Viewfinity roll out with Windows 7

21 11 2012

IT Services is going to start rolling out Windows 7 to faculty on *new systems* (that is, you’ll get it when you get a new computer or rebuild). That means it’s time to spread the word about Viewfinity and standard user accounts.

Here’s the official statement from Jim Franceschelli, director of IT Services:

Viewfinity Privilege Management is currently being installed on all University office computers in an effort to better secure endpoints and reduce vulnerabilities to hackers, malware and embarrassing security breaches that could prove costly to The University of Scranton’s reputation. Viewfinity allows all Windows 7 users to run as standard users further reducing computer vulnerability to viruses and other malicious attacks.

Please be aware that attempting to install applications or printers or attempting to change some settings will require administrative privileges. Viewfinity will elevate your privileges and allow you to install applications or change settings as necessary. When you receive a Viewfinity prompt requesting your justification for an installation or system change, simply enter the information requested and click OK. Your installation will proceed immediately.

Just to repeat from a faculty member perspective: when you get a new computer, you’ll get Windows 7, and your account on your desktop/laptop will change from being an administrator account to a standard user account. By default, standard users can’t install or delete applications, as administrators can. That’s where Viewfinity comes in — when you try to install software, it will automatically and temporarily elevate you to administrator status. In other words, we can install whatever software we need when we need it. (Note – this only applies to faculty members. Staff have to go through an approval process when requesting new software.)

I’ve been piloting Viewfinity as a faculty user since the middle of the summer, with excellent results and no disruption to my work or research. To give you an idea of what it looks like —  let’s say I want to play around with some visualization software, like Edraw Mind Map. I download the .exe file for Edraw as usual. When I try to run the .exe to install the software, I get a small popup window from Viewfinity that asks for a “business justification”:

 

IT Services isn’t monitoring business justifications for faculty members, so you can simply say you are using the program for teaching, research, incidental use, etc – no lengthy explanation required:

When you click OK, you are automatically bumped up to administrator. I get a little notification at the bottom of my screen:

 

The software installation begins right away, and I can go through the installation steps like I normally would. Once the installation is complete, I’m automatically bumped back down to a standard user account.

Overall, the process is smooth and seamless – it adds maybe 5-10 seconds to my normal installation time. Commonly used software (Skype, iTunes, Spotify, etc) has been whitelisted to speed things up, so you don’t even need to click through the business justification step for things like that. I’m running all the software I had on my old Windows XP machine (Dropbox, Google Calendar Sync, Tweetdeck, Google Earth, etc etc etc) on my new Windows 7 machine with no issues or disruptions.

While I know some of us would prefer to still be admins, I think this solution is a good balance between freedom and security. Jim and the IT Services staff put in a lot of work to figure out a way to accommodate faculty needs, which I truly appreciate. Any issues with Viewfinity can be reported to the Technology Support Center by phone (x4357), email, or Footprints.

Last couple of points:

  • Viewfinity is not supported on Mac or Linux, so faculty using Mac or Linux machines are not affected by any of these changes.
  • Viewfinity has another big feature – Remote Desktop assistance! When you call the Technology Support Center, you’ll be able to share your desktop with the support staff so that they can help you easily from a distance. This service is in development and will be available soon. It will always have a prompt – your desktop won’t be shared without your approval.
  • Faculty members with XP machines will get Viewfinity via KBOX, so you’ll have Remote Desktop capability, but you will still maintain an administrator account (and XP) until you get a new computer.
  • Classroom and lab computers are all Windows 7 now, but they do *not* run Viewfinity — they have Deep Freeze instead. So you can install programs on classroom and lab computers, but those installations will disappear each time the machine shuts down. If you need to install software in a classroom or lab that you need to use frequently, submit a request to the Technology Support Center via Footprints.

Comments : Leave a Comment »
Tags: , ,
Categories : Announcements, Security

TAG Meeting 2012-11-07

8 11 2012

On November 7, TAG held its third and final Fall 2012 meeting.

1. Code of Responsible Computing Committee update

Dave Dzurec (History) and Jim Franceschelli (IT Services) are co-chairing a committee charged with drafting an update to the Code of Responsible Computing. The goal of the committee is to create a single policy for faculty, staff, and students that will define responsible use of information technology at the University.

Dave and Jim have been reviewing acceptable use policies from other universities  and have almost finished a draft for the rest of the committee to review.  After review by the committee, the policy will go to VP/CIO Jerry DeSanto, and then it will enter the University governance system for full approval (probably in 2013-2014).

Faculty representatives on the committee (as appointed by the Faculty Senate) are Dave, Wesley Wang (Economics/Finance), and Bob Spinelli (Health Administration and Human Resources). The Staff and Student Senates also have two representatives each.

We discussed briefly how the new policy should be disseminated and shared with students and faculty after it is approved. Sandy asked whether new students/faculty/staff will need to sign off on the policy when they begin using University services to make sure they are aware of it. Kristen suggested incorporating a mention of the policy into the New Faculty Orientation. She will also suggest to the Associate Dean of the Library, Bonnie Strohl, that public patrons using Library computers would be informed of the policy in some way.

2. CTLE Technology Liaison

The Center for Teaching and Learning has two faculty liaisons (currently Anthony Ferzola and Marian Farrell) who provide an interface between faculty teaching and the CTLE’s resources. Faculty can reach out to the liaisons for support (e.g., teaching observations), and the CTLE can reach out to the liaisons for input on needed resources. The liaisons also run the faculty mentor/mentee program.

The CTLE wants to establish a similar faculty liaison who would specifically address academic technology questions and needs. They did a pilot project last year, with Sandy Pesavento (Education) serving as the faculty technology liaison, to see what role(s) a liaison should fill. Eugeniu asked TAG (including Sandy) for feedback on what a technology liaison’s “job description” should look like.

During the pilot year, Sandy did some technology trainings (higher order thinking, student response systems, smartboards, etc) and teaching observations (e.g., coming to a class to suggest technology tools that might be helpful to the instructor). One of the difficulties during the pilot year was that few faculty members outside of PCPS were aware that Sandy was available for consultation on technology issues, though, so a challenge for the future will be finding ways to promote the services the liaison provides.

We discussed other needs that a liaison could address. Several TAG members suggested a repository or database of some kind that would identify 1) educationally relevant technologies and 2) if/how faculty at Scranton and other universities have implemented them.  Katie noted that sometimes faculty don’t necessarily know what tools are available to them. Jeremy and Dave expressed interest in hearing from faculty members who have been doing pedagogical research with technology in the classroom – e.g., via Friday presentations like the Office of Research Services seminar series.

We also discussed the difficulty of knowing who to call for help – that is, CTLE supports faculty use of technology for pedagogy, but IT Services supports the actual hardware and software that faculty use in the classroom. Teresa suggested a flow chart to indicate who to call and when.

3. Windows 7 and Viewfinity

As Windows 7 is rolled out with new University computers, your account on your desktop/laptop will change from being an administrator account to a standard user account. This is a security measure to try to prevent users from downloading and installing malicious software. By default, standard users can’t install or delete applications, as administrators can.

We were concerned about this limitation when TAG first learned about it, but IT Services has put in a lot of work to figure out a good solution for faculty members so that this change doesn’t affect our work. Using Viewfinity privilege management software, faculty users can be automatically and temporarily elevated to administrators so we can install whatever software we need when we need it.

Kristen has been piloting Viewfinity as a faculty user since the middle of the summer, with excellent results.  There’s a small popup window that comes up each time you begin to install a program that asks for a “business justification,” but you can simply say you are using the program for teaching, research, etc – no lengthy explanation required. When you click OK, you are automatically bumped up to administrator while the program installs, and you are automatically bumped back down to standard user once the installation is complete. Commonly used software (Skype, iTunes, etc) is whitelisted to speed things up. Overall, the process is smooth and seamless — many thanks to Jim and the IT Services staff for finding a way to accommodate faculty needs.

Viewfinity has another big feature – Remote Desktop assistance! When you call the Technology Support Center, you’ll be able to share your desktop with the support staff so that they can help you easily from a distance. This service is in development and will be available soon. It will always have a prompt – your desktop won’t be shared without your approval.

Faculty members with XP machines will get Viewfinity via KBOX, so you’ll have Remote Desktop capability, but you will still maintain an administrator account (and XP) until you get a new computer.  Faculty members receiving new machines will have Windows 7 and a standard user account, with Viewfinity.

Viewfinity is not supported on Mac or Linux, so faculty using Mac or Linux machines are not affected by any of these changes.

Classroom and lab computers are all Windows 7 now, but they do *not* run Viewfinity — they have Deep Freeze instead. So you can install programs on classroom and lab computers, but those installations will disappear each time the machine shuts down. If you need to install software in a classroom or lab that you need to use frequently, submit a request to the TSC via Footprints.

4. Infrastructure for Computerized Testing

We were running out of time, so we didn’t get to discuss this agenda item. Jim suggested that a work group form to work on some possible solutions, since we haven’t made much progress on this issue. Jim, Teresa, Sandy, and Eugeniu will start to work on this.

5. & 6. WordPress Site Organization & Luminis Tab

No time for these agenda items either – Kristen will be in touch with TAG members via email.

TAG will not be meeting in December, so our next formal meeting will be in Spring 2013. TAG members will still be communicating and working throughout December and January, though, so as always please feel free to contact us with questions, concerns, or suggestions.


Comments : Leave a Comment »
Tags: , , , , , , , , , , ,
Categories : Announcements, Minutes, Network and Infrastructure, Security

TAG Summer Synopsis

29 08 2012

Welcome back, all! In case you didn’t spend your summer break thinking about campus technology, here’s a quick recap of what’s been going on over the past few months and what we’ll be talking about in fall semester.

What Happened:

  • Campus wireless upgrade. We’re seeing huge improvements in connection speed and strength – thank you, Network Infrastructure!
  • Classroom upgrades. Over the summer, IT Services remediated all of Brennan’s teaching spaces. Other classrooms were upgraded as well – including CLP223, 224, 225, JOH 150, 152, MGH 017, 209, 336, 402, and 406.
  • Lecture Capture. Lecture capture capability has been installed in LSC133 and LSC333. TAG members Jeremy Sepinsky and Tara Fay are doing pilot projects this fall to test out the new technology before extending it to other classrooms. Nursing and Counseling departments are next on the list.
  • Mobile access to Angel. We now have a license for Blackboard Mobile Learn for Angel, so you can download the free app for use on your iPhone, iPad, Android, or Blackberry device.
  • R-ID authentication. Instructor stations and computer labs now require your R number as your user name. Your password is the same.
  • Virtual desktops. 203 computers in Brennan and Library computer labs are now thin client machines.  At these terminals, students access virtual desktops and save files to SkyDrive.

What’s Coming:

  • Standard user accounts. As Windows 7 is rolled out for new faculty computers, our roles will change from administrative to standard user accounts. This is a security measure to try to prevent users from downloading and installing malicious software. By default, standard users can’t install or delete applications. This would be a major issue for many faculty members, but IR has been working on a solution for faculty, using Viewfinity privilege management software. The plan so far: when you need to install an application, you’re prompted to enter a brief description/justification, and then your permissions are temporarily elevated so that you can install what you need. Commonly used software is whitelisted to speed things up. I’ve been piloting it this summer from a faculty perspective, with good results. Mac and Linux users will not be affected. More details on this later.
  • Code of Responsible Computing. This policy is up for review. As a representative from TAG and the Faculty Senate, Dave Dzurec has bravely agreed to co-chair the effort. We’ll post updates here.
  • The academic server is scheduled for final retirement this year. Several faculty members still have web content on the server – so CTLE (probably with some help from TAG) will be reaching out to those folks this semester to help them move any content they want to keep.
  • Luminis upgrade. An update to the my.scranton portal is currently scheduled for December 2012. TAG is contributing suggestions for the new faculty tab – let me know if you’re interested in giving ideas or feedback.
  • Software licensing for virtualized environments.  The idea is that faculty, staff, and students could log into their virtual desktop from any computer and access the specialized software they need (SPSS, etc). Unfortunately, this is really expensive. IR is looking into it.
  • Royal Card. The system will get a full upgrade this year. This won’t have much effect on faculty from what we can tell.

What’s Stalled:

  • Academic Technology Plan. Sigh. That said, TAG is still looking for faculty input on future technology needs. What kind of teaching spaces do we want? What technology funding is most important? We’re hoping to get more conversations started on these topics this year.

 

——————
*Thanks to Jim Franceschelli, Lorraine Mancuso, Jerry DeSanto, and Robyn Dickinson for talking us through this year’s road map.

**IR staff, please let me know if I got anything wrong. Thank you!


Comments : Leave a Comment »
Tags: , , , , , , , , , , , , , , , , , ,
Categories : Announcements

IT Matters Winter 2010 Issue

30 11 2010

The new issue of IR’s IT Matters newsletter is available in PDF format.

As in the last issue, many of the articles deal with issues we’ve already been discussing here on the TAG site, but there’s a few new items of interest:

  • See p. 1 for a note from VP Jerry DeSanto on the email transition.
  • P. 3 has a quick update from the Mobile Applications team about the upcoming University mobile app.
  • On p. 4, Jim Franceschelli reminds everyone that completed Microcomputer Budget Forms need to be in by December 13 — so faculty members need to get any requests to their department chairs ASAP!
  • Also on p. 4: Some notes about Microsoft Forefront, which will be replacing McAfee Anti-Virus.  IR is beginning deployment this December, and McAfee will be removed from University computers by May 2011 at the latest.
  • P. 6: The Computer Maintenance Center has set a goal of having all four computer technicians Apple Certified by the end of December 2010.  So far, two of the four (Glen and Karl) have passed their certification tests.
  • Standard user accounts are mentioned on p. 7, but no further details on what kinds of software we will and own’t be able to install on our own computers.
  • My.Scranton is being updated – there will be a brand new version out, with an “improved user interface,” around Fall 2011 (p. 9).
  • Vince Merkel explains thin clients on p. 11.
  • Gus Fernandez goes through the steps of how the Computer Security Incident Response Team responds to infected computers (p. 14).
  • Information Security Manager Tony Maszeroski has some pointers for us on phishing scams on p. 15.  This is a must-read for faculty — TAG has heard from IR that faculty members have fallen for phishing scams in the past.
  • On p. 16, Cal Krzywiec reports that the University is planning to increase our wireless coverage from 300 wireless access points to closer to 1000. Wahoo! And the wireless network will be upgraded to accommodate higher demand. Wahoo again!
  • There will be a new Employee Applications tab on my.scranton.

Comments : Leave a Comment »
Tags: , , , , , , , , , , , ,
Categories : Announcements

More IT Forum updates

19 10 2010

I’ll post the slides from today’s IT Forum when they’re available, but in the meantime here’s what I thought was the most important news from Jim Franceschelli’s talk on “Desktops of the Future”:

  • Windows 7 will be rolling out around November, since Windows XP Extended Support is ending.  IR computers will get the rollout first (probably this month).
  • IR will be setting up standard user accounts on University-owned computers.  These user accounts will limit what applications users can install, in order to make the campus more secure.  MOST applications will be blocked, but some whitelisted applications (e.g., iTunes) will be allowed.  This has me a little concerned – it seems like an area where we’ll need a lot of communication between IR and faculty to make sure that faculty can download and install the applications they need on their desktops.
  • IR will also soon be rolling out Active Directory, a tool that will sync your Windows account – so that you’ll be able to access to mapped drives, etc from any computer on campus.
  • IR is encouraging everyone to delete any personally identifiable information (PII) from their computers.  A tool called Identity Finder will be rolled out soon that will try to locate what it thinks is PII on your desktop and then give you the option to delete or encrypt it.
  • Remote desktop assistance will be available soon – this will allow IR staff members to remotely connect to your system, making repairs faster and making the TSC more efficient.
  • The University is heading towards a virtual desktop environment (where all data is stored on Royal Drive and access to your “desktop” is via a thin client on a terminal).  IR already has the thin client and will be testing it later this month.  The current plan is to set up a prototype lab in January to be tested by users in Spring 2011.

Comments : 4 Comments »
Tags: , , , , , , ,
Categories : Announcements, Network and Infrastructure, Security, Upgrades

Computer control

21 06 2010

Last week Brian Croxall from Clemson University wrote a post for ProfHacker about faculty needing to have control over their own computer resources.  An excerpt:

Now I have nothing against IT Staff. In my interactions with them at the two schools where I’ve taught, they have been helpful and friendly. But relying on another person to adjust the tools that I need for my research is never efficient, and it suggests that researchers or teachers are not in a position to judge what is best for them. (I’ve been told, for instance, that I could not install specialized software we were using in class on a classroom’s podium computer because it would deviate from the standard software set.) If the computer is the equivalent of laboratory equipment–and for many in the humanities, it is the only “laboratory equipment” we have–then we should have control over its use.

Any thoughts? Is this an issue for you on our campus? Post to the comments.


Comments : Leave a Comment »
Tags: ,
Categories : Announcements, Security