Computer name to person mapping (Identity Finder)

["Woodruff, Dan" <dwoodru2 () UR ROCHESTER EDU>]

We're a decentralized university with multiple departments that manage
their own computer deployments. We're in the process of designing a
university wide Identity Finder implementation, and one of the major
risks is that we will be deploying this software to machines across
campus but not have a way to map a machine in the console back to a
department and person. We need the accountability and the ability to
easily report on findings based on department. The problem is, the only
identifying information reported to the Identity Finder console is
machine name and IP address.

 

Some of the options we have thought about are using the last logged in
user in Active Directory (only applicable to Windows computers and not
all Windows computers are on the domain), a registration process that
has to be completed before a user/department is allowed to install the
software (that's another database to maintain and there is still the
risk that an installer will be passed around once it is obtained once),
or manual correlation with another tool that has somewhat accurate but
still mostly Windows information in it. That last option is looking the
best at this point, although not easy to do.

 

How are other decentralized universities with Identity Finder managing
their clients within the console? How do you track back to a person?

 

Thanks in advance, 

 

Dan Woodruff

University IT Security and Policy

University of Rochester