Still have questions?
...
- Windows computers will typically apply all software updates between 10:00 pm and 5:00 am.
- Please save your work and leave your computer on during week days and nights to allow the updates to happen during scheduled maintenance times. You can put your computer in 'Lock' mode before leaving.
- If a restart cannot happen during the regularly scheduled maintenance time, then you will see a pop-up notice that a restart is needed to apply necessary updates. In Windows 10, you can choose to apply the update immediately, or schedule when the reboot will occur within this pop-up notification.
- Apple computers receive updates as they are released typically without interruption, however those system updates that require a reboot will notify with a pop-up window and the option to defer the installation of the update(s) for 4 or 8 hours via dropdown field.
- If you defer, and then later want to apply the update without waiting for a second notice, feel free to go to the Apple Menu and select Check for Updates and manually apply the updates at your convenience.
...
SCCM and JAMF Pro can report on what software is installed on computers. However, we will not be using this capability without your permission (or when state or federal law legally compels us to do so, as explained in Whitman’s Privacy Policy). [updated to accurately reflect internal policy] This information will be used in aggregate for licensing information and individually for identifying unpatched software in need of security updates.
...
We recommend leaving your computer powered on during weekdays, and shutting down over the weekends. However, you do not need to change your current habits. Your computer will check in with the SCCM and JAMF Pro tools when it is turned back on and catch up with any updates that were missed while it was turned off. You may notice a decrease in performance speed for about the first 30-60 minutes while your computer catches up.
...
Can these tools take data off my computer?
These Endpoint Management tools do not have built-in features that allow access to any data files on your computer, including email or web browsing history. They do have powerful scripting features, however, that enable additional actions on the computer. Scripting could be used, for example, to perform a special configuration for a requested application installation. The scripting feature can be used to access data on a computer by IT staff using one of these tools, but it would require explicit intent to create and run such a script. Data cannot be access by a simple click of a button.
All employees and students of Whitman College are held to the requirements of the Accepatable Use Policy, which specifies Individual Responsibilites, Conduct, and behavior that violates the policy. IT staff have no exceptions to this policy, and in fact have an even higher responsibility to maintain privacy and confidentiality because of their required access to network and computer systems.
See also "What can WCTS see on my computer? I have privacy concerns." above
Do these tools actually increase our security risk because it is a single point of vulnerablity?
The Whitman network is constantly being probed from outside for vulnerablilites, and it is important that all computers have security updates installed. Unpatched systems are a major cause of data breaches commonly reported in the news and are easily preventable. One of the primary uses of endpoint management tools is to ensure security updates are applied to Whitman-owned computers in a timely fashion. Such security updates include not only operating system updates from Microsoft and Apple, but also security updates to common software such as Java and Adobe.
Last Updated: November 1, 2017