Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 23 Next »

Still have questions?

If you don’t see your question in this list, please contact:

Joelle Chavre - Director of Client Services, Technology Services
    chavrejc@whitman.edu, 526-4714

Linc Nesheim - Information Security Officer, Technology Services
    nesheijl@whitman.edu, 527-5852

How is this done? 

 Keeping computers automatically updated with system, security, and other updates is a hassle; fortunately, there is software that can help to ease this burden. For Windows computers, we use a product called Microsoft System Center Configuration Manager (SCCM). For Macs, we use a product from JAMF Software called JAMF Pro.

Here’s how it works: a small software application is installed on your computer. It runs in the background, and most of the time you won’t even know it’s there.* WCTS will gather software updates from places like Microsoft, Apple, and Adobe, and will then communicate with the software application on your computer to send you the updates. In this fashion, Whitman-- not software manufactures-- remains in control of which updates get installed and when.

* “Most of the time”:  For example, you may occasionally see messages informing you updates occurred  or small pop-up windows that appear when you restart your computer.  The messages  will say something like “updating” or “checking for updates or policies”.  If you do not regularly restart your computer, and a software update requires a restart, pop-up windows will notify you of a pending restart and request you save your work.  Please see more information about computer restarts below.

Why is it important?

Unpatched operating systems and “third party” software (e.g., Flash, Java, Adobe Acrobat Reader) are significantly more vulnerable to exploitation by viruses and malware than fully updated software.  Currently, we have no way of knowing if Whitman computers are fully updated and no way of installing updates on everybody’s computer without sending emails to every user with scary messages like “URGENT! YOU MUST UPDATE YOUR COMPUTER IMMEDIATELY!”  SCCM and JAMF Pro will allow us to push out system and select application updates with little or no disruption to you. To note, if a severe vulnerability is found, WCTS "may" need to patch systems or software without prior notice or outside a regular maintenance window.

Does this mean that when software updates happen, my computer will suddenly restart?

No, restarts based on software updates will not happen suddenly on your computer. We know that some software updates require restarts, and SCCM and JAMF Pro allow us to customize how to negotiate this need.

  •  Windows computers will typically apply all software updates between 10:00 pm and 5:00 am.   
    • Please save your work and leave your computer on during week days and nights to allow the updates to happen during scheduled maintenance times.  You can put your computer in 'Lock' mode before leaving.
    • If a restart cannot happen during the regularly scheduled maintenance time, then you will see a pop-up notice that a restart is needed to apply necessary updates. In Windows 10, you can choose to apply the update immediately, or schedule when the reboot will occur within this pop-up notification.
  • Apple computers receive updates as they are released typically without interruption, however those system updates that require a reboot will notify with a pop-up window and the option to defer the installation of the update(s) for 4 or 8 hours via dropdown field.  
    • If you defer, and then later want to apply the update without waiting for a second notice, feel free to go to the Apple Menu and select App Store, look for pending Updates, and manually apply the updates at your convenience.  See instructions here.

IMPORTANT:  Always save your work before clicking on the Install Now or Restart buttons in these pop-up windows

We recognize that the maintenance window we’ve set may not meet everyone’s needs. We are making every attempt to configure the systems so that they are as compatible with the workflows of both staff and faculty as possible. Please contact Joelle Chavre if you have special circumstances.

What specific software will be updated by WCTS?

As of May 2017

Windows computers

  • Windows core system updates (e.g. security updates, Edge/Internet Explorer, etc.)
  • Mozilla Firefox
  • Google Chrome
  • Adobe Acrobat Reader
  • Java
  • Microsoft Office
  • Apple iTunes
  • Microsoft Endpoint Protection (replaces McAfee for antivirus)
  • Microsoft Silverlight

Macintosh computers

(JAMF Pro will only update software already existing on your system.  If you do not have an application listed below, JAMF Pro will not add or update it.)

  • OS X core system updates (e.g. security updates, Safari, iTunes, etc.)
  • Mozilla Thunderbird
  • Mozilla Firefox
  • Adobe Air
  • Adobe Flash
  • Adobe Acrobat (Reader and Pro)
  • Adobe Shockwave
  • Google Earth
  • Google Chrome
  • Java
  • Microsoft Office suite
  • Microsoft Silverlight
  • McAfee Antivirus
  • Skype
  • VLC

We will be progressively adding more software to this list as needed.

What can WCTS see on my computer? I have privacy concerns.

WCTS cannot see specific content on your computer.  SCCM and JAMF Pro are configured to only collect data pertaining to the hardware and software installed on your computer.  For example, it will report that the computer is using an Intel processor, how much memory and storage capability it has, and that Microsoft Office 2010 version 10.2.3700 is installed.  It will not capture any web sites you have visited nor will it be used to gather information on the specific files being stored.  SCCM and JAMF Pro are intended to assist us in the support and security of computers by making sure that managed software is patched and up to date and to ensure that computers on campus are compliant with applicable laws (e.g. FERPA, HIPPA, etc.) that protect student and employee information.

WCTS takes your privacy very seriously and will use these tools in strict accordance with Whitman College’s Privacy Policy.  

To read the full policy please visit Whitman College Privacy Policy

Will WCTS be able to see all the software applications installed on my computer?

SCCM and JAMF Pro can report on what software is installed on computers.  However, we will not be using this capability without your permission (or when state or federal law legally compels us to do so, as explained in Whitman’s Privacy Policy). [updated to accurately reflect internal policy] This information will be used in aggregate for licensing information and individually for identifying unpatched software in need of security updates.

Will WCTS install new software or run apps without my consent?

No. While these tools technically have the capablity to install and uninstall software remotely, we will use SCCM and JAMF Pro to update some existing software on your Whitman-owned computer, and to collect data pertaining to hardware and software installed on your computer (described above this question).  In the future, if we use these systems for different purposes, such as providing self-service software installation, we will notify you first.

Do I need to leave my computer on?

We recommend leaving your computer powered on during weekdays, and shutting down over the weekends.  However, you do not need to change your current habits.  Your computer will check in with the SCCM and JAMF Pro tools when it is turned back on and catch up with any updates that were missed while it was turned off.  You may notice a decrease in performance speed for about the first 30-60 minutes while your computer catches up.

Does WCTS have auditing logs to show the actions or updates performed by these tools?

Yes.  All actions and changes performed by endpoint mangement administrators are recorded and reviewed by independent staff for accountability.

Is there an opt-out procedure for faculty or staff?

No.  We are working toward having the appropriate client on each Whitman-owned computer. Individuals may currently request that their computers be added to a "No-Update" group if it is determined that automatic updates may cause unexpected results to existing software or data processes.  These individuals agree to manually install updates on a regular basis to ensure the safety and compliance of their computers on the network.  WCTS will periodically scan these computers for unpatched vulnerablilities that may put the network at risk.

How does this software affect potential legal proceedings? 

Having either SCCM or JAMF Pro clients on a computer does not affect actions taken when there is a legal subpeona requesting data.  Whitman and WCTS must follow the requirements of such requests, the tool used is irrelavent.

Can these tools take data off my computer?

These Endpoint Management tools do not have built-in features that allow access to any data files on your computer, including email or web browsing history.  They do have powerful scripting features, however, that enable additional actions on the computer.  Scripting could be used, for example, to perform a special configuration for a requested application installation.  The scripting feature can be used to access data on a computer by IT staff using one of these tools, but it would require explicit intent to create and run such a script.  Data cannot be access by a simple click of a button.

All employees and students of Whitman College are held to the requirements of the Accepatable Use Policy, which specifies Individual Responsibilites, Conduct, and behavior that violates the policy.  IT staff have no exceptions to this policy, and in fact have an even higher responsibility to maintain privacy and confidentiality because of their required access to network and computer systems.

See also "What can WCTS see on my computer? I have privacy concerns." above

Do these tools actually increase our security risk because it is a single point of vulnerablity?

The Whitman network is constantly being probed from outside for vulnerablilites, and it is important that all computers have security updates installed.  Unpatched systems are a major cause of data breaches commonly reported in the news and are easily preventable.  One of the primary uses of endpoint management tools is to ensure security updates are applied to Whitman-owned computers in a timely fashion. Such security updates include not only operating system updates from Microsoft and Apple, but also security updates to common software such as Java and Adobe. (See the list of specific software updated by WCTS above.)

I understand these tool can copy data to and from my computer, edit or delete my documents, record video, audio, or monitor usage or me.  Is this accurate?

To a degree. These tools by themselves do not have built-in features to accomplish these tasks.  It is possible that through the use of these tools a different piece of software could be installed that has these capabilities, however this would require explicit intent to do so.   All actions or scripts performed on a computer are logged, including account used to access these tools.

Are there things I can do on my computer to add additional protections or notifications?

Yes.  WCTS would be happy to work with you if you are interested in discussing additional layers of encryption or ways to enhance notification for changes happening on your computer.  

Last Updated: December 18, 2017

  • No labels