Still have questions?
If you don’t see your question in this list, please contact:
Joelle Chavre - Director of Client Services, Technology Services
Linc Nesheim - Information Security Officer, Technology Services
How is this done?
Keeping computers automatically updated with system, security, and other updates is a hassle; fortunately, there is software that can help to ease this burden. For Windows computers, we use a product called Microsoft System Center Configuration Manager (SCCM). For Macs, we use a product from JAMF Software called JAMF Pro.
Here’s how it works: a small software application is installed on your computer. It runs in the background, and most of the time you won’t even know it’s there.* WCTS will gather software updates from places like Microsoft, Apple, and Adobe, and will then communicate with the software application on your computer to send you the updates. In this fashion, Whitman-- not software manufactures-- remains in control of which updates get installed and when.
Why is it important?
Unpatched operating systems and “third party” software are significantly more vulnerable to exploitation by viruses and malware than fully updated software. SCCM and JAMF Pro will allow us to push out system and select application updates with little or no disruption to you. To note, if a severe vulnerability is found, WCTS "may" need to patch systems or software without prior notice or outside a regular maintenance window.
Does this mean that when software updates happen, my computer will suddenly restart?
No, restarts based on software updates will not happen suddenly on your computer. We know that some software updates require restarts, and SCCM and JAMF Pro allow us to customize how to negotiate this need.
- Windows computers will typically apply all software updates between 10:00 pm and 5:00 am.
- Please save your work and leave your computer on during week days and nights to allow the updates to happen during scheduled maintenance times. You can put your computer in 'Lock' mode before leaving.
- If a restart cannot happen during the regularly scheduled maintenance time, then you will see a pop-up notice that a restart is needed to apply necessary updates. In Windows 10, you can choose to apply the update immediately, or schedule when the reboot will occur within this pop-up notification.
- Apple computers receive updates as they are released typically without interruption, however those system updates that require a reboot will notify with a pop-up window and the option to defer the installation of the update(s) for 12 or 24 hours via dropdown field.
- If you defer, and then later want to apply the update without waiting for a second notice, feel free to go to the Apple Menu and select App Store, look for pending Updates, and manually apply the updates at your convenience. See instructions here.
IMPORTANT: Always save your work before clicking on the Install Now or Restart buttons in these pop-up windows
We recognize that the maintenance window we’ve set may not meet everyone’s needs. We are making every attempt to configure the systems so that they are as compatible with the workflows of both staff and faculty as possible. Please contact Joelle Chavre if you have special circumstances.
What specific software will be updated by WCTS?
As of May 2019
(Note: updates only apply to software already existing on your system. If you do not have an application listed below, they will not be added without request.)
- Windows core system updates (e.g. security updates, Edge/Internet Explorer, etc.)
- Mozilla Firefox
- Google Chrome
- Adobe Acrobat Reader
- Microsoft Office
- Apple iTunes
- Keepass v2x
- Notepad ++
- Google File Stream
- OS X core system updates (e.g. security updates, Safari, iTunes, etc.)
- Mozilla Firefox
- Adobe Flash
- Adobe Acrobat Reader
- Google Chrome
- Microsoft Office suite
We will be progressively adding more software to this list as needed.
What can WCTS see on my computer? I have privacy concerns.
WCTS cannot see specific content on your computer. SCCM and Jamf are utilized to manage the configuration of your computer and provide basic software and hardware inventory. This configuration management is not content-aware beyond how certain hardware and software can impact the security of the device. SCCM and JAMF Pro are intended to assist us in the support and security of computers by making sure that managed software is patched and up to date and to ensure that computers on campus are compliant with applicable laws (e.g. FERPA, HIPPA, etc.) that protect student and employee information.
Will WCTS be able to see all the software applications installed on my computer?
SCCM and JAMF Pro can report on what software is installed on computers. This information will be used in aggregate for licensing information and individually for identifying unpatched software in need of security updates.
Will WCTS install new software or run apps without my consent?
No. While these tools technically have the capability to install and uninstall software remotely, we will use SCCM and JAMF Pro to update some existing software on your Whitman-owned computer, and to collect data pertaining to hardware and software installed on your computer (described above this question). Software can be deployed directly to your computer upon your request, and in some cases software may be available for self install through Software Center on PCs, or Self Service on Macintosh computers.
Do I need to leave my computer on?
Yes, we recommend leaving your computer powered on during weekdays, and shutting down over the weekends. It is also important to restart your computer as soon as possible when prompted for applying updates.
Does WCTS have auditing logs to show the actions or updates performed by these tools?
Yes. All actions and changes performed by endpoint management administrators are recorded and reviewed by independent staff for accountability.
Is there an opt-out procedure for faculty or staff?
No. Individuals may currently request that their computers be added to a "No-Update" group if it is determined that automatic updates may cause unexpected results to existing software or data processes. These individuals agree to manually install updates on a regular basis to ensure the safety and compliance of their computers on the network. WCTS will periodically scan these computers for unpatched vulnerabilities that may put the network at risk.
How does this software affect potential legal proceedings?
Having either SCCM or JAMF Pro clients on a computer does not affect actions taken when there is a legal subpoena requesting data. Whitman and WCTS must follow the requirements of such requests, the tool used is irrelevant.
Can these tools take data off my computer?
These Endpoint Management tools do not have built-in features that allow access to any data files on your computer, including email or web browsing history.
All employees and students of Whitman College are held to the requirements of the Acceptable Use Policy, which specifies individual responsibilities, conduct, and behavior that violates the policy. IT staff have no exceptions to this policy, and in fact have an even higher responsibility to maintain privacy and confidentiality because of their required access to network and computer systems.
See also "What can WCTS see on my computer? I have privacy concerns." above
Do these tools actually increase our security risk because it is a single point of vulnerability?
The Whitman network is constantly being probed from outside for vulnerabilities, and it is important that all computers have security updates installed. Unpatched systems are a major cause of data breaches commonly reported in the news and are easily preventable. One of the primary uses of endpoint management tools is to ensure security updates are applied to Whitman-owned computers in a timely fashion.
I understand these tools can copy data to and from my computer, edit or delete my documents, record video, audio, or monitor usage or me. Is this accurate?
No. These tools by themselves do not have built-in features to accomplish these tasks. It is possible that through the use of these tools a different piece of software could be installed that has these capabilities, however this would require explicit intent to do so. All actions or scripts performed on a computer are logged, including account used to access these tools.
Are there things I can do on my computer to add additional protections or notifications?
Yes. WCTS would be happy to work with you if you are interested in discussing additional layers of encryption or ways to enhance notification for changes happening on your computer.
Last Updated: May 22, 2019