Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Still have questions?

If you don’t see your question in this list, please contact:

Joelle Chavre - Director of Client Services, Technology Services
    chavrejc@whitman.edu, 526-4714

Linc Nesheim - Information Security Officer, Technology Services
    nesheijl@whitman.edu, 527-5852

How is this done? 

...

Unpatched operating systems and “third party” software (e.g., Flash, Java, Adobe Acrobat Reader) are significantly more vulnerable to exploitation by viruses and malware than fully updated software.  Currently, we have no way of knowing if Whitman computers are fully updated and no way of installing updates on everybody’s computer without sending emails to every user with scary messages like “URGENT! YOU MUST UPDATE YOUR COMPUTER IMMEDIATELY!”     SCCM and JAMF Pro will allow us to push out system and select application updates with little or no disruption to you. To note, if a severe vulnerability is found, WCTS "may" need to patch systems or software without prior notice or outside a regular maintenance window.

Does this mean that when software updates happen, my computer will suddenly restart? 

No, restarts based on software updates will not happen suddenly on your computer. We know that some software updates require restarts, and SCCM and JAMF Pro allow us to customize how to negotiate this need.

  •  Windows computers will typically apply all software updates between 10:00 pm and 5:00 am.   
    • Please save your work and leave your computer on during week days and nights to allow the updates to happen during scheduled maintenance times.  You can put your computer in 'Lock' mode before leaving.
    • If a restart cannot happen during the regularly scheduled maintenance time, then you will see a pop-up notice that a restart is needed to apply necessary updates. In Windows 10, you can choose to apply the update immediately, or schedule when the reboot will occur within this pop-up notification.
  • Apple computers receive updates as they are released typically without interruption, however those system updates that require a reboot will notify with a pop-up window and the option to defer the installation of the update(s) for 4 12 or 8 24 hours via dropdown field.  
    • If you defer, and then later want to apply the update without waiting for a second notice, feel free to go to the Apple Menu and select Check App Store, look for pending Updates, and manually apply the updates at your convenience.  See instructions here.

IMPORTANT:  Always save your work before clicking on the Install Now or Restart buttons in these pop-up windows

...

What specific software will be updated by WCTS? 

As of May 20172019

(Note: updates only apply to software already existing on your system.  If you do not have an application listed below, they will not be added without request.)

Windows computers

  • Windows core system updates (e.g. security updates, Edge/Internet Explorer, etc.)
  • Mozilla Firefox
  • Google Chrome
  • Adobe Acrobat Reader
  • Java
  • Microsoft Office
  • Apple iTunes
  • Microsoft Endpoint Protection (replaces McAfee for antivirus)
  • Microsoft Silverlight

Macintosh computers

...

  • Keepass v2x
  • VLC
  • Notepad ++
  • Silverlight

  • 7 Zip

  • Google File Stream
  • Putty

Macintosh computers

  • OS X core system updates (e.g. security updates, Safari, iTunes, etc.)
  • Mozilla ThunderbirdMozilla FirefoxAdobe Air
  • Adobe Flash
  • Adobe Acrobat ( Reader and Pro)
  • Adobe Shockwave
  • Google Earth
  • Google ChromeJava
  • Microsoft Office suite
  • Microsoft Silverlight
  • McAfee Antivirus
  • Skype
  • VLC

We will be progressively adding more software to this list as needed.

What can WCTS see on my computer? I have privacy concerns.

WCTS cannot see specific content on your computer.  SCCM and JAMF Pro Jamf are configured to only collect data pertaining to the hardware and software installed on your computer.  For example, it will report that the computer is using an Intel processor, how much memory and storage capability it has, and that Microsoft Office 2010 version 10.2.3700 is installed.  It will not capture any web sites you have visited nor will it be used to gather information on the specific files being storedutilized to manage the configuration of your computer and provide basic software and hardware inventory.  This configuration management is not content-aware beyond how certain hardware and software can impact the security of the device.  SCCM and JAMF Pro are intended to assist us in the support and security of computers by making sure that managed software is patched and up to date and to ensure that computers on campus are compliant with applicable laws (e.g. FERPA, HIPPA, etc.) that protect student and employee information.

WCTS takes your privacy very seriously and will use these tools in strict accordance with Whitman College’s Privacy Policy.  

To read the full policy please visit Whitman College Privacy Policy

...

SCCM and JAMF Pro can report on what software is installed on computers.  However, we will not be using this capability without your permission (or when state or federal law legally compels us to do so, as explained in Whitman’s Privacy Policy).  [updated to accurately reflect internal policy] This information will be used in aggregate for licensing information and individually for identifying unpatched software in need of security updates.

...

No. While these tools technically have the capablity capability to install and uninstall software remotely, we will use SCCM and JAMF Pro to update some existing software on your Whitman-owned computer, and to collect data pertaining to hardware and software installed on your computer (described above this question).  In the future, if we use these systems for different purposes, such as providing self-service software installation, we will notify you firstSoftware can be deployed directly to your computer upon your request, and in some cases software may be available for self install through Software Center on PCs, or Self Service on Macintosh computers.

Do I need to leave my computer on?

We Yes, we recommend leaving your computer powered on during weekdays, and shutting down over the weekends.  However, you do not need to change your current habits.  Your computer will check in with the SCCM and JAMF Pro tools when it is turned back on and catch up with any updates that were missed while it was turned off.  You may notice a decrease in performance speed for about the first 30-60 minutes while your computer catches up.  It is also important to restart your computer as soon as possible when prompted for applying updates.

Does WCTS have auditing logs to show the actions or updates performed by these tools?

Yes.  All actions and changes performed by endpoint mangement management administrators are recorded and reviewed by independent staff for accountability.

Is there an opt-out procedure for faculty or staff?

No.  We are working toward having the appropriate client on each Whitman-owned computer. Individuals may currently request that their computers be added to a "No-Update" group if it is determined that automatic updates may cause unexpected results to existing software or data processes.  These individuals agree to manually install updates on a regular basis to ensure the safety and compliance of their computers on the network.  WCTS will periodically scan these computers for unpatched vulnerablilities vulnerabilities that may put the network at risk.

...

Having either SCCM or JAMF Pro clients on a computer does not affect actions taken when there is a legal subpeona subpoena requesting data.  Whitman and WCTS must follow the requirements of such requests, the tool used is irrelaventirrelevant.

Can these tools take data off my computer?

These Endpoint Management tools do not have built-in features that allow access to any data files on your computer, including email or web browsing history.  They do have powerful scripting features, however, that enable additional actions on the computer.  Scripting could be used, for example, to perform a special configuration for a requested application installation.  The scripting feature can be used to access data on a computer by IT staff using one of these tools, but it would require explicit intent to create and run such a script.  Data cannot be access by a simple click of a button.  

All employees and students of Whitman College are held to the requirements of the Accepatable Acceptable Use Policy, which specifies Individual Responsibilitesindividual responsibilities, Conductconduct, and behavior that violates the policy.  IT staff have no exceptions to this policy, and in fact have an even higher responsibility to maintain privacy and confidentiality because of their required access to network and computer systems.

See also "What can WCTS see on my computer? I have privacy concerns." above

Do these tools actually increase our security risk because it is a single point of

...

vulnerability?

The Whitman network is constantly being probed from outside for vulnerablilitesvulnerabilities, and it is important that all computers have security updates installed.  Unpatched systems are a major cause of data breaches commonly reported in the news and are easily preventable.  One of the primary uses of endpoint management tools is to ensure security updates are applied to Whitman-owned computers in a timely fashion. Such security updates include not only operating system updates from Microsoft and Apple, but also security updates to common software such as Java and Adobe. (See the list of specific software updated by WCTS above.)Last Updated: November 9, 2017 

I understand these tools can copy data to and from my computer, edit or delete my documents, record video, audio, or monitor usage or me.  Is this accurate?

No. These tools by themselves do not have built-in features to accomplish these tasks.  It is possible that through the use of these tools a different piece of software could be installed that has these capabilities, however this would require explicit intent to do so.   All actions or scripts performed on a computer are logged, including account used to access these tools.

Are there things I can do on my computer to add additional protections or notifications?

Yes.  WCTS would be happy to work with you if you are interested in discussing additional layers of encryption or ways to enhance notification for changes happening on your computer.  

Last Updated: May 22, 2019