Laptop Update Policy

1.0 Purpose
The purpose of this policy is to define the managed and unmanaged configurations of laptops owned by the Broad College.

2.0 Scope
This policy applies only to laptops owned by the Business College. Exceptions may apply.

3.0 Policy

3.1 Ownership and Responsibilities
The Network Resource Center is responsible for overseeing the implementation of this policy. Responsibility for faculty, staff, and students should be limited to understanding the policy itself.

3.2 General Configuration Guidelines

3.2.1 Domain Membership
Laptops which are the primary office computer of the owner shall be joined to the Business Domain, and will therefore be managed per the “Managed Configuration” section below.

Laptops which are intended to be a shared resource, primarily among customers with Business College login accounts, will also be managed per the “Managed Configuration” section below. This includes departmental and NRC operated checkout units.

Laptops which are not primary office computers and which are used by only one individual may not be joined to the Business Domain. These units will comply with the “Unmanaged Configuration” section below.

3.2.2 Managed Configuration
The following configuration guidelines will be applied to laptops joined to the Business Domain:

• Username and Password: Managed computers must be logged into with a Business login ID. Managed computers must be logged onto with a given Business login ID before it is taken outside of the Business College Complex for that given ID to work outside of the building.
• Windows Update: Windows Update will be forcibly configured to download updates as they become available throughout the day, and install them autonomously at 3:00 AM on the second Tuesday of every month. If the 3:00 AM time has been missed, the installation will begin 5 minutes after the unit is available to install updates. If a reboot is required once the installation is complete, the user will be prompted to do so.
• Antivirus Software: Antivirus software will be forcibly controlled by Business College antivirus resources, and will receive updates as soon as they become available.

3.2.3 Unmanaged Configuration

• Username and Password: Business login IDs will not be used to login to an unmanaged laptop, and instead a local username and password will be used. This account can not be synchronized with a Business login ID.
• Windows Update: Windows Update will be configured for Automatic Updates in the same manner as managed computers, but the settings are not forcibly controlled.
• Antivirus Software: The NRC will configure antivirus software to automatically check for, and install, updates every day at 8:00PM.

4.0 Enforcement
Any configuration found to be in conflict with this policy will be corrected autonomously by NRC staff. The NRC does reserve the right to run robotic scans against managed computers to verify this configuration.

5.0 Definitions

Term	Definition
Business Domain	A collection of microcomputer systems configured as a Windows Active Directory Domain. Components include login account management and configuration policy implementation.
Windows Update	A utility from Microsoft that dynamically checks for critical updates to its operating system and other components.
Managed Configuration	Computer configuration autonomously controlled by other computer systems at the direction of administration staff.
Unmanaged Configuration	Computer configuration not autonomously controlled by other computer systems.