This document is targeted at all recipients of Client Managed PCs here at the University of Waterloo. Since most of these are notebooks in Academic Support, the additional focus is specifically at portables. Desktop PC owners that manage their own PCs may also benefit. Desktop PCs in Academic Support are used differently than notebooks and because they rarely leave the users office they are almost all imaged and managed by IST.
Many months of meetings, surveys and experimentation were spent identifying how Academic Support clients use the operating system and required applications. Much more time was spent applying these modifications, first to individual’s PC’s, than entire departments and finally to the image distributed to Academic Support desktops. We now believe we have a secure, functional and very usable image that allows our clients to be more efficient. To see what changes have been applied go to: Local Changes applied to an ADS Workstation . For details on exactly how to apply these changes yourself, go to: How to configure your PC to Academic Support Standards .
In many ways, with notebooks, we’re back at square one. The OS is typically as installed by the vendor, and the applications, if present, may not be configured as preferred or required by your departments. This not only puts IT staff at a disadvantage in terms of support but also you, the client, in terms of consistency with other PC’s you may use at UW.
As a notebook user you can either continue to manage most aspects of your PC, or have the critical pieces managed. Information on managing your PC yourself can be viewed at: Using your personal computer @Waterloo, however, please consider reviewing the “Managed Notebooks” document to see if IST can help.
When you first set up your notebook there is an order that, if followed, not only makes your notebook more secure, but also presents fewer surprises than if you randomly do this. In very general terms the best order is to:
1. Fully charge the battery according to the manufacturer’s instructions before relying on the battery.
2. Turn on Windows Firewall (called ICF before WXP SP2).
3. Connect to the network. (Some applications need to be enabled online before they can be used.)
4. Update the operating system and your antivirus software with the latest patches and service packs.
5. Install any additional applications required.
6. Configure your operating system and applications as recommended for maximum efficiency.
Now you’re ready to start.
Typically, when a client receives a desktop they are not asked to look at the back of the desktop computer, let alone plug in their monitors, keyboards, mice and network. With a notebook, it is assumed the client is the one managing it. (The primary reason for this assumption has been that the notebook leaves the campus with the client where it can not be centrally managed.) For this reason the client is expected to learn about all of the external connections on their notebooks and configure and connect those themselves, if required.
Most notebooks today are every bit as sophisticated as their desktop counterparts. Many are more so. Here are some of the differences:
· They are self contained meaning they include a monitor, keyboard and mouse alternative.
· Drivers are more unique due to the nature of the units and come installed from the vendor with the OS. It is a little more complicated to replace the operating system with an institutionally customized one, although Plug-n-play (PnP) is getting better.
· Most office-quality notebooks have wireless networking built in. This means that not just one MAC address (the unique network address that identifies your PC) needs to be registered, but potentially two have to be, depending on how the wireless network is offered to the client. At UW our wireless network focuses on user authentication instead of computer authentication to access the network, therefore this second NIC (network card) does not present additional registration difficulties here.
· Many have modems built in. Since this typically is not required on campus it is up to the user to configure themselves, when away, like they would a home PC.
· All notebooks come with mouse alternatives now. Most come with touch pads. Some come with nipples in the center of the keyboard that acts like a joystick. Some come with both. If you are not used to them they will take some time to adapt to, like the mouse did originally on your desktop. An external mouse can be connected, either to the external USB or mouse port, if desired. Many find this an absolute must to remain productive.
· Touch pads, as nice as they are, can be a nuisance when trying to type. If your thumb happens to brush the pad while the rest of your hand is typing, the input location within your application may change. If this remains a problem the touch pad can be disabled in the operating system and re-enabled when needed.
· In order to keep most notebooks light, the attached monitor (and size of the notebook) are kept quite small. For those with deteriorating vision an external monitor can be attached to help.
· While on the topic of monitors, as nice as LCD monitors are, don’t let the portability of your notebook let you believe you’ll be able to use it outside in full sunlight. Even in the shade some monitors can be a challenge to read.
· For the same portability reason as small monitors, the keyboards are inferior to typical desktop keyboards. Fortunately external mice and keyboards are very cheap and like a mouse, an external keyboard can be connected in one of two ways to most notebooks. Many notebooks have a keyboard jack. Most have an additional USB jack for this purpose.
· Hotkeys and keyboard overlays are required on small notebook 84 or 85-key keyboards to simulate their 101-key counterparts. Since the way this is done is vendor specific each notebook may be different. Special key sequences like “CTRL-ALT-DEL” are often simplified by using specially provided buttons or switches.
· Other external devices may be required to get your job done. These include CD or DVD readers and/or writers if not part of the notebook. USB flash drives, also known as "keychain" or "thumb" drives are a specially welcomed addition.
· External power supplies included with most notebooks add additional weight and space considerations when carrying your notebook.
· Limited battery life is a concern. As attractive as it may seem that you may be able to work away from the office with a notebook, the reality is you won’t be able to stay too far away from an external power supply for more than 4-5 hours.
· Some notebooks include additional technologies, like Bluetooth, specialized memory or functional cards. None of these are covered in this document.
· Power off, versus Standby versus Hibernation: Three modes are available due to the nature of notebooks. Power on/off is obvious. Standby is what your PC can be set to go into when you leave it unattended for some time (like a desktop). Hibernation is the state a notebook enters when you close the lid for portability. Standby is the same as hibernation except that data is still in memory during standby mode. (In hibernation mode, data in memory is written to disk.) Both allow you to power back on again and continue right where you left off with all data retained.
· Beware of changing the operating system from the version your computer came with.
1. For instance the Toshiba Satellite and the Sony Vio come with authorization codes that enable the DVD/CD. When you upgrade from WXP Home Edition to WXP Professional the DVD will no longer work. The manufacturer will not supply a code citing they do not support those Models with any other version of the OS than the one supplied.
2. WXP Multimedia Edition is supplied on some and should not be replaced. Functionality will be lost if it is.
3. WXP Professional will run fine on a tablet. WXP Tablet Edition is however required for full functionality.
These steps are unique to tablet notebooks and the WXP Tablet Edition operating system and do not apply to a non-tablet notebooks.
· One of the first steps requested of the user is configuration of the tablet so it can better understand their handwriting. Questions like “Are you right handed or left handed” have a significant impact on how the tablet interprets how it’s used when using electronic ink.
· It is strongly encouraged that the first-time tablet user go through the pen-training exercise. We’ve all been using mice for long enough that using a pen in place of one is very intuitive. However, there are nuances the one must get used. to, like the fact that the pointer on the screen lags slightly behind the point of the pen being the biggest. Most are quickly overcome.
· Specialty software like Office 2003 has features geared to WXP Tablet Edition and the “electronic ink” feature of tablets. (Office XP does work.)
Here are some observations:
· Like their desktop counterparts the OS comes installed by the vendor on a notebook. Unlike desktops, notebook OS’s are more customized to work in tandem with hardware features of the notebook. UW supplied OS images can be supplied but should be customized to include vendor added specialty tools.
· Alternately, one could start with the vendor image and apply the changes requested by your departments as documented at:
· WXP has notebook provisions within it. It is likely that every feature a vendor customizes their OS with, for their notebooks, is available in some form from Microsoft in the operating system. The equivalent vendor tool sometimes disables the one in WXP forcing you to use the vendor’s version, if installed. There are advantages to having all of Academic Support using OS tools the same way but on a notebook, the vendor supplied tools are usually superior.
A touch pad can be disabled if it’s not going to be used or its use becomes problematic. Check for a touchpad icon on the start menu, at the right, which allows you to turn it on and off. Otherwise this menu can be accessed from the Control Panel under “Mouse Properties”.
A docking station makes for a nice alternative to plugging in any external devices, a network cable and the power supply into your notebook every time you arrive at your home base. If your notebook manufacturer offers one of these as an option it will certainly extend the life of your cable connections and simplify their entry. These do not come without their problems however as we learned the hard way. Because manufacturers try and reduce costs they often share docking stations between notebook models. Ours did not make all ports on the docking station available however. The PS2 mouse and keyboard ports, although present, were not enabled opting instead for USB connections. This is fine if USB keyboards and mice are present but more money if they are not. Ours also did not enable the serial port for the same reason. Some devices like some models of Blackberries and Palms require a serial connection to synchronize with the notebook.
Although the full discussion has been left up to other documents to elaborate on it bears mentioning that true ergonomic use of a notebook can be somewhat challenging compared to a desktop. Unless you use an external keyboard, mouse and monitor it can be difficult to maintain a proper sitting stance while using a notebook. The keyboards are typically smaller. The touchpad is positioned in such a way that it sometimes gets accidentally depressed while typing, causing the curser position to change. The screens are small and too low on your desk for extended use.
In addition, although some notebooks are referred to as “laptops” they get quite warm making use of them in your lap uncomfortable. Extending a tablet with an external monitor looses the “electronic ink” and pointing functions of the pen on the external monitor.
Few of these things are obvious when first buying a notebook. For portability, of course, they are excellent, but even there the weight can become excessive by the time you carry a case, your power adapter, any external devices and perhaps an extra battery. Consider your purchase of a notebook over a desktop carefully.
It is highly recommended that your notebook be clearly marked on the outside with identification of the recipient and any other way that may be a deterrent to would-be thieves. If possible this identification should be etched in a way that can not be easily removed. The recipient’s name and contact information is important so a found unit can be quickly returned.
On all computers it is of course prudent to set up all accounts to enter a password to gain access. This is configured automatically in our domain along with a second password that is required word when a computer is returned from standby mode (in case you leave your computer logged on for a while unattended). On a notebook both of these are even more critical as it makes the unit more attractive to steal if full access is automatically gained. What is different however on a notebook is that there is a third password that should be set. This is the hibernation password. (This is the password required when you close the lid on your notebook and open it again.)
Although not having a hibernation password is definitely a convenience for you, it also allows someone to easily compromise not only your notebook but all your personal local and networked files! To set this option you may have to enter the manufacturers Power Management utility. On a Toshiba, for instance, there is one button there that sets a standby and a hibernation password together.
The power-on password is set under Control Panel./User Accounts.
The “standby” password is set under “Power Option Properties” under the “Advanced” tab. Check the box that says: “Prompt for password when computer resumes from standby”.
The last note on passwords is that you end up in many situations, usually in a browser, or when mapping a drive, that you get asked if you wish your computer to “remember your password”. Always say NO. It is not a good idea for your PC to bypass required authentication to resources important enough to require authentication.
When you first turn on a notebook or desktop PC running Windows XP, you are not required to log on at all. When you create a user account for security reasons, this account defaults to an administrative user. Again, if you follow our guidelines and create a second “limited user” account and try and use this for all day-to-day work a few differences will become apparent. Applications will typically work as expected.
Note: You are still wise to try and run this way in that the OS and installed applications are more protected from inadvertent mistakes but here is what you may miss. Below is a list of things you will need to have more than limited administrative access to, to accomplish:
· Power Options: When notebook power is plugged into the wall power options can only be configured by an administrator. When the notebook is running off of battery this becomes a user profile feature that all can manage themselves. This includes all timing parameters for hibernation, standby and shutdown modes. NOTE: this is not the case if vendor tools are not installed and WXP is able to configure these settings. In this case these are user-profile settings.
· Network settings: because notebooks tend to move the network settings may need to be changed if everything not available via DHCP.
· Mail Server: You may not be able to change the mail server if you are not an administrator.
If all you use is one account a profile is simply the way your desktop, your preferences and your customizations are stored. If you’ve followed the accepted practice of setting up a non-administrative account in addition to a local administrative one your notebook will have a different profile defined for each account. This has advantages and also disadvantages for you, the end user. (See the discussion of profiles below in the section called “Implications of joining ADS”.
Something you should be aware of is that the contents of one profile, like the “My Documents” folder for instance, are not always readable by any other user of the notebook. For this reason a special folder called “Shared Documents” exists under C:\Documents and Settings\All Users. Beware though that anything stored here will not only allow access to physical users of this notebook but also networked “virtual” users unless proper firewalls are in place.
Actual operating system security discussion details is left up to many of the other documents and web pages IST, and others, maintain. For more information see the following reference:
Suffice it to say that a properly managed notebook (or desktop) should always have Windows Firewall (previously called ICF) turned on and be kept up-to-date in terms of patches and antivirus software.
A connection to the network is required for several reasons. The first is to keep offline copies of all of your documents. Even if you have all of the applications you need to work locally it is still a very good idea to keep the primary copy on a server where it is properly backed up. The second is to access resources. Networked printers, departmental documents, access to the internet and email are just some of the many reasons to be connected. NOTE: Most of these resources will likely mean at least authenticating in a domain. Another reason is to keep your operating system and all of your applications current. Ironically patches are usually released, for security reasons, to protect computers from viruses and hackers when your computer is connected to a network, however, some are to fix problems reported within the OS and applications themselves. Most notebooks come with the following three ways to connect, depending on your circumstances:
After turning on the wireless adapter the connection is made by:
· Selecting the “Wireless Network Connection” Icon in the bottom right of your screen. (It looks like a monitor with waves coming out of it)
· Select uw-wireless (at UW)
· Check “Allow me to connect to the selected wireless network, even though it is not secure”
· Launch Internet Explorer (or some other browser)
· Connect to http://www.laptop.uwaterloo.ca/ and authenticate.
At UW it is best to always explicitly set the network Speed and Duplex settings to what is configured at the other end (on the switch). Because this may change from other locations where the notebook is used you may wish to leave this at “Auto Detect” unless a problem is experienced. NOTE: We often don’t notice the problem until we monitor the connection, connect to a large number of printers or push a large application to a computer with it’s setting at “Auto Detect”. Everything seems to be fine but errors are generated on the switch. The connection will be fastest if you can explicitly configure this.
As the proliferation of high-speed becomes more affordable the need for modem connections diminish. Many notebooks do come with internal modems and configuration in the OS to make use of it is the same as with a desktop.
To properly manage a PC ADS administrators prefer the computer be part of the ADS domain. This has not happened as often as it could have because of concerns (on both sides) of what the implications of joining an unknown notebook to the domain might be. As a notebook user you may not wish to manage the OS or the applications and might feel you can benefit by having your notebook be managed. This section tries to identify the implications of joining the ADS domain. (Note: You do not have to be a member of any domain to have your notebook be managed. It does however offer both you and administrators more options by doing so.)
Roaming profiles transfer easily and without incident between workstations with similar builds. If you notebook is not configured similarly to your desktop some elements of your profile may not work as expected. Problems may also appear between dissimilar versions of Windows XP. These will be even more pronounced if one is running Windows 2000.
Unfortunately, there are several parts of a profile that benefit the user greatly if transferred since it can be time consuming to manage two profiles. Things as simple as icon placement and desktop backgrounds are a luxury, but a nuisance if they need to be done twice. Things like browser favourites, application configurations, dictionary customizations, mail servers etc. are more than a convenience and take time to apply twice.
Proceed cautiously if using both a desktop and a notebook in our managed environment and desiring a roaming profile. Our normal recommendation is to turn it off in this case.
As described in the “Implications of Joining ADS” section there are advantages to having file synchronization turned on with a notebook. On a desktop it can actually unnecessarily slow things down at times as there is little-if-any benefit of maintaining a local copy of networked files on a computer that is rarely disconnected from the network. Therefore our recommendations for each are different. You probably want this feature enabled on your notebook but have it prompt you before actually doing the synchronization. If you don’t you may find it trying to synchronizing to some other server while traveling and deleting your documents!!
Utilities shipped with the notebook sometimes conflict with the ones supplied within Windows XP. In the case of power saver mode it will let you try and configure personal preferences in the operating system but then when you go to save them, it will refer you to the ones supplied by the manufacturer. This means we can not configure them centrally, even if we could come up with a consensus matching most peoples working habits.
Updates are pushed to a desktop and the desktop is then scheduled to be rebooted in the very early hours of the morning (sometimes more than once). Like a home computer we don’t know the notebook will be on, or reachable. The solution is to properly educate the notebook user in how to best manage this themselves. Documentation on this can be found at: http://www.istiis.uwaterloo.ca/sus and http://ist.uwaterloo.ca/ps/services/antivirus.html .
· Make sure the internet firewall is ON before connecting to the network!!!
· The way our wireless network is configured you will require ICMP in to keep connection alive.
Document created by: Manfred Grisebach. Last Updated: August 5th, 2005h , 2005