About Pepperdine Device Management

The latest developments in device management at Pepperdine, along with relevant informational links and our patch log.

Thursday, February 14, 2019

Mac OS Auto-Update Enabled

Device Management enhances the security of our environment by keeping your computer up-to-date. Not only is it important to keep our installed programs on their latest versions, but also the operating system (OS) of your computer, whether it be Windows or Mac. In order to ensure timely application and OS updates for Mac computers, Device Management will be enabling the built-in auto-update settings within the Mac App Store. You are highly encouraged to reboot when prompted by your Mac to do so, which looks like this:

Periodic reboots are advised for every personal computer. Make sure to take a break and keep your computer up-to-date by proceeding with a reboot when prompted by your OS or the Device Management agent.

Monday, January 7, 2019

Why Is Device Management Needed?

The Computer and Network Responsible Use Policy requires all computers connected to our network to be maintained up-to-date with security patches and to follow published IT Standards. For UNIVERSITY OWNED assets the IT Standard is to use Device Management and WSUS to comply with the policy via automated updates. Twenty years of Pepperdine history has proven that the only way to provide consistently up-to-date computers is automation; all other methods have failed miserably, leaving the University with significant risk.

Why Don't I Already Have Device Management?

The two most common reasons are the computer was bought on a PCard and not delivered to a technician to set up or that the technician forgot this step in the job procedures. We apologize for the extra trouble associated with this notice, but the two options above should get this sorted out timely.

The University Does Not Own This Computer!

Some people have reported to IT technicians that they knowingly marked their computers as University Owned because they thought that status gives them greater benefits. Of course, some people may do this in error. Without distinguishing between causes, if your computer is really a personal purchase, contact the information security office x4040 while sitting in front of your computer. ISO will work with you to change the registration. This service is only available by phone conversation with the registered user of the computer. Conversely IT technicians will not work with you to register a University owned computer as personally owned for the purpose of evading automated updates because this would put them in violation of their annually signed code of conduct. Maintaining your personally owned device free of security vulnerabilities is your responsibility and damage caused by exploited insecurities on your personal device is your liability. IT does not manage personally owned devices. For more information and a resource to maintain security of your personally owned device try browsercheck.pepperdine.edu.

If Your Computer Is Blocked:

As noted in the email you received, University owned computers without Device Management are blocked after 10 days. Please contact the IT Service Desk x4357 to schedule an appointment on the next available time slot to install your Device Management agent and get the computer unblocked by the end of the next business day.

Thursday, August 16, 2018

Device Management Agent Roundup - Macs

All University owned computers are required to have the Device Management agent, in order to make them compliant with the Computer and Network Responsible Use Policy. Specifically, this agent updates 3rd party plug-ins and web browser software which were proving proving both impossible to maintain up-to-date and simultaneously a reliable way for cyber criminals to take over Pepperdine computers.

Macintosh computers are not managed by the Windows domain, so the agent cannot be installed automatically. Macs are often bought by University PCard and set up by the assigned user, rather than by a technician, or technician's forget to install the agent.

Beginning in February 2018 the DM team worked to create service desk tickets to help get the agent installed on University purchased assets that didn't have it. As of August 16, 2018 95 Macs still don't have the agent.

To avoid a return to regular exploitation of University computers by cyber criminals, today the Information Security Office contacted all our colleagues who registered a Mac computer that does not have Device Management to ask them to install the agent.
The message requesting this action is personalized with the registrant's first name, NetworkID, the name of the specific computer and its ethernet address. If you received an email like this from ISO dated 8/16/18 at 3:47-49 pm, please follow the instructions in the message. If you would like further confirmation or assistance, please contact the IT service desk. (Second Notice to be sent 9/12/18).

Note that NO ONE from University IT will ever ask you for your password nor can they send you a SecureConnect/DUO push or token. If someone calls or emails requesting your password ( or sends a push or a token you did not generate ) hang up and call the Information Security Office.

Wednesday, October 18, 2017

Software Sunset: Office 2011 for Mac

The Microsoft Office suite of programs (Word, Excel, PowerPoint, etc.) is used every day by the university community. Microsoft has announced that the suite of programs included in Office 2011 for Mac has reached "end-of-life." To ensure the security of our network, Office 2011 for Mac will be automatically removed from university-owned devices.

Currently, the most up-to-date version is Office 2016 (available for both Mac and Windows computers). Any computer on which 2011 is removed will have this latest-and-greatest Office suite installed automatically. There will be no lag-time between the two versions: As soon as Office 2011 is uninstalled, Office 2016 will be available in a Mac's "Applications" directory.

Wednesday, October 11, 2017

Mandatory Acrobat Pro 11 => Acrobat Pro 2017 Upgrade

What's Happening with Acrobat XI (Acrobat Pro 11)?
The University licensed Adobe Acrobat software will be upgraded for all University owned computers soon! Starting 10/12/17, Pepperdine’s Information Technology division will be replacing your older Adobe Acrobat Pro XI software with the latest desktop version, Adobe Acrobat 2017.  The previous version has reached the end of support, so we are automatically upgrading Acrobat for the latest features and security updates.

What's new?

Adobe Acrobat 2017 does everything that the previous
version did, with a few extra features:
  • View multiple PDFs through a tabbed interface
  • Quickly "compare" the differences between two documents
  • Add bulleted lists when editing text directly in Acrobat
  • Learn more about the new features in Adobe Acrobat 2017.

Assistance with the upgrade is available from the IT Service Desk 310-506-4357.

What do I need to do?

Each person should close and save all PDF documents and exit Acrobat Pro and Reader, before accepting the install dialog presented by the Device Management system.

Wednesday, June 7, 2017

Update your pre-Yosemite Mac & HP MicTray.exe

Update your pre-Yosemite Macs. Macs, like all Apple products, need updates, too. Apple only updates the latest 3 operating systems and that generally means no security patches for older operating systems. If your operating system is MacOS X 10.9 (Mavericks) or older it is no longer receiving updates. If you have a University-owned Mac that has one of the older operating systems you should be seeing pop-ups from the service desk telling you to contact the help desk for assistance. Please do so before July 1 to avoid having your computer blocked from the network.

New HP Laptops came with a keystroke logger. A keystroke logger records every key you press. This was a debug feature put in during the development of the new Connexant audio driver for these machines, but its still recording every keystroke to the MicTray.log file in /Users/Public. There is a fix coming from HP and Microsoft but for this week at least, Device Management is continually deleting the keystroke log file and the programs that generate it. Deleting the MicTray programs interferes with keyboard control of your microphone so use the mouse for volume, on/off in the meantime.

Friday, July 29, 2016

Device Management patches Chrome

Device management is like the guy with the broom at the end of the parade - it will clean up specific out-of-date software on your computer, if someone else doesn't (e.g. you or auto update).

Device management does deploy updates to Chrome. This is intended, but not working reliably at the moment. When it works, it will happen irrespective of any 'dont update' setting done by a user or administrator.

Currently, the frequency of Chrome updates is causing older updates to be deactivated, usually, but not always before they can be applied. Our conservative and sequential "test hardy group1, then test diverse group2, then patch everyone" (Dogfood, Canary, Pandemic) patch cycle, often means no update can be applied, because a new one is available deactivating the old one before it makes it through the test cycle.

Fixing this problem is even harder than understanding my paragraph above, but the Device Management Core Team is working on it. Meanwhile, if you or your administrator has put your Chrome into "don't auto update" mode - stop that! :)

Device Management is merrily patching other software. Check back Aug 15 for our July statistics.