Supported Operating System Configuration

Policy: Supported Operating System Configuration for Desktop and Laptop Computers

Policy Statement:
Computers in the College of Arts and Sciences need to be on the Active Directory network or domain to ensure that they comply with the University standard for connected devices, receive regular and vetted security updates and are centrally manageable for access security and stability. CAS Computing will not provide software and operating system support for desktop and laptop computers that are not part of (“joined to”) the domain. Computers that have fallen off the domain through malware or error will still be supported with the intent to return them to the domain.

Users who choose to not have a computer on the domain must provide a signed statement indicating that they are aware of this policy and its possible implications.

Computers connected to data collection equipment can be exempted and receive “best effort” support with a written statement from the equipment vendor stating that quality data cannot be obtained if a machine is part of a domain environment.

CAS Computing will provide hardware support to machines within the College and tagged by Equipment management within the College's Supported Hardware Guidelines.

Reason for Policy:
This policy is designed to secure and stabilize computer systems within the College of Arts and Sciences thus reducing demand on the limited resources of CAS Computing while enabling adequate functionality and flexibility for academic and research needs.

Disadvantages of not being on the domain:

  • No software support from CAS Computing
  • License and registration of Microsoft Windows and Office must be individually tracked and managed.
  • Security updates required by the University standard for connected devices must be installed and filtered of undesirable patches on a per machine basis
  • No baseline security policy settings (built from the Federal Desktop Core Configuration (FDCC) standard).
  • Non-Microsoft applications that otherwise would be pushed out centrally must be installed/updated manually by an administrator for each computer.
  • No possibility of warnings by CAS Computing of exploitable versions of installed software. (No software auditing.)
  • Local user account management:
    • Individually created and destroyed for every user of every machine
    • Generic accounts created with shared (or blank) passwords
    • All network resources must be manually mapped with AD credentials
  • Machines are not present in inventory tracking software, so College-wide computer replacement program is likely to overlook them.

Last updated 6/12/2012