Over the past several months, DSS has been implementing some significant changes to the Library's desktop computing environment. These changes will provide improved computing security and allow us to better manage and support Library computers. These changes have already been implemented on Windows computers that were part of the 2008 replacement cycle. We are now working on reconfiguring the remaining Windows computers and anticipate completing the process by May 1. We will begin a similar reconfiguration for Macs when we have finished all Windows computers.
Below is more information on the specific changes we are making to Library computers.
In the past, most staff logged in to Library computers with administrative credentials. This has exposed the University, the Library computing environment, users, and patrons to significant risk. If you look at major threats to computer security, one key area of concern is programs installed on computers either knowingly or unknowingly by users who are logged on as administrators. These unwanted programs (viruses, worms, spyware, and other potentially unwanted software) are able to install themselves only because the user is logged on as an administrator. When logged on with administrative privileges, there is a substantial risk of modifications being made that may result in unwanted access to personal and private data of staff and patrons. To protect against these threats, we are transitioning staff to use of non-administrative accounts which do not allow users to install software. Desktop Support Services (DSS) will be charged with installing software as needed. DSS has several ways of installing software for staff and we can also set up secure “virtual machines” for users who need to install software for testing purposes. In addition to greatly increased security, this will help to make sure that the Library is in compliance with all software licensing. For further information on running as a non-administrator, please see the following document from the University of Michigan’s Information Technology Security Services group: http://safecomputing.umich.edu/events/download/RunAsUser_sumit_05.pdf.
We will be moving from Novell Netware to Windows Active Directory as our network operating system for Macintosh and Windows computers. Windows Active Directory provides the following services for Macintosh and Windows computers: user and group accounts, access to files and directories, printing services, and tools for the management of desktop machines. This change will greatly enhance our ability to manage Library computers and keep us current with the other units on campus who have already or will be soon making the same transition.
One of the most technically challenging aspects of this transition will be migrating our current Novell file structure (User, Group, Share space, etc.) to Windows Active Directory. As we move staff, we have them synchronize their Novell password with their Active Directory password so when we have successfully transitioned all users to the new system we can move all of the files forward with the least amount of disruption to staff as possible.
We are moving to Office 2007 for Windows and Office 2008 for Macs. These versions are considerably different in look and feel from earlier Office versions, so we have documentation available and are continuing to provide training for staff to make the transition. Staff whose computers have not been updated are encouraged to move to the new Office products at their convenience, but they will be required to move once their computer is upgraded.