This document outlines what to expect when a Microsoft
Windows or Macintosh workstation is managed by the DTC / MSI. Once a DTC
Windows username has been established, the user will have login access to
any Windows machine managed by the DTC / MSI.
Network and Permissions:
All managed Windows / Mac machines are placed
in the ACL controlled .188 network (0/24) where all inbound traffic
is blocked except the following ports:
- 3389 — Microsoft Terminal Services (administrative)
- 22 — SSH (Dual Boot Machines & Macintosh)
- 3283 — Apple Remote Desktop (administrative)
All managed Windows / Mac machines will have
the local administrators group restricted to only DTC / MSI Systems
Administrators. By default users of managed Windows / Mac machines
will be granted default user permissions. If software applications
require a higher level of permission, then the user will be elevated
to the Power Users group. The Power Users group is the highest level
of permission that will be granted to non-DTC / MSI Systems Administrators.
Managed Windows machines will be connecting to
an Active Directory Domain for all user and group level authentication.
Group Policy is used to enforce a standard security policy for all Windows
workstations and servers. Group Policy is also used to ensure that all
managed machines have the same base set of software applications installed.
Base Software Sets for Windows/Macintosh workstations:
| Windows Workstation Software |
Macintosh Workstation Software |
| Microsoft Windows XP |
MacOS X 10.3 |
| Microsoft Office 2003 Pro |
Microsoft Office v.X |
| Internet Explorer |
Internet Explorer |
| Mozilla |
Mozilla |
| Symantec Antivirus 9 |
Symantec Antivirus 9 |
| Flash, Java and RealAudio plug-ins |
Flash, Java and RealAudio plug-ins |
| WinZip 9 |
Aladdin Stuff-it Standard |
| Putty |
Terminal |
| Adobe Acrobat Reader 6.0 |
Adobe Acrobat Reader 6.0 |
| WinSCP 3 |
Fugu |
| Citrix ICA client |
Citrix ICA client |
| Quicktime 6 |
Quicktime 6 |
| Windows Media Player |
Windows Media Player |
| Xwin32 |
X11 |
| Active State Perl 5.8 |
Perl |
Departmental or individual software that
is licensed, may also be loaded. Computer Science machines, for
example, may have Microsoft Visual Studio.net and Matlab installed.
If your department has software you wish to be installed, please
send the request to
help@msi.umn.edu.
DTC / MSI will install any licensed software that
is purchased by the user or department as long as the installation media
and appropriate licenses are made available.
Virus Protection:
A central virus server controls the
installation of virus definitions on all managed Windows
workstations. Symantec Antivirus Corporate Edition v 8.1 is
running using NAV Intelligent Updater service every 4 hours to
ensure that the most up-to-date virus definition files are installed
on all managed Windows workstations. Workstations are configured to
run a full manual scan every Sunday night at 12:00am. Real time virus
scanning of the file system is running at all times and cannot be turned
off.
Software Patch Management:
Patch Management is all controlled via Windows
Update and Group Policy. Each machine is scheduled to check for updates
at 3:00am each night, and if any critical updates exist, then the patch
is installed and the machine is rebooted automatically. Non-critical
patches are applied via Group Policy and SMS (Systems Management Server).
Personal Disk Space:
Each user with a Windows / Mac account will
have a disk quota of 500 MB for personal storage on the Windows file
servers. This data is backed up each night and is accessible from any
Windows / Mac managed machine. Your personal disk space (or U drive)
shows up as a Network Drive in My Computer with the label: username
on ‘dsrv1.dtc.umn.edu\users’ (U:). Quota warnings are sent
when the user reaches 450 MB. Quota limits can be increased per user
request and DTC / MSI approval.
Roaming Profiles:
Roaming profiles have been enabled on all
Windows user accounts. Roaming profiles synchronizes all user data
stored in c:\Documents and Settings\Username with the Windows File
Server each time the user logs on and off a managed machine. This
helps to maintain a unified desktop environment no matter which Windows
machine the user logs into. Roaming profiles have the same quota limits
of 500 MB. Quota limits can be increased per user request and DTC / MSI
approval.
Wireless Network Access:
There are both UMN wireless access points and
DTC/MSI wireless access points here in Walter. If you have a laptop
we will configure it to take advantage of these resources.
Printer Configuration:
For both MSI and DTC users there are public
printers available and dtc / msi support will work with you to
configure the appropriate printer drivers.
Data Back-up Services:
Please note which directories you would
like to back-up. You are responsible for your data, we are only
providing a temporary location to store these directories while
re-imaging your workstation.
Please take some time to read over the
Digital Technology Center’s Ethical Guidelines:
http://www.dtc.umn.edu/about/ethicalguidelines.shtml
Email Configuration:
For email programs, detailed program setup
instructions for both Windows and Macintosh workstations please go
to the UMN ADCS site:
http://www1.umn.edu/adcs/help/email/clients.html.
Request for DTC/MSI workstation management
If you would like DTC/MSI to manage your workstation,
please complete the workstation survey.
Support:
If you have any trouble with any of the systems
managed by the DTC / MSI, please visit this page to fill out a support
request: http://www.msi.umn.edu/consult.html, send an email to
help@dtc.umn.edu
or
help@msi.umn.edu
or call 612-626-0802.
