Educause Security Discussion mailing list archives

Re: Logon Disclaimer

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Wed, 25 Aug 2010 17:40:47 -0400

On Wed, 25 Aug 2010 16:51:54 EDT, "James Farr '05" said:

As part of the processes you may have to install (windows patches,
antivirus, and other software that etc,  section currently under
construction.) not created or supported by Utica College.    These settings
and software are mandatory for any users wanting to access our network
resources.


As my co-worker Randy Marchany likes to say, "Never write a policy you aren't
able to enforce".

If it's "mandatory", how do you enforce it?  If I have a Linux laptop, does it
pass your check for windows patches or not? For that matter, how does your
system verify that a Windows box has current patches installed? If you're
running an all-AD network, you can probably use GPO to push a monitoring agent
package onto all nodes and then run something that asks  the agent what the
current levels are - but absent a pre-installed agent, it gets really tricky.

And if you *are* an all-AD network, then you don't need the disclaimer because
you should have already *pushed* the patches to the box. :)

Attachment: _bin
Description:

Current thread:

Logon Disclaimer Shaun Gray (Aug 25)
- Re: Logon Disclaimer Gina Mieszczak (Aug 25)
- Re: Logon Disclaimer Valdis Kletnieks (Aug 25)
- Re: Logon Disclaimer James Farr '05 (Aug 25)
  - Re: Logon Disclaimer Valdis Kletnieks (Aug 25)
- Wi-Fi student administrative system James Farr '05 (Aug 30)
  - Re: Wi-Fi student administrative system Solem, Vik P. (Aug 30)
  - Re: Wi-Fi student administrative system Shalla, Kevin (Aug 31)
    - Re: Wi-Fi student administrative system Jeff Holden (Aug 31)