Windows.uwaterloo.ca > IST Managed PCs
Using a 'Managed' Notebook Computer
Computers, notebooks and desktops, require regular maintenance. Operating systems need to be kept current, virus definitions need to be updated and application software needs to be updated. This maintenance can be performed:
- by you, the person who uses the computer. To help you with this, IST provides many services that are described in the web site, Using my personal computer @Waterloo
- by IST, as part of its responsibility for supporting the use of computers at the University.
This document describes the how IST maintains both desktop and notebook computers and describes the process and consequences of having your notebook maintained by IST.
IST Maintenance of Desktop and Notebook Computers
IST supports a number of services and technologies to maintain computers at the University:
- A Symantic anti-virus server is used to provide daily updates on virus definitions.
Details can be viewed at: http://ist.uwaterloo.ca/ps/services/antivirus.html.
- A Windows operating system update service called WSUS (Windows Server Update Services) provides regular, critical patches to the Windows operating system.
(Details at: http://windows.uwaterloo.ca/Security/wsus/wsus.asp )
- Updates and system changes are initiated by local and remotely applied policies. This service is used to maintain computers in the academic support units that are managed by IST.
Policies are used to maintain application software, enable performance-enhancing system features and perform configuration changes that improve computer security. See Changes Applied to a Managed ADS Workstation for a description of these policy and configuration changes.
The Process of having your notebook managed by IST
The process of having your notebook managed must begin with an assessment of your notebook and your requirements. These procedures are best discussed with the computer support person in your department and your IST computer liaison. This assessment would review:
- that you are using a current version of the operating system (XP Professional) with the latest service pack.
- that you are using application software that is compatible with the standard applications suite (e.g. no older versions of Office).
- that your notebook is regularly connected to the campus network
- that your requirements are consistent with the management model supported by IST. Here are some of the restrictions that you will see in the managed model:
- you will not be able to use the Fast User Switching feature; it is unavailable to computers that are members of a domain.
- you will not be able to share printers connected to your notebook unless this policy has been allowed within your department.
Preparing the Notebook for Migration to a Managed Environment
Having completed this assessment, some features of your notebook will need to be checked and possibly changed.
- All critical data on your notebook should be backed up.
- If you do not have an original set of disk images from the manufacturer of your notebook, or if this image is no longer current, IST will take an "image" of your notebook.
- If your "profile" is greater than 50MB, it will need to be reduced.
- You will require a license for MS Office. If you require Office 2003, IST will need to tailor the configuration of your notebook to use Office 2003 rather than the standard Office XP.
- If the notebook already has any of the "standard" applications suite (Acrobat reader, Eudora, MS Office, Oracle Calendar, Oracle Connector, SSH), you will see some changes as their setup is standardized via group policy. To remove artifacts of the current installation (e.g. two icons for the same application in the Start -> All Programs menu), you may choose to remove these applications. This is not a required step.
- Windows XP supports a feature called "roaming profiles" that allows your profile, containing desktop icons etc, from one computer to another.
- Depending on your situation, you may want to have "roaming profiles" turned off for your userid - discuss this with your computer support person and IST liaison.
The Migration Process
- Local policies and settings that we apply to our desktop computers will be reviewed.
- Your notebook will now be ready to be moved to an organizational unit of managed computers in the active directory. IST will perform this step for you.
Consequences of having a Managed Notebook
A number of changes will take place on your notebook as a result of the application of group policies. Here is a summary;
- the "standard" application suite (detailed above) will be installed
- some configuration changes will be made including: renaming administrator and guest accounts. Note that passwords remain the same.
- automatic daily windows updates are scheduled by the SUS server
- some configuration changes are made for compatibility with departmental desktop configurations e.g. turning off personalized menus.
After these changes, your notebook should again be fully functional. You should logon to the notebook using your ADS credentials (userid and password) even if you are not connected to the campus network.
Passwords: You may notice that the "Change Password" option on the logon screen has been removed. To change your ADS password, use the UWaterloo Password Service. Note that local userids on the notebook are not affected.
Offline Files: One of the options avaliable to you is called "Offline Files". This is configured with Windows Explorer under Tools and Folder Options. It's a very convenient way keeping a copy of all of your network files (your "N" drive) on your notebook and synchronizing changes made to these files. The Synchronize panel (All Programs, Accessories) is used to configure your preferences for the automatic or manual synchronization of files between your notebook and the network storage device.
Internet Explorer Components: One of the security changes of the managed environment is to disable the automatic install of Internet Explorer components. This feature is often exploited by malware. If you require the installation of an Internet Explorer component, log on using your administrator account and perform the installation (often by visiting the web site of the component provider).
Printers: group policies disable the ability to "access this computer from the network". This will affect your ability to share a local printer. Note that some departments have requested to be exempted from this policy.
Windows Update: If you are off campus for an extended period of time your notebook will not be receiving its regular Windows updates. At least on a weekly basis, you should then log on using your administrator userid and use the Windows Update facility (Start menu -> All Programs or Internet Explorer -> Tools).
Created as a result of the Notebook Management Project. Referenced Links updated by Manfred Grisebach, Created by Paul Snyder (snyder at uwaterloo.ca) on August 19, 2005