Re: [EXTERNAL] Re: [SECURITY] Remote domain joined computer updates

["Hart, Michael" <mhart20 () MSUDENVER EDU>]

MSUDenver used IBCM to make sure that devices don't have to be on campus or connected to VPN to get updates.


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Blake Brown
Sent: Thursday, August 27, 2020 1:41 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [EXTERNAL] Re: [SECURITY] Remote domain joined computer updates

NOTICE: This email originated from outside the University. Please exercise caution when replying or opening links and 
attachments.

Excellent tip... thanks!


________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Seymour, Patrick <000000ddbd4dcc33-dmarc-request () LISTSERV EDUCAUSE 
EDU<mailto:000000ddbd4dcc33-dmarc-request () LISTSERV EDUCAUSE EDU>>
Sent: Thursday, August 27, 2020 12:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Remote domain joined computer updates

External Email

A quick and cheap option, one that requires them to visit campus one more time, is to create a configuration item in 
MECM/SCCM. You can test the connection to the WSUS server, and if that fails, remove the WSUS registry entries.  When 
the client comes back to campus, GPO will put the entries back. And then of course, they go home, the CI sees that the 
WSUS server is unreachable, and removes the entries again.



Here's a gist containing our detection and remediation scripts for this CI.



https://gist.github.com/pseymour/150efeaec12a032c158579057a44c994<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Fpseymour%2F150efeaec12a032c158579057a44c994&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920154997&sdata=V5bj6RPfobYBDNjXd3808xEXAgU5ubxVfZQnsE3Q%2FJw%3D&reserved=0>



--ps



Patrick S. Seymour | Manager, Application Delivery
Sinclair Community College | 444 West Third Street | Room 13-023Q (sometimes) | Dayton, OH 45402
937.512.2118 | patrick.seymour () sinclair edu<mailto:patrick.seymour () sinclair edu>





From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Blake Brown
Sent: Thursday, August 27, 2020 14:05
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Remote domain joined computer updates



Good afternoon,



We have run into an issue with staff who are using domain joined Windows computers at home due to COVID who cannot get 
Windows/AV updates due to GPO's, these users are not VPN users.



One option is to ask them to return periodically to the campus for updates but I think we all know how that will play 
out. We would like to minimize our VPN/DUO licensing cost if possible, so we are looking for alternatives to meet this 
need. How is your college handling this?



Thanks,

Blake Brown

Infrastructure Manager

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920154997&sdata=jxKawVMdzFib7aCN%2F062rH%2FgPEKbJBckA33kSilTIqY%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920164992&sdata=8HifjDyaEUtRVp8Lf9rr2aLxX%2BtHt2I6ybtRWSxBylY%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920164992&sdata=8HifjDyaEUtRVp8Lf9rr2aLxX%2BtHt2I6ybtRWSxBylY%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community