Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated throughout to reflect the addition of the new OS-specific pages
Cfm interactive banner
an.spaceKeycnsoitpublic
autoScrollInterval9
aiQuickStartOpenedfalse
idxw5k2m6wop
autoScrolltrue
interactiveBanner[{"slideContents":"[{\"label\":\"Title\",\"value\":\"title\"},{\"label\":\"Body\",\"value\":\"body\"},{\"label\":\"Button\",\"value\":\"button\"}]","titleText":"Enrolling Networked Computers","bodyText":"CNS OIT is currently undertaking efforts to inventory networked devices, enroll UT-owned computers in management, and identify use of personal computers for UT work.","buttonText":"Read more about the effort here","target":"true","themeColor":"dark","overlayOpacity":0.5,"image":"https://images.pexels.com/photos/3747481/pexels-photo-3747481.jpeg?auto=compress&cs=tinysrgb&w=600","imageName":"Photo Of Computers Near Windows","imageSize":"cover","imagePosition":"center","imageType":"Stock images","destination":"confluencePage","filterSpace":"true","url":"https://cloud.wikis.utexas.edu/wiki/spaces/cnsoitpublic/pages/136085505/Enrolling+Networked+Computers","selectedUrl":"https://cloud.wikis.utexas.edu/wiki/spaces/cnsoitpublic/pages/136085505/Enrolling+Networked+Computers"},{"slideContents":"[{\"label\":\"Title\",\"value\":\"title\"},{\"label\":\"Body\",\"value\":\"body\"},{\"label\":\"Button\",\"value\":\"button\"}]","titleText":"Using your personal computer for UT work?","bodyText":"Let us know how and why you use a personal computer to do your UT work or research. This includes faculty, staff, graduate students, and undergraduate student employees.","buttonText":"Fill out the survey","target":"true","themeColor":"dark","overlayOpacity":0.75,"image":"https://images.pexels.com/photos/3987114/pexels-photo-3987114.jpeg?auto=compress&cs=tinysrgb&w=600","imageName":"Person in Blue Denim Jeans Using Macbook","imageSize":"cover","imagePosition":"center","imageType":"Stock images","destination":"externalUrl","filterSpace":"true","selectedUrl":"https://cloud.wikis.utexas.edu/wiki/spaces/cnsoitpublic/embed/135792907","externalUrl":"https://cloud.wikis.utexas.edu/wiki/spaces/cnsoitpublic/embed/135792907","url":""},{"slideContents":"[{\"label\":\"Title\",\"value\":\"title\"},{\"label\":\"Body\",\"value\":\"body\"},{\"label\":\"Button\",\"value\":\"button\"}]","titleText":"CNS OIT's role in realizing CNS's vision","bodyText":"To transform technology from a hinderance into a facilitator. With comprehensive knowledge of policy and technology, we aim to mitigate constraints imposed by compliance to enable our faculty, staff, and researchers as they drive community, discovery, and impact at scale.","buttonText":"CNS Values and Impact","target":"true","themeColor":"light","overlayOpacity":0.7,"image":"https://images.pexels.com/photos/3760069/pexels-photo-3760069.jpeg?auto=compress&cs=tinysrgb&w=600","imageName":"Person in Black Suit Hired An Employee","imageSize":"cover","imagePosition":"center","imageType":"Stock images","destination":"externalUrl","filterSpace":"false","selectedUrl":"https://cns.utexas.edu/about-the-college/values-and-impact","externalUrl":"https://cns.utexas.edu/about-the-college/values-and-impact"},{"slideContents":"[{\"label\":\"Title\",\"value\":\"title\"},{\"label\":\"Body\",\"value\":\"body\"},{\"label\":\"Button\",\"value\":\"button\"}]","titleText":"Definitions & Terms","bodyText":"We've created a list of terms we frequently use when talking about endpoint management and during the Enrolling Networked Computers effort. We've provided definitions and explanations of what they mean.","buttonText":"See the Definitions","target":"true","themeColor":"light","overlayOpacity":0.55,"image":"https://images.pexels.com/photos/6997/books-writing-reading-sonja-langford.jpg?auto=compress&cs=tinysrgb&w=600","imageName":"Person Holding Book","imageSize":"cover","imagePosition":"center","imageType":"Stock images","destination":"confluencePage","filterSpace":"true","url":"https://cloud.wikis.utexas.edu/wiki/spaces/cnsoitpublic/pages/135888998/Definitions+Terms+used+in+EPM","selectedUrl":"https://cloud.wikis.utexas.edu/wiki/spaces/cnsoitpublic/pages/135888998/Definitions+Terms+used+in+EPM"}]
summarisePrompt

Endpoint Management (EPM) refers to a set of tools used by IT to setup, maintain, and support computers. CNS OIT can provide better support because we can see information about your computer that we use along with remote support tools to resolve problems and fulfill requests. EPM also improves security by employing policies designed to protect access to University computers, data, and resources and identifying the presence of specific security vulnerabilities.

The Endpoint Management (EPM) Centralization and Standardization Program was created to improve the consistency, efficiency, and security of UT devices by establishing centralized EPM tools. IT staff and administrators across UT collaborate to provide a robust and reliable EPM platform.

The use of central EPM was written into policy at the direction of the Information Security Office, the Executive Vice President and Provost, and the President of the University of Texas at Austin after auditors found that networked devices— and especially computers— are one of the largest security risks we have.

Security policies for device configuration and management require UT business be performed using computers enrolled in the central EPM platform and administered by trained IT staff. Additionally, IT staff must be able to prove all devices meet minimum security standards to auditors.

Panel
panelIconIdatlassian-plus
panelIcon:plus:
panelIconText:plus:
bgColor#E6FCFF

Check back often for updates

This content is still under development and new content is being added regularly. The date this page was last updated can be seen under the page title.

Management is required for all UT-owned computers

macOS

Apple computers and tablets are managed using Jamf.

Windows

Windows computers and servers are managed using MECM.

Linux

Linux computers Red Hat Enterprise Linux, CentOS Stream, Ubuntu, and Debian are managed using Orcharhino.

Auibutton
url
externalUrlhttps://cloud.wikis.utexas.edu/wiki/spaces/cnsitcnsoitpublic/pages/134350319134676543/macOS+Endpoint+Management+in+CNS
color#BF5700
filterSpacefalse
destinationexternalUrl
textColorPaletteDefault
typestandard
titleMore details coming soonabout macOS
textColor#FFFFFF
targetfalsetrue
selectedUrlhttps://cloud.wikis.utexas.edu/wiki/spaces/cnsitcnsoitpublic/pages/134350319134676543/macOS+Endpoint+Management+in+CNS
an.spaceKeycnsitcnsoitpublic
idk60x0o7yio61n4jna42e6
alignmentcenter
backgroundColorPaletteDefaultcfm-organization-colors-utexas Primary Color Palette
Auibutton
url
externalUrlhttps://cloud.wikis.utexas.edu/wiki/spaces/cnsitcnsoitpublic/pages/134643737/134350319/Windows+Endpoint+Management+in+CNS
color#BF5700
filterSpacefalse
destinationexternalUrl
textColorPaletteDefault
typestandard
titleMore details coming soonabout Windows
textColor#FFFFFF
targetfalsetrue
selectedUrlhttps://cloud.wikis.utexas.edu/wiki/spaces/cnsitcnsoitpublic/pages/134350319134643737/Windows+Endpoint+Management+in+CNS
an.spaceKeycnsitcnsoitpublic
idk60x0o7yio7wxoggmqljh
alignmentcenter
backgroundColorPaletteDefault
Auibutton
externalUrlhttps://cloud.wikis.utexas.edu/wiki/spaces/cnsitcnsoitpublic/pages/134350319134643758/Linux+Endpoint+Management+in+CNS
color#BF5700
filterSpacefalse
destinationexternalUrl
textColorPaletteDefault
typestandard
titleMore details coming soonabout Linux
textColor#FFFFFF
url
targetfalsetrue
selectedUrlhttps://cloud.wikis.utexas.edu/wiki/spaces/cnsitcnsoitpublic/pages/134350319134643758/Linux+Endpoint+Management+in+CNSManagement
an.spaceKeycnsitcnsoitpublic
id65071i7zgrc
alignmentk60x0o7yiocenter
backgroundColorPaletteDefault

Below are a few features managed by EPM that we’d like to highlight as they work a little differently than they would on compared to a computer that isn’t managed. These are things you might notice after a UT computer is enrolled in EPM. Details about how some of these features work for your OS can be found by clicking the “More about…” buttons above.

Administrator accounts and administrative access

  • Logging in to the computer using an administrator account will be disabled, but an administrator account will be created for the device owner as needed. This is in accordance with IRUSP Stand 5.

  • CNS OIT will have an administrator account that enables us to properly administer the computer.

Screen saver lock

  • As defined in IRUSP Standard 15.2.5: “Unattended computing devices must be secured from unauthorized access using a combination of physical and logical security controls… [including] screen saver passwords and automatic session time-outs that are set to activate after 15-minutes of inactivity.”

Remote access

  • Unless required, remote access will be restricted to only allow remote access by CNS OIT. CNS OIT only uses remote access when it’s required to provide support.

  • If remote access has been configured, this page has instructions for how to use it: Remote Access and Remote Login

Logging in with EIDsyour EID

  • Computers are connected to the Austin domain which gives users the ability to login to a computer using their EID. This is done in accordance with IRUSP Standards 4.1.1 and 4.1.3.

Operating system and application security updates

  • As defined in Minimum Security Standard 4.5.2 for Systems: “Operating system and application services security patches are installed expediently (e.g., 30-days) and in a manner consistent with change management procedures. Products that no longer receive security updates from the vendor (e.g., unsupported) are not authorized.”

CrashPlan for backing up data

  • CrashPlan is installed and configured to backup your data.

  • For instructions on configuring and using CrashPlan, see our page: Code42 CrashPlan UT Backup

Exceptions to Management

An exception requires a technical justification approved by CNS OIT, the Dean, and the ISO. Valid for a maximum of one year, they’re intended as an intermediate step between a computer being unmanaged and managed. Additional security measures must also be taken to ensure the security and compliance of the computer.

Once an exception expires, it must be enrolled in management or refiled after approval by CNS OIT, the Dean, and the ISO.

A computer with an exception to management is the responsibility of the device owner, but CNS OIT will assist with certain aspects of the exception process and alternate security measures. As each case is unique, CNS OIT will discuss the division of responsibility with the device owner.

Here is an example of a computer in a research lab that qualifies for an exception from management and what compliance looks like:

Situation

The computer is an instrument controller provided by the vendor. Enrolling the computer in management is a violation of the service agreement with the vendor and would cause issues with the software used to control the instrument.

Security measures taken to meet compliance

A firewall configured by CNS OIT is installed in front of the computer. The computer is then only able to connect to a select number of devices in the lab, UT Box, CrashPlan, and an IP address range supplied by the vendor used for remote support including updates to the instrument and software.

What these measures accomplish

  • The computer is less vulnerable to attacks from external sources.

  • If the computer were to be compromised, it’s ability to infect other computers on the network or compromise UT data is limited.

These are protections that EPM provides through a combination of firewall rules, system configurations, and anti-virus software.

The computer is still able to:

  • Control the instrument

  • Receive support from the vendor.

  • Automatically back up data, making it easy to access from another computer for analysis and decreasing the chance of data loss.

FAQs about Management

Expand
titleIn this section...
Table of Contents
minLevel3
maxLevel3
outlinefalse
stylenone
typelist
printabletrue

What if my computer isn’t compatible with EPM?

CNS OIT will work with the device owner to understand the situation and identify options. If your computer isn’t compatible due to a technical business justification, an exception from management can be requested.

More details about EPM for each OS including compatibility requirements will be available sooncan be found by clicking the “More about…” buttons above.

What if my computer doesn’t store confidential data, does it still need to be managed?

All UT-owned computers must be enrolled in central EPM, regardless of how it’s used and what data is stored on it.

Can I manage my computer myself? Why does CNS OIT have to manage it?

Though we have many technical and skilled people in the college, it’s a matter of policy.

IRUSP standard 19.3 for management of UT-owned devices requires the use of central EPM and requires that it be administered by professionally-trained IT staff.

Security policy also includes the ability to prove compliance in real time to auditors. In the event of a cyberattack or system compromise, we must be able to respond quickly. EPM makes this possible.

Do you have access to my data?

Some of it. CNS OIT has the access and technical ability to access data that is stored in these ways:

  • On the hard drive of a managed computer: Select members of CNS OIT staff can use our administrator account to access files saved within any user profile.

  • CrashPlan (Code42, UTBackup): Select members of CNS OIT staff have access to the administrator console.

  • UT Box: Only if CNS OIT is the owner of a shared folder, or has access to a departmental Box share.

  • File servers: Only if CNS OIT manages it.

CNS OIT does not have access to data stored in these locations, however the administrators of these services do:

  • UTMail

  • Microsoft 365: Outlook (email and calendar), OneDrive, SharePoint, Teams

  • UT Box (all folders and files)

  • All other UT-owned devices and services

Will you be monitoring or looking at my data?

No. CNS OIT does not look at nor monitor the data anyone has on their computer. The only time we intentionally touch data on a computer is if we are assisting in data recovery or if we are legally required to do so such as during a FOIA request. In these cases, CNS OIT does not open, look at, nor review any files beyond verifying the data is not corrupted. CNS OIT also ensures data storage and transmission is secure and accessible only by those authorized to do so.

The privacy and security of data is a top priority. We do not access anyone’s data unless requested to do so by the data owner or another authority.

There is zero tolerance for the abuse of privileged access and results in termination.

Panel
panelIconIdatlassian-question_mark
panelIcon:question_mark:
panelIconText:question_mark:
bgColor#DEEBFF

Questions about Endpoint Management in CNS?

Submit an Endpoint Management Questions request to create a ticket with our CNS OIT EPM team.