry research Option 1:
Chemestry research Option 1:
Why use CM patching for non-forced reboot?
NOT pre-download.
Yes: Points to CIT's patching. WUS server: MS and non-MS patching. Ex: Flash. 10-space for non-Proxied apps.
Snap-shot of a la carte patching targets:
| Application | Owner | Notes |
|---|---|---|
Snap-shot of a la carte installable applications"
| Application | Owner | Notes |
|---|---|---|
| SCEP | Chemistry IT | If SEP or other anti-virus software already installed, uninstalls that software first. Created by Michael Hint, and shared with the AS IT Science cluster.
|
| Others? |