JMU - IT Managed Software
DESKTOP MANAGEMENT
IT MANAGED SOFTWARE
IT is rolling out management services for end user devices to enhance security, stability, service delivery, and support. Currently, these services are only available for JMU owned Windows desktops and laptops. Services for other platforms are being explored. The most likely services to be deployed next include (no definite dates!):
- Macintosh desktop/laptop management
- Cross-platform full disk encryption (windows, macintosh, USB; possibly linux and cell phone)
Services provided to managed desktops/laptops:
- Automatic installation of security updates for the most common products
- Remote assistance
- Accelerated software deployment and configuration assistance capabilities
- Accelerated deployment of emergency security workarounds in the face of imminent threats or ongoing attacks
- Utilities and services making operation of the computer using a safer 'user account' easier and more effective
- Automated remote problem resolution
- Monitored anti-virus operation
- Sensitive data inventory
- Hardware/Software inventory
- Standard operating experience across the installed base
- Ability to share computers using standard JMU eid accounts
Note: A software product may be managed by IT desktop management services but not be supported by the JMU Computing HelpDesk. That is, you may get updates for a product but be unable to call the HelpDesk for assistance on using the product. However, if there is a problem getting or installing an update for software listed in the tables below, the HelpDesk should certainly be called.
Your Responsibilities
While IT can manage some of the most common areas that cause problems and frustration with computers, many areas cannot be centrally managed without significant loss of personal control. A compromise is necessary. That compromise means some aspects of computer operation and maintenance remain the responsibility of the operator (or local support resources). Among the most common:
- Maintenance of any third party software installed by the operator that is not shown on the lists below
- Backup of data (though centralized, automated backup services are under consideration for future deployment)
- Physical security of the computer
- Conservative and professional operation of JMU owned computers
- Avoiding the installation of unnecessary software on JMU owned computers
- Sensitive data protection
- Storage of sensitive data only to the extent that it is necessary and authorized
- Use network storage instead of computer storage for sensitive data unless local storage is necessary and authorized
- If highly confidential data is stored locally or on portable storage devices, encryption is mandatory. It is your responsibility to contact JMU IT so encryption software can be properly installed.
The tables below show software that IT keeps up to date with security patches for managed computers. As resources and licenses permit, more software in common use at JMU will be added to the managed list. Software that you install that is not on the list will still be your (or your local support staffs') responsibility to maintain. Examples of common software not currently managed by IT includes:
- iTunes
- RealPlayer
- Instant message clients
- Browser extensions (e.g. toolbars, search tools, download helpers, media players except those shown below, ActiveX controls)
Advice for Windows Laptop and Mobile Users
Because the management services currently depend upon the managed computer being connected to the JMU campus network and logged into the JMU domain, a laptop that never connects to the campus network cannot currently be managed. There are three options to address this situation listed in order of effectiveness:
- Once a month, bring the laptop to campus, plug it into the campus network via a wired network jack, power it on, login, and leave the computer connected for the entire day. At the end of the day, shut the computer down installing any updates that are offered.
- Use the manual procedures described in the Windows Verification and Audit section described below to manually apply updates. While this won't guarantee all managed services are delivered, it will apply the most important updates. Also note that the products listed in the managed software table below are linked to the vendor web sites where the latest updates can be obtained independantly of JMU IT managed services.
- If you regularly use the remote VPN to login to the campus network from off campus and stay connected for at least an hour each time, you may get most updates. However, there are a lot of variables that can affect the delivery of services over this connection (e.g. speed, length of connection, type of update, order of operations). Remote VPN sessions cannot be trusted to deliver reliable and thorough management services at this time. It must be backed up by manual Windows Verification and Audit as described below.
WINDOWS SOFTWARE
IT currently offers management services for the following Microsoft operating systems:
- Windows XP
- Windows Vista
- Windows 7
Partial support, in the form of Microsoft only updates are offered for the following Microsoft operating systems. These updates are deployed through the campus WSUS server which offers the same updates that can be obtained from Microsoft's Microsoft Update web site.
- Windows 2003
- Windows 2008
It is recommended that production servers NOT be managed by IT desktop management processes including WSUS. Also note that WSUS currently deployes service packs and updates for SQL Server, MSDE databases, Visual Studio, and other development type environments. Operators of desktops running those products with critical applications, storing large quantities of data, and/or having a lack of a reliable and tested backup mechanism should contact the desktop management group about being exempted from managed updates. That, of course, will put the burden of those updates on the operator/administrator/developer.
Software |
Current Version |
Distribution Method |
Notes |
| Adobe Acrobat | 8.3.1/9.5.0 | SCCM | User must purchase license for version updates. Versions prior to 8 MUST BE UPDATED for continued protection. |
| Adobe Flash Player | 11.1.102.55 | SCCM | 9.0.246.0 available from Adobe but not supported on campus. Version 10 recommended. |
| Adobe Reader | 9.5.0/10.1.2 | SCCM | Application supports 'check for updates' feature. Versions prior to 9 should be removed. |
| Adobe Shockwave Player | 11.6.3.633 | SCCM | none |
| Apple QuickTime | 7.7.1 | SCCM | Application supports 'check for updates' feature. iTunes must be maintained manually by operator at this time but can be updated through QuickTime 'check for updates' feature. |
| Microsoft Security Updates | December 2011 | WSUS/Microsoft/SCCM | none |
| Microsoft Windows XP | Service Pack 3 | WSUS/Microsoft/SCCM | Service Pack 3 deployed to all IT and AF computers. |
| Microsoft Windows Vista | Service Pack 2 | WSUS/Microsoft/SCCM | Service packs 2 deployed to IT computers. |
| Microsoft Windows 7 | No service packs | WSUS/Microsoft | none |
|
Microsoft Windows 2003 |
No service packs | WSUS/Microsoft | none |
| Microsoft Windows 2008 | No service packs | WSUS/Microsoft | none |
| Microsoft Office 2003 | Service Pack 3 | SCCM/WSUS/Microsoft | none |
| Microsoft Office 2007 | Service Pack 2 | SCCM/WSUS/Microsoft | none |
| Microsoft Internet Explorer | 8 | WSUS/Microsoft | none |
| Microsoft SQL Server 2008 | na | WSUS/Microsoft | none |
| Microsoft SQL Server 2005 and internal database (i.e. MSDE, SQL Server Express Edition) | na | WSUS/Microsoft | none |
| Microsoft .NET 3.5 | Service Pack 1 | WSUS/Microsoft | none |
| Microsoft Windows Defender Definitions | August 2011 | WSUS/Microsoft | none |
| Mozilla Firefox | 3.6.25 | SCCM |
Version 2.x should be removed. Settings are not managed. |
| Mozilla Thunderbird | Planned for future support |
SCCM | Application supports 'check for updates' feature. |
| Sun Java JRE | 1.6.29 | SCCM | Application supports 'check for updates' feature. |
| Symantec Enpoint Protection |
11.0.7 |
SCCM/Symantec Management Server | Application supports 'check for updates' feature. |
Windows Notes
WSUS
A JMU server running Microsoft's Windows Server Update Services that mimics the update capability of Microsoft's Microsoft Update web site but with local control of what updates are offered, when, and to whom plus reporting capabilities.
Your managed computer will check for updates with our WSUS server once every 22 hours. If applicable updates are found, your computer will download them in the background and notify you when they're ready for installation. At that point, you can install them any time but the recommended way is to wait till you shut down your computer at the end of the day and choose "install updates and shutdown". That way you're not waiting around for the entire installation process.
SCCM
A JMU server running Microsoft's System Center Configuration Manager 2007 that can deploy both Microsoft and non-microsoft software, updates, and configuration changes.
Your computer will check for updates with our SCCM server when it is powered on. If updates are available, they will normally install silently in the background.
Windows Verification and Audit
Although IT performs some internal audits and quality control checking of our processes, the diverse nature of our computing devices, the way they are used and connected, and vendor product issues almost guarantee some service delivery failures. If you wish, you can verify the integrity of your managed Windows computer using some of the same methods available to operators of unmanaged devices. Be aware that the availability of some software updates through the IT managed services lag their availability to the general public for 10-45 days depending upon risk. This is to allow us to perform stability testing, create custom packaging, communicate changes, and roll out the changes in an orderly manner. So you may see some updates being offered on public sites that have not yet been offered to your managed device. This is not a failure. Verification methods include:
- Microsoft's Microsoft Update web site
- Secunia web based Online Software Inspector (The client installation that performs a more thorough check cannot legally be installed on JMU owned computers. License terms restrict its used to personally owned, home computers.)
- Manual vendor web site lookups (common sites are listed on the JMU RUNSAFE web site. See the Securityfocus vulnerabilities web site for a more comprehensive list. Also, the links from the list of managed software lead to the vendor web sites where the updates can be obtained.)
MACINTOSH SOFTWARE
IT managed services for macintosh are not yet available nor will they be for at least a year. Use Apple's software update mechanism to keep Apple software up to date as described in StartSafe. Non-Apple packages will have to be maintained manually.
LINUX SOFTWARE
IT managed services for linux are not yet available nor are they planned though they are on our list of services under consideration. Use your linux distributor's update mechanisms (e.g. RedHat Network) to keep that distributor's software up to date. Software installed outside the distributors' methods (e.g. source code) will have to be maintained manually. Note that fixes are often available via source code from package authors before they are available from distributors.
CELLPHONES AND OTHER MOBILE DEVICES (E.G. PDAS)
IT managed services for these devices are not yet available nor are they planned though they are on our list of services under consideration. Use your vendors' update mechanism to keep the devices up to date. Third party applications will likely need to be manually maintained.
Publisher:
Information Technology
For Information Contact:
Desktop Management Team
James Madison University
(540) 568-3555
Last Modified: 1/31/2012
Privacy Statement