Desktop Security Procedure

1.0 Overview

This procedure outlines the details of how to secure the desktop environment in accordance with the requirements set forth in the OIT Desktop Security Policy.

2.0 Purpose

This procedure is designed to provide the details necessary to ensure a desktop is compliant with the requirements set forth in the OIT Desktop Security Policy.

3.0 Scope

This policy impacts any individual who has a device attached to Clarkson’s computer network and who deals with University owned computer data.

4.0 Policy

Whenever a new desktop computer is setup, the following guidelines shall be followed.

a.     Firewalls
All modern Windows hosts include a software firewall.  This software firewall should be enabled and, in most cases, configured with no exceptions.

b.     Patch Management

Windows systems should be kept up-to-date using the Clarkson WSUS package, which is available on the W-drive.

c.     Anti-Virus Software

The most-recent version of the Clarkson supported anti-virus will be available for install via the web at

d.     Account Management

The NTLMv2 password hash setting will be pushed to AD joined computers using a group policy object (GPO).  Non-domain joined systems should be configured according to the instructions

e.     Network Registration

Technicians may temporarily register a system in their name for the purpose of completing its setup, however this temporary registration must be removed from NetReg prior to the system being delivered to the customer.  It is important that the customer process the registration themselves, to ensure that the system is associated with their user account and to ensure that the user has agreed to the Acceptable Use Policy.

f.     System Rebuild

Systems that are discovered to have a virus require that the Security Engineer and the Director of Network Services be immediately notified.  The notification to the Security Engineer should occur via both phone and email.  The Director of Network Services shall be contacted by email only.  In the event that neither of these staff members are available, the Manager of Network Operations shall also be contacted.

Once this contact has occurred, the Security Engineer, Director of Network Service and Manager of Network Operations will gather to discuss the proper course of action required to remediate the infected machine.  This course of action will always include the creation of a rebuild ticket for the appropriate satellite support staff member.  It may include a conversation with the satellite support staff requesting immediate removal of the system from the network, allocation of a loaner PC, etc.

5.0 Enforcement

Failure to follow the steps outlined in this procedure will result in the offender(s) being subject to disciplinary action up to and including dismissal.

6.0 Definitions

A network device is defined as any device attaching to the network (ie. PC, game console, server, etc.).

7.0 Revision History

Draft Policy v0.1 – 09 May 2009 – jfiske

Approved Policy v1.0 – 4 November 2013 – jfiske