DeSC Security

1.  Policy Statement

The Desktop Systems Council Committee oversees the use and maintenance of computers participating in the managed environments that make up the DeSC Program. The scope of the Council’s activities is to advise the university on standards for the managed computing platforms for institutionally owned computers. The DeSC Council also reviews security policies and practices for DeSC machines.

2.  Policy

Summary

  1. Customer Passwords - Domain user passwords will be managed by the University's password maintenance application and will meet the University's standard for password strength.
  2. Administrator Passwords - Departmental administrator passwords will be changed quarterly. Passwords changes will be done remotely by central administrators. The new password will be made available to authorized departmental DeSC administrators.
  3. Malware Protection - OIT will confirm the McAfee VirusScan auto-protection is enabled across all DeSC machines on a regular basis. If necessary, the auto-protection will be re-enabled.
  4. Critical Software Security Patches - Security patches and hotfixes for the Microsoft operating systems, applications and Internet Explorer web browser will be tested and distributed to DeSC machines via WindowSoftware Update Services (WSUS) server. The image will be updated with the software after it has been distributed.
  5. Virtual Machines (VM) - DeSC computers are not authorized to run inside a Virtual Machine.
  6. DeSC Backup Policy – DeSC computers must be backed up to the OIT CrashPlan backup service. 

Customer Passwords

See OIT Knonwledge article 9928 for information about choosing a password that is both safe and easy to remember.     

Administrator Passwords

A local administrator passphrase is established for each department. The administrator passphrase is the same for all the DeSC machines in a department. Only authorized departmental DeSC local administrators are expected to access departmental DeSC machines with these “administrator” privileges. The purpose of administrator access is to:

(a)  Install “optional” or departmentally supported software applications.

(b)  Troubleshoot technical problems on the workstation.

  1. The DeSC local administrator account passphrase will be changed on a quarterly basis.
  2. The Desktop Systems Council prohibits disclosing the local administrator password to anyone other than authorized departmental DeSC administrators or granting administrative rights to any other user’s account.
  3. SCAD/DCS members are authorized DeSC administrators for the department by which they are employed. A department which does not employ a SCAD or DCS member or which employs technical staff members working under the direct supervision of a SCAD/DCS member may request authorization from DeSC  ([email protected]) for the staff member. Such requests will be considered on a case-by-case basis. In general, factors that will be considered by DeSC include relevant system administration experience, technical skills as demonstrated by Microsoft Desktop Support certification.

Malware Protection

All DeSC computers are protected by McAfee VirusScan software. This anti-virus software is part of the core software set. The Princeton configuration for current virus definition files has been set to a Princeton centrally-managed server. DeSC machines automatically poll a local server for new “virus protection definitions” every six (6) hours.

Critical Software Security Patches

One of the services provided by the central administration of the DeSC computers is the delivery of Microsoft operating system level and Internet Explorer browser security patches. Security patches to fix reported security holes in the Microsoft software are released quite frequently. The software is tested centrally and approved critical patches are deployed to DeSC machines using the Windows Software Update Services (WSUS) server within three business days.

Virtual Machines (VM)

The Council does not authorize DeSC machines to run inside a Virtual Machine.  Departments may run VMs on DeSC machines.

DeSC Backup Policy

All DeSC machines must have the CrashPlan client installed and configured to backup all profiles.

3.  Procedures

There is no content for this section.  

4.  Who is Affected by this Policy

All Princeton University faculty and staff are expected to comply with policies governing University owned computers in a managed environment.

5.  Definitions

There is no content for this section.

6.  Related Policies

University Information Technology Policy

University Information Security Policy

7.  Update Log

July 1, 2005:  Policy issued.

October 27, 2010:  Policy updated.

September 22, 2016:  Policy updated .

Policy Title: DeSC Security Policy for Standard Environments

Responsible Executive: Vice President for Information Technology and CIO Jay Dominick

Responsible Office: Office of Information Technology, Support Services

Endorsed by: Desktop Systems Council Committee

Contact: Charlayne Beavers; (609) 258-6034 

Effective Date: July 1, 2005

Last Update: September 22, 2016