Securing Unattended Workstations

IT Services has applied a password-protected screen saver to all Active Directory workstations. The inactivity period has been set to the maximum allowed time set by state policy of 30 minutes.

Please be sure to log out of the workstations when you leave, especially in public labs and areas where workstations are typically shared.  This may prove challenging in student computer labs; be sure to remind students to log out before they leave.  If you don’t log out, the next person who uses the computer could have access to your files and email.

IT Services may have to decrease the inactivity period before the password-protected screen saver activates if we get reports of unattended workstations.  Keeping our computing environment safe is everyone’s responsibility.

Below is an excerpt of the North Carolina Statewide Information Security Manual.   For those who would like to read it, here’s the link to the full document:

Statewide Information Security Manual (April 20 2012)

 

020103 Securing Unattended Work Stations
Purpose: To prevent unauthorized system access.
STANDARD
Workstations shall be safeguarded from unauthorized access — especially when left unattended. Each agency shall be responsible for configuring all workstations to require a password-protected screen saver after a maximum of thirty (30) minutes of inactivity. Users shall not disable the password-protected configuration specifications established by their agency. Users shall lock their workstations when leaving them unattended.

Student Computer Labs – Changes Coming Soon!!!

The Active Directory conversion is on schedule and should be completed by start of Fall 2013 classes.    What changes can you expect within the student computer labs?

Q:  What operating system and software will be on the computers?

A:  All lab computers will have Windows 7, Office 2010, Internet Explorer and Google Chrome browsers.  Specific software needs for your class will also be available if compatible with Windows 7.

Q:  How will I know if my software is compatible with Windows7?

A:  Check out the Compatibility list in this blog or visit Microsoft’s Windows 7 Compatibility Center website  http://www.microsoft.com/windows/compatibility/windows-7/en-us/default.aspx

Q: Will students have to login to the computer?

A:  Yes, both students and employees will use their myCFCC account to login.  There are instructions at the login screen about the ‘passwordhelp’ account if you forget your username or password.

Q:  What if I invite a guest speaker?  How can I help them get logged into CFCC owned computers or wireless?  What if they bring their own laptop?

A:  Fill out the Room Request Form found on the intranet.   The room schedulers have the ability to reserve the room for your guest as well as provide temporary login accounts.  These accounts will grant access to the classroom computers as well as SurfCFCC wireless internet (WiFi), depending on your needs.

Q:  Will my current class’ network shared drive still be available?

A:  No.  The preferred method to share files with your class is make use of your already existing BlackBoard class.  Every Curriculum class automatically gets a BlackBoard class with your students already populated.  Using BlackBoard will allow the students to work on assignments from any computer with internet access.   For more information and assistance with BlackBoard, please visit our Instructional Technologists in the Library.

Q:   When will my lab get converted?

A:  Currently only four computer labs have been converted to Active Directory NB233, NB106, A316 and S501.  IT will convert up to 27 labs prior to the start of Spring 2013.  The rest of the labs will be converted during Summer 2013.  All labs will be converted prior to Fall 2013 Classes.

Schedule for Imaging Faculty and Staff Computers

This is a tentative schedule, and could change as we go along.  We will keep this page updated as we move along in the process.

***Be sure that your files have been saved off of your computer and your GroupWise archive directory is pointing to the s:\gw\archive folder  and they work as expected.   This should be completed no later than May 11, 20012****
May 2012
 7           Consultant comes on Campus for back-end setup
14           Maintenance (5) and Director IS (2) **Done**
15           IT Services **Done**
16           Institutional Effectiveness and Copy Center (15) **Done**
17           hire date for temp workers and Training
21           Personnel (10) **Done**
22           Shipping (5) , **Done**
23           Business Office (60) , **Done**
28           Memorial Day
29           Student Services including Q-bldg  (65)    **Done**
31           Instructional Services (14)     **Done**

June 2012
4            Begin LRC (30)     **Done**
8            DataNetworks complete (consultant no longer on campus)
11          Learning Lab (20)   **Done**
12          9-Month Faculty Begin
14          Continuing Education C, T, X, and Basic Skills (1st floor S-bldg.) (60)  **Done**
18           Begin Instruction
Deans and Departments by Buildings 6th floor S-Bldg. and on down
S, A, N, W, L, K, R, F, E, V, NA, NB, NC, ND, NY, NZ
19           PSTC bldg, and Social & Behavioral Science
20
July 2012
24           **All Faculty and Staff Workstations are Done** 
27           Begin Lecture Classroom Computers, but not the computer labs.

 

AD Implementation Summary and Schedule

Jan 23, 2012  - Start Date:   Begin Phase I  (COMPLETE)
Windows 2008 Server Infrastructure Deployment 
   -Standup the Domain Controllers with AD and DNS, including the off-site DC.
   -Verify LDAP Connectivity, AD and DNS Replication.
Feb 3, 2012  - end of Phase I
 
Feb 6, 2012 – Begin Phase II (COMPLETE)
Colleague and AD Integration 
   -Populate AD from Colleague. 
   -Verify user and group creation and configurations.
   -Redirect WebAdvisor and Blackboard to AD
Feb 17, 2012 – end of Phase II (DataNetworks end Date, CFCC will continue to integrate approximately 19 applications to AD)
 
Feb 20, 2012 – Begin Phase III  (COMPLETE)
File server installation
   -Create two File Servers per campus, one for Student and one for Employees.
   -Install DHCP campus wide
   -Create, import and test Group policies for workstations and users
March 2, 2012 – end Phase III
 
March 12, 2012 – Begin Phase IV (Spring Break)  (COMPLETE)
 Burgaw Implementation
   -Deploy all aspects of AD to Burgaw Campus 
March 23, 2012 – end Phase IV
 
May 7, 2012 – Begin Phase 4.5  (COMPLETE)
   -Implement File System Factory Server and Software for configuring and maintaining home directories within Microsoft Active Directory Environment.
 
May14, 2012 – Begin Phase VI (after Spring Classes end)
Employee Pilot Migration
   -Migrate User Data and Shares to AD as we join departmental groups of Workstations to AD.
 
June 5, 2012 – Begin Phase V (moved to end – main focus this summer is Admin Side)
North Campus and Main Campus Student Lab AD migration
-Configure Printing and join 1 Windows 7 Lab per campus. 
June 15, 2012 – DataNetworks end date, CFCC will spend all summer joining remaining employees to AD

Active Directory/Reimaging ALL School Computers/Save your files

ALL faculty and staff computers will be reimaged over the summer
ALL faculty and staff must move personal files off their PCs before summer break
ALL faculty and staff must move their school-related documents to their u-drive before summer break (the helpdesk can assist)

Software programs and printers may have to be upgraded to work with Windows7

What is AD? It’s Active Directory (AD) and Cape Fear Community College is changing over from the Novell system to AD. Novell is the platform that most of our servers, printers, and file shares reside on. Think of shared folders, networked printers, server applications like Datatel Colleague and Matrix OnBase. The initial login to your computer will be Microsoft Active Directory which will give you rights and access to all of the above.

Why are we doing this? Datatel Colleague is driving this decision. It’s the application that holds everything important to the college, student records, grades, employee records, purchasing info, basically everything we need to run the school. Datatel Colleague is going in the direction of Microsoft for its Operating System. Most of the connecting applications will require Microsoft’s Active Directory as well.

When is it coming? We are currently Using AD to authenticate some of our Web Applications. This was the reason behind the Mass Password Change on Feb 7th. Burgaw will be the first location to have workstations join the Active Directory Domain, which is scheduled for full AD conversion over Spring break. After that our plan is to convert all staff and faculty computers to AD over the summer. It’s a huge project and we’re going to need everyone’s help to be successful.

Every computer in the school will have to be touched by an IT person and ‘reimaged’. Reimaging is basically reloading the operating system. As a result, nothing of the old operating system or user files will remain. We’re upgrading to Windows 7 and Office2010. There’s no expense for the departments, our Microsoft agreement pays for the upgrades.

What do faculty and staff need to do? For our staff to complete this large project, we need to work with clean PCs. We’ll need everyone to remove their personal items, whether it’s pictures, music, videos and save to a flash drive or whatever means you chose. Take them home, put them in a drawer in your office, just be sure you save them.

IT Services staff will assist you with school-related documents. Everything must be uploaded to your u-drive which is your personal server space. No one else will see or have access to this information, but we have limited space. The entire school copying their MyDocuments folder to a server will take a lot of space and we must ask it’s only school related documents, spreadsheets, test banks, etc.. IT services will be running file checks on the servers for unauthorized files, which include pictures, movies and music. These files will be removed from the network to make room for work related files.

More information will be coming out about this project and exactly what you’ll need to do to prepare your computer. We’ll provide step-by-step instructions and assistance when needed. Over the summer the computers will be reimaged, when you return in the Fall and log in you’ll get instructions on downloading the u-drive files. Or, we can help you. Thanks for your patience during this exciting time.
Be sure any sensitive school documents stay on the school’s network.