Versions Compared

Version Old Version 8 New Version 9
Changes made by

Former user

Timothy Pinkham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel2
minLevel0

 

...

Macintosh

 

...

Security and Privacy

  • Removed access to the "Security and Privacy" System Preferences pane.
    • FileVault Settings
    • Firewall Settings
    • Privacy and Location tracking settings
    • Apple Gatekeeper settings
  • Enforce ask for password immediately after screensaver or sleep. 
  • Enforce screensaver enabled after 15 minutes of inactivity. 

...

  • Removed access to the "Parental Controls" System Preference pane.
    • Unable to create child user and enforce policies.
  • Removed access to the "Profiles" System Preference pane. 
    • Unable to add or remove configuration profiles, including the Biola profile, which enforces all these restrictions.

 

...

Startup Disk

  • Removed access to the "Startup Disk" System Preference pane.
    • Unable to boot to flash drive, network drive, or target disk mode. 
  • Enabled EFI Firmware password
    • Requires password to boot using keyboard commands, such as "Option Boot."

...

  • Users are required to enter username and password to login to the computer - automatic login disabled. 
  • Biola University contact information added to the login screen.

 

...

Disk Encryption

  • FileVault 2 Disk Encryption is enabled on the boot drive of the computer.
    • On computer restart, users will be presented with the FileVault 2 login screen. 
    • Only "enabled" users will be allowed to login to the computer.
      • Active Directory groups are not supported by FileVault 2. 
  • Password changes
    • When a user changes their NetID password (via login.biola.edu, for example), the password is scripted to sync with the computer, so on next boot the will enter their new password. 
      • Users will have to update their keychain password after login by entering their old password. 
    • If a user can't login using their new password, the user should login with the old password while connected via ethernet cable. This will get the user past the FileVault 2 screen, but not the OS login screen. The user will then need to login using the new password at the OS login screen. This will then force a sync. 
  • Helpdesk Support
    • When a user needs help from the Helpdesk, a Helpdesk technician will first need to enable the IT Helpdesk user account to get past the FileVault 2 login screen.

 

...

Windows

 

...

BitLocker Disk Encryption

...

  • BitLocker Disk Encryption is enabled on the boot drive of the computer.
    • The user experience will be seamless as BitLocker directly integrates with Active Directory.
    • Any user that is "allowed" to log-in to the computer can "unlock" the computer.
    • Password change procedure has not changed.
  • Helpdesk Support
    • Helpdesk technicians will continue to use their admin_NetID accounts to service computers.

 

...

BIOS Restrictions

 

  • Bios Admin password has been set. (Never to be given to the end user)
  • Users will only be able to boot to the local HDD/SSD. 
    • PXE and Alternative media boot will need the BIOS Admin password.

 

 

...

Screen Saver and Lock Screen

...