You are here

3 Steps to Secure Computers

1 – Enroll your device in AD (Windows) or Jamf (Mac)

Managed devices receive automatic security updates for the operating system and many business applications. They also provide easier access to shared drives and network printing.

All devices imaged at the ITSS TechCenter are now automatically enrolled.

For devices not currently enrolled,  ITSS staff will review your device to determine if your current hardware and software are ready for device management. 

  • We’ll make a few configuration changes and get the device enrolled:
    • Rename and label device with standard naming (D-Unit-Year-xxxx)
    • Set up access to shared and personal folders (N: and P: drives)
    • Set up network printing
  • Time: 1 hour or less. 
  • Cost: No charge.

To schedule an assessment, contact the ITSS Help Desk (itsshelp@d.umn.edu, 726-8847).

2 – Update your OS

ITSS can review enrolled devices to determine if the hardware will support an upgrade to the currently supported operating system (OS):

  • Mac: OSX 10.13.6 or higher
  • Windows:  Windows 8.1 Enterprise, Windows 10 Education

For devices that meet the hardware upgrade requirements, there are two upgrade options:  In Place Upgrade or TechCenter Upgrade.

In Place Upgrade

During a scheduled office visit, an ITSS staff person (or your unit IT support staff) starts the upgrade from the SCCM or Jamf Self Service center.

Benefits:
- Good option for users who have their data stored on the network (Google Drive, AD file shares, Box).
- Schedule the upgrade during a convenient time (for example, overnight or over a weekend).
- Time:  1-3 hours.
- Cost:  No charge.
Challenges:
- Device owner is responsible for any data backup before the upgrade begins.
- Available only for Windows 7 devices on AD/SCCM.
- Upgrade may not complete successfully on some hardware and ITSS staff may need to intervene to restore or complete the upgrade.

TechCenter Upgrade

The device owner schedules a time with the TechCenter to drop off the computer and the upgrade is completed by ITSS staff.  A limited number of loaner laptops are available while the device is in for service.

Benefits:
- ITSS staff complete a full backup of the device, monitor and complete the OS upgrade.
- Available for older versions of Windows, non-standard hardware and computers not currently on AD/SCCM.
- To expedite the process and limit the amount of time users are without their computer, ITSS will be offering several "Weekend Drop off" events fall semester. (Note: This is for Windows 10 upgrades only - all other repairs will be completed as previously scheduled.)
Win10 Upgrade - Weekend Drop Offs
Drop off Friday / Pick up Monday

Nov 15 (drop off) / Nov 18 (pickup)
Nov 22 (drop off) / Nov 25 (pickup)

Challenges:
- Device owner will need to schedule the upgrade with the ITSS TechCenter.
- Time: Device will be in the TechCenter for service for 1-3 days. Some Friday drop-offs/Monday pickups will be available.
- Cost: $62.80/device.

3 – Encrypt the data on your device

Encryption secures the data on your device in the event it is lost, stolen or compromised. All devices imaged at the ITSS TechCenter are now automatically encrypted.
For enrolled devices that were not previously encrypted, encryption of the hard drive will be enabled through SCCM (Windows) or JAMF (Mac)..

  • The encryption process will run in the background; it may take many hours to complete, depending on the amount of data.
  • Users may notice some slowness during the encryption process itself but should not notice any difference once the encryption is complete.
  • Hardware must support encryption (Windows devices require a TPM chip).  

Relevant Security Policies

Taking these steps to secure your computer will assist in meeting the latest University security standards, as approved by the Board of Regents in July, 2019.

Information Security Policy

This is the overarching security policy that governs all University individuals. The policy references sixteen security standards that address various areas of data security, including this one regarding workstation security:

  • Systems and Device Management Standard
    University systems and devices must be deployed and maintained to an appropriate level, based on the data stored on or accessed through them. Some systems and devices must meet legal, regulatory, or contractual agreements related to their configuration and management.

    Some of the relevant security controls within this standard include:

  • Management by an IT Service:  Identifies where management by an IT service (such as AD or JAMF) is required.
  • Configuration:  Defines the baseline security controls for configuring a system or device, including removing software that is no longer supported by the vendor (i.e., Win 7) and using industry-standard strong encryption.