Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 5 Next »

 

Introduction

During the Summer 2015 Computer Refresh, the IT Department is changing several configuration settings on Biola's computers.

This page explains the changes, and what Biola employees need to know about how the changes will affect their computing experience.

  • Mac
  • Windows PC

 

Security and Privacy

  • Removed access to the "Security and Privacy" System Preferences pane.
    • FileVault Settings
    • Firewall Settings
    • Privacy and Location tracking settings
    • Apple Gatekeeper settings
  • Enforce ask for password immediately after screensaver or sleep. 
  • Enforce screensaver enabled after 15 minutes of inactivity. 

Users and Groups

  • Removed access to the "Users and Groups" System Preference pane. 
    • Unable to set add or remove users.
    • Unable to remove Active Directory Binding.
    • Unable to change login screen settings. 
    • Unable to change user login items. 

Sharing

  • Removed access to the "Sharing" System Preference pane.
    • Unable to change SSL, Remote Management, and Screen Sharing settings, etc. 
    • Unable to change computer name. 

Parental Controls and Profiles

  • Removed access to the "Parental Controls" System Preference pane.
    • Unable to create child user and enforce policies.
  • Removed access to the "Profiles" System Preference pane. 
    • Unable to add or remove configuration profiles, including the Biola profile, which enforces all these restrictions. 

Startup Disk

  • Removed access to the "Startup Disk" System Preference pane.
    • Unable to boot to flash drive, network drive, or target disk mode. 
  • Enabled EFI Firmware password
    • Requires password to boot using keyboard commands, such as "Option Boot."

Login Window

  • Users are required to enter username and password to login to the computer - automatic login disabled. 
  • Biola University contact information added to the login screen. 

Disk Encryption

  • FileVault 2 Disk Encryption is enabled on the boot drive of the computer.
    • On computer restart, users will be presented with the FileVault 2 login screen. 
    • Only "enabled" users will be allowed to login to the computer.
      • Active Directory groups are not supported by FileVault 2. 
  • Password changes
    • When a user changes their NetID password (via login.biola.edu, for example), the password is scripted to sync with the computer, so on next boot the will enter their new password. 
      • Users will have to update their keychain password after login by entering their old password. 
    • If the new password doesn't work for some reason (indicating the scripted sync didn't work), users should login while plugged-in vie ethernet cable. Logging in with the old password will then get the user past the FileVault 2 login screen, but will not get past the OS login screen as it normally does. The user will then need to login again, using the new password. This will then force a sync. 
  • Helpdesk Support
    • When a user needs help from the Helpdesk, a Helpdesk technician will first need to enable the IT Helpdesk user account to get past the FileVault 2 login screen.
  • No labels