The following applies to any computing device (laptops, desktops, tablets) purchased with university funds (or virtual machines operating within a university datacenter) whether assigned to an individual user or group.
Technology Services Managed Devices:
Our default configuration (and strong recommendation) is to join Windows computers to the Active Directory domain. This setup provides several baseline configurations for usability, security, and data integrity. We offer full support for these devices and can quickly restore a device to a usable state in case of an incident.
Technology Services Managed Devices have the following benefits:
- NetID login (IT-controlled user access management, device/account password syncing)
- Builtin VPN connection to campus network (for Windows/MacOS workstations)
- Automatic data backup (OneDrive, H drive) when using the standard user directories (Documents, Desktop)
- Software deployment, configuration, and licensing
- Security (disk encryption and key backup, automatic security updates, firewall configuration, virus and malware protection)
- Admin rights can be provided as needed with a "managed" local admin account - more information about this type of account
Additional information on using a Technology Services Managed Device.
Self-managed (off-domain) Devices:
For Windows devices, a user may request to "self-manage" their device, meaning that the device will be exempt from all SU domain management policies. In these instances, the user assumes primary administrative responsibility for the computer. In the event of any loss of access to the system, Technology Services may be unable to assist you with data or operating system recovery. We will provide assistance on a "best-effort" basis, but we make no guarantee that the system can be restored to a user-configured state. Our only obligation will be to return the system to the "base configuration" as defined in the first bullet point in the terms below.
Technology Services will ask for a written agreement to the following terms when opting to self-manage a device:
- Technology Services will install and configure the operating system with access for the primary user (one standard user account and an administrator-level account) which is defined as the "base configuration"
Technology Services will install any licensed software applications requested by the user during setup. NOTE: Some university software cannot be installed on an off-domain device, such as those that require connection to a license server (MATLAB, SPSS, Tableau)
- The user is solely responsible for their data backup/retrieval on self-managed systems as well as the management of applications not licensed by the university
- The user is solely responsible for maintaining the encryption on the local drives (drive encryption is required by SU ITS policy)
- Any security incidents, such as malware/virus infection, or other signs of compromise, will result in a non-negotiable wipe and restore of the system back to the base configuration
- If on the campus wired network, the device will be registered on a private, internal network which cannot be reached from external, non-SU networks
- The user must not reuse their NetID password for any local user on the system
- The primary user account should not run with full Administrator-level access on the system
- You may not access or store any "confidential" data on the system, as defined in the university's data classification.
- SU's VPN connection isn't available—connect to campus via RDS if necessary to reach other SU resources.