James Madison University - Desktop Management
Desktop Management
Why do we need Desktop Management?
Will all computers be managed?
Domain Membership vs. Managed Computers
What are the benefits of being joined to the JMUAD Domain?
What will I notice after being joined to the domain?
To whom do I send feedback if I encounter any issues?
Using a JMU-owned computer in JMU's desktop managed environment
In general, Desktop Management is the ability to provide central management capabilities on PCs. Some examples include:
-
Administer configuration settings on JMU computers
-
Establish and enforce desktop security standards
-
Administer local user rights on the desktop to what is required to perform work functions
-
Capture hardware and software inventories
-
Perform enhanced support via remote assistance tools
-
Provide enhanced patch management capabilities to the desktop
-
Provide enhanced security capabilities to the desktop
Why do we need Desktop Management?
In today's technology environment, it is imperative JMU make significant progress with Desktop Management to ensure our environment is as safe and secure as possible, and to provide our staff with the tools to enhance proactive monitoring and deliver superior customer service.
Will all computers be managed?
It is the goal of Information Technology to include all JMU-owned computers in desktop management. Currently, management services are available only for Windows XP and Vista computers.
Domain Membership vs. Managed Computers
Joining the Domain:
Joining the domain is the first step in having fully managed computers. When a computer joins the domain it is essentially agreeing that it is part of a bigger whole. It no longer considers itself as a stand-alone machine but recognizes that it is on a connected network where the individual machine is no longer "the boss." The machine will now recognize that there are other servers (domain controllers) that are in charge and the computer agrees to take marching orders from those servers. The important thing to remember about domain membership is that the act of joining the domain does not make a computer managed; it simply provides us with the ability to manage the computer as the computer has agreed to take orders from a central source.
Managed Computers:
Managed computers are computers that receive policy and configuration settings from one or more centralized sources. In context of the Desktop Management project at JMU, once we apply GPOs (group policies) or install an SMS (system management server) client, the machine then becomes managed.
Managing a computer removes some of the responsibility for patches, upgrades, anti-virus and software installation/control from the computer users and places that responsibility in the hands of system administrators.
What are the benefits of being joined to the JMUAD Domain?
One of the goals of joining computers to the JMUAD domain is to be able to provide better support to the end-user. Some of the ways in which this will be accomplished are through remote-assistance capabilities, centralized configuration, software installation and updates, and better desktop security.
-
Remote Assistance
Remote assistance is the ability to view a user's desktop session, only with their explicit permission, from another computer. What this means for the end-user is that they no longer have to wait for a technician to visit their computer if the problem can be solved remotely. This also gives the user the ability to "show" the HelpDesk an issue instead of trying to explain it over the phone.
-
Centralized Configuration
There are many configuration settings that are recommended by the university to ensure a more secure desktop environment (these settings can be found on JMU's Computing Security web site). There are other configurations required to make sure the computers function efficiently in the JMU computing environment. Instead of forcing the user to ensure that all settings are properly configured, computers can "check-in" with a server to see what settings have been set by the desktop administrators and apply them accordingly. The computers will also periodically check-in to see if there are any settings that have changed that it may need to apply. In this way, the user does not have to worry about whether their computer is set up according to the university's guidelines for safe, efficient computing.
-
Software Installation and Updates
Many software applications will be available for installation from a central repository, much like "JMU Apps" today. The software in this repository will be the latest recommended versions of the software for JMU's environment. Users will not need to be Administrators on their computer to install this software, and in many cases the install will already be tailored for JMU's environment. Through software inventory, it will also be possible for IT to target software updates only to computers that have an older version of the software in question, whether or not the user installed the application manually or from the software repository.
What will I notice after being joined to the domain?
-
Your computer may take longer to boot. This is because your computer has to process additional tasks during startup. These tasks include checking for automatic or requested security and software updates, real-time response to computer security threats or general malfunctions, automatic configuration of security settings, and many other service possibilities.
-
The login interface has changed; you must press ctrl-alt-delete to access the login prompt.
-
The screensaver will activate after your computer has been idle for 30 minutes. You will need to supply your password to exit the screensaver.
-
Certain options in Internet Explorer cannot be changed. These settings are to comply with RUNSAFE recommendations and best practices and help reduce risk to your computer and information presented by malicious web sites. The most noticeable may be that you will no longer be able to save usernames and passwords in Internet Explorer using the AutoComplete feature.
-
Others can login to your computer and you theirs. This may seem unnerving at first, but there are security controls protecting access to your data and network drives even if someone else logs into your computer. Your e-ID login account is now a "domain account" rather than a "computer account." When you login to a managed computer, you will be logging in both to the domain and the computer you are using. Each person who logs in has their own data area (for example, My Documents) and network drives that can only be seen by them.
-
Occasionally, you will be offered software that you can install on your computer. These packages are generally optional. Security updates will first be offered and eventually automatically installed. Windows security updates will be automatically installed as they are now on most campus computers. The message you will see when new software becomes available will look like this:
IMPORTANT NOTE ABOUT PASSWORD CHANGES:
Once you have joined the Active Directory (migrated), you need to take extra care when changing your e-ID password via the Accounts Portal. The Accounts Portal automatically pushes the new password to Active Directory. It is imperative you reboot or logoff/logon immediately following a password change to avoid getting locked out of your computer.
To whom do I send feedback if I encounter any issues?
Any new deployment has its challenges; so far this pilot has gone quite smoothly. However, if you do encounter any issues and/or you want to send us feedback, please email: mailto:desktop-pilot@jmu.edu?subject=Desktop%20Management%20Feedback.
Using a JMU-owned computer in a JMU's desktop managed environment
-
Using Temporary Administrator Privileges
-
Changing your e-ID and Active Directory Passwords in the JMUAD Domain Environment
-
Solutions for Common Computer Problems Related to Desktop Management
Publisher:
Information Technology
For Information Contact:
Desktop Management Team
James Madison University
(540) 568-3555
Last Modified: 11/13/2009
Privacy Statement