Securing Unattended Workstations

IT Services has applied a password-protected screen saver to all Active Directory workstations. The inactivity period has been set to the maximum allowed time set by state policy of 30 minutes.

Please be sure to log out of the workstations when you leave, especially in public labs and areas where workstations are typically shared.  This may prove challenging in student computer labs; be sure to remind students to log out before they leave.  If you don’t log out, the next person who uses the computer could have access to your files and email.

IT Services may have to decrease the inactivity period before the password-protected screen saver activates if we get reports of unattended workstations.  Keeping our computing environment safe is everyone’s responsibility.

Below is an excerpt of the North Carolina Statewide Information Security Manual.   For those who would like to read it, here’s the link to the full document:

Statewide Information Security Manual (April 20 2012)

 

020103 Securing Unattended Work Stations
Purpose: To prevent unauthorized system access.
STANDARD
Workstations shall be safeguarded from unauthorized access — especially when left unattended. Each agency shall be responsible for configuring all workstations to require a password-protected screen saver after a maximum of thirty (30) minutes of inactivity. Users shall not disable the password-protected configuration specifications established by their agency. Users shall lock their workstations when leaving them unattended.

Classrooms converted to Active Directory

What does that mean?

There are only a few student computer labs on campus that are connected to Active Directory (AD) S501 and NB233 in 2012.  IT Services goal is to have all computer labs converted by Fall 2013. AD is already on all the lecture room instructor PCs and that means instructors have to log into the computers. Once the computer labs are converted, students will also have to log into the computers. 

Now on Active Directory and Windows 7 Operating System:

Testing Labs (2) A316 and NB106

NA-Bldg (13+): 107, 203, 204, 206, 207, 211, 212, 213, 303, 304, 306, 311, 312 (Learning Lab – about half the lab and 2 in LRC (9-10))   

S-Bldg (11): 306, 308, 500, 501, 502. 503, 508, 509, 513, 609, 613, 615

NB-Bldg (1):  233

Student Computer Labs – Changes Coming Soon!!!

The Active Directory conversion is on schedule and should be completed by start of Fall 2013 classes.    What changes can you expect within the student computer labs?

Q:  What operating system and software will be on the computers?

A:  All lab computers will have Windows 7, Office 2010, Internet Explorer and Google Chrome browsers.  Specific software needs for your class will also be available if compatible with Windows 7.

Q:  How will I know if my software is compatible with Windows7?

A:  Check out the Compatibility list in this blog or visit Microsoft’s Windows 7 Compatibility Center website  http://www.microsoft.com/windows/compatibility/windows-7/en-us/default.aspx

Q: Will students have to login to the computer?

A:  Yes, both students and employees will use their myCFCC account to login.  There are instructions at the login screen about the ‘passwordhelp’ account if you forget your username or password.

Q:  What if I invite a guest speaker?  How can I help them get logged into CFCC owned computers or wireless?  What if they bring their own laptop?

A:  Fill out the Room Request Form found on the intranet.   The room schedulers have the ability to reserve the room for your guest as well as provide temporary login accounts.  These accounts will grant access to the classroom computers as well as SurfCFCC wireless internet (WiFi), depending on your needs.

Q:  Will my current class’ network shared drive still be available?

A:  No.  The preferred method to share files with your class is make use of your already existing BlackBoard class.  Every Curriculum class automatically gets a BlackBoard class with your students already populated.  Using BlackBoard will allow the students to work on assignments from any computer with internet access.   For more information and assistance with BlackBoard, please visit our Instructional Technologists in the Library.

Q:   When will my lab get converted?

A:  Currently only four computer labs have been converted to Active Directory NB233, NB106, A316 and S501.  IT will convert up to 27 labs prior to the start of Spring 2013.  The rest of the labs will be converted during Summer 2013.  All labs will be converted prior to Fall 2013 Classes.

Schedule for Imaging Faculty and Staff Computers

This is a tentative schedule, and could change as we go along.  We will keep this page updated as we move along in the process.

***Be sure that your files have been saved off of your computer and your GroupWise archive directory is pointing to the s:\gw\archive folder  and they work as expected.   This should be completed no later than May 11, 20012****
May 2012
 7           Consultant comes on Campus for back-end setup
14           Maintenance (5) and Director IS (2) **Done**
15           IT Services **Done**
16           Institutional Effectiveness and Copy Center (15) **Done**
17           hire date for temp workers and Training
21           Personnel (10) **Done**
22           Shipping (5) , **Done**
23           Business Office (60) , **Done**
28           Memorial Day
29           Student Services including Q-bldg  (65)    **Done**
31           Instructional Services (14)     **Done**

June 2012
4            Begin LRC (30)     **Done**
8            DataNetworks complete (consultant no longer on campus)
11          Learning Lab (20)   **Done**
12          9-Month Faculty Begin
14          Continuing Education C, T, X, and Basic Skills (1st floor S-bldg.) (60)  **Done**
18           Begin Instruction
Deans and Departments by Buildings 6th floor S-Bldg. and on down
S, A, N, W, L, K, R, F, E, V, NA, NB, NC, ND, NY, NZ
19           PSTC bldg, and Social & Behavioral Science
20
July 2012
24           **All Faculty and Staff Workstations are Done** 
27           Begin Lecture Classroom Computers, but not the computer labs.

 

AD Implementation Summary and Schedule

Jan 23, 2012  - Start Date:   Begin Phase I  (COMPLETE)
Windows 2008 Server Infrastructure Deployment 
   -Standup the Domain Controllers with AD and DNS, including the off-site DC.
   -Verify LDAP Connectivity, AD and DNS Replication.
Feb 3, 2012  - end of Phase I
 
Feb 6, 2012 – Begin Phase II (COMPLETE)
Colleague and AD Integration 
   -Populate AD from Colleague. 
   -Verify user and group creation and configurations.
   -Redirect WebAdvisor and Blackboard to AD
Feb 17, 2012 – end of Phase II (DataNetworks end Date, CFCC will continue to integrate approximately 19 applications to AD)
 
Feb 20, 2012 – Begin Phase III  (COMPLETE)
File server installation
   -Create two File Servers per campus, one for Student and one for Employees.
   -Install DHCP campus wide
   -Create, import and test Group policies for workstations and users
March 2, 2012 – end Phase III
 
March 12, 2012 – Begin Phase IV (Spring Break)  (COMPLETE)
 Burgaw Implementation
   -Deploy all aspects of AD to Burgaw Campus 
March 23, 2012 – end Phase IV
 
May 7, 2012 – Begin Phase 4.5  (COMPLETE)
   -Implement File System Factory Server and Software for configuring and maintaining home directories within Microsoft Active Directory Environment.
 
May14, 2012 – Begin Phase VI (after Spring Classes end)
Employee Pilot Migration
   -Migrate User Data and Shares to AD as we join departmental groups of Workstations to AD.
 
June 5, 2012 – Begin Phase V (moved to end – main focus this summer is Admin Side)
North Campus and Main Campus Student Lab AD migration
-Configure Printing and join 1 Windows 7 Lab per campus. 
June 15, 2012 – DataNetworks end date, CFCC will spend all summer joining remaining employees to AD

Active Directory/Reimaging ALL School Computers/Save your files

ALL faculty and staff computers will be reimaged over the summer
ALL faculty and staff must move personal files off their PCs before summer break
ALL faculty and staff must move their school-related documents to their u-drive before summer break (the helpdesk can assist)

Software programs and printers may have to be upgraded to work with Windows7

What is AD? It’s Active Directory (AD) and Cape Fear Community College is changing over from the Novell system to AD. Novell is the platform that most of our servers, printers, and file shares reside on. Think of shared folders, networked printers, server applications like Datatel Colleague and Matrix OnBase. The initial login to your computer will be Microsoft Active Directory which will give you rights and access to all of the above.

Why are we doing this? Datatel Colleague is driving this decision. It’s the application that holds everything important to the college, student records, grades, employee records, purchasing info, basically everything we need to run the school. Datatel Colleague is going in the direction of Microsoft for its Operating System. Most of the connecting applications will require Microsoft’s Active Directory as well.

When is it coming? We are currently Using AD to authenticate some of our Web Applications. This was the reason behind the Mass Password Change on Feb 7th. Burgaw will be the first location to have workstations join the Active Directory Domain, which is scheduled for full AD conversion over Spring break. After that our plan is to convert all staff and faculty computers to AD over the summer. It’s a huge project and we’re going to need everyone’s help to be successful.

Every computer in the school will have to be touched by an IT person and ‘reimaged’. Reimaging is basically reloading the operating system. As a result, nothing of the old operating system or user files will remain. We’re upgrading to Windows 7 and Office2010. There’s no expense for the departments, our Microsoft agreement pays for the upgrades.

What do faculty and staff need to do? For our staff to complete this large project, we need to work with clean PCs. We’ll need everyone to remove their personal items, whether it’s pictures, music, videos and save to a flash drive or whatever means you chose. Take them home, put them in a drawer in your office, just be sure you save them.

IT Services staff will assist you with school-related documents. Everything must be uploaded to your u-drive which is your personal server space. No one else will see or have access to this information, but we have limited space. The entire school copying their MyDocuments folder to a server will take a lot of space and we must ask it’s only school related documents, spreadsheets, test banks, etc.. IT services will be running file checks on the servers for unauthorized files, which include pictures, movies and music. These files will be removed from the network to make room for work related files.

More information will be coming out about this project and exactly what you’ll need to do to prepare your computer. We’ll provide step-by-step instructions and assistance when needed. Over the summer the computers will be reimaged, when you return in the Fall and log in you’ll get instructions on downloading the u-drive files. Or, we can help you. Thanks for your patience during this exciting time.
Be sure any sensitive school documents stay on the school’s network.

Lions, Tigers and Active Directory

Hopefully by now you have heard that this thing called Active Directory (AD) is being implemented. However, what you really want to know is, “how is it going to affect me”?

Q: What is the single largest impact on every faculty and staff member AD will bring?

A: Each one of the 700+ faculty and staff computers will be “wiped clean” and Windows7 installed

Q: OK, but how does that affect me?

A: No files that you have created on your PC will exist afterwards unless they have been copied off beforehand.

Q: What will happen if files are not copied off of my computer?

A: They will be lost with no means of recovery.

Q: How does this differ, say, when I have received a new computer in the past?

A: In the past, IT Services has searched your computer for each one of your files, saved them, and then restored them on your new PC.

Q: Why can’t IT Services do it for me this time?

A: We need your help. Even with additional temporary staff, we need for those who are able to save their own files to do so. 700+ computers in less than 6 weeks does not allow enough time for us to complete this transition, even with additional help, before Fall semester starts.

Q: What if I’m not comfortable copying my files?

A: There will be detailed instructions on how to do this published soon

Q: What if I’m still not comfortable doing this?

A: IT Services has been allowed to take on temporary personnel to help those who are in need copy their files. Please call the HelpDesk or, better yet, go to myCFCC and click on the HelpDesk icon.

Q: Where do I copy these files?

A: That will be included in the instructions, but the short anser is on your “U:” Drive which resides on the college network (not your PC)

Q: What of 10-month employees?

A: Do it *now*.

If you need help, get the request in early enough for us to be able to help you. Even with additional personnel, IT Services will not be able to handle a flood of requests just before May graduation.

-David

Mark Your Calendars – Password Change!

On Tuesday. Feb 7 Faculty, Staff and Students will need to change the single password used to access any of the following services:

  • WebAdvisor
  • myCFCC Portal
  • BlackBoard (On-Line and Hybrid)
  • Wireless (SurfCFCC)
  • iTunes
  • PC Reservation System (LRC)
  • Informer (Query tool)
  • NelNet (Student Payment Service)
  • K-Box (OnLine HelpDesk Services)
  • People Admin (HR)

Before start of day, Feb 7, the password to the above services will be reset for everyone. To access any of them, you will need to change your password as your old password will not longer work.

Changing your password for any of these services can be done using the “What’s my Password” link provided on the login page to any of the services. Changed in one, the password is changed in all.

What will not change is the password you use for:

  • GroupWise
  • Novell (logging into the computer)
  • Colleague
  • Matrix (doc Imaging)

Students using BlackBoard in Distance Learning and Hybrid courses will be most affected by this change.

Instructors: It is not advisable to schedule assignment deadlines or testing in BlackBoard on Tuesday, Feb 7.

We will be getting the word out to students separately, but please call this to their attention.

These changes are coming about due to the implementation of Active Directory.