Home > Non-Windows Management
Non-Windows Management
After a thorough RFP process, OIT has selected Quest Authentication Services (QAS) to extend Active Directory functionality to non-Windows computing environments. QAS's features include:
- Single-sign on access of AD-attached resources with existing University identities.
- Cached logons for off-campus access.
- Group policy settings managed via existing management tools.
- Unit-managed workstation logon restrictions.
- Profile migration tools for existing local accounts.
- Support for a variety of operating systems.
This service may be used by any unit leveraging OIT's Active Directory service.
Licensing
OIT has purchased an initial number of licenses based on expected growth and will purchase additional licensing as appropriate. To participate, please follow the instructions on the sign-up form.
Implemented Operating Systems
Other operating systems will be added as interest is expressed. A complete list is available from Quest Software. Contact umnad@umn.edu, if your unit is interested in partnering to add support for another operating system.
Guidance and Best Practices
The Computer Management group and OIT have partnered to develop guidance and best practices for migration and management of non-Windows operating systems. Published guides can be found on the Computer Management Group Google Site
University Policy Compliance
OIT Active Directory strives to meet all University's Basic and Enhanced Security Policies. Where appropriate, these settings are configured as required or default; a small subset must be addressed at the unit or individual level and are left unconfigured.
Basic Security Policy - Mac OS X
Reference
Passwords or passphrases must be used |
Required |
Passwords must be at least 8 characters |
Required |
Passwords must be changed periodically |
Required |
Passwrods must contain 3 character types (lower case, upper case, numbers, special characters) |
Required |
User passwords must not be shared |
Individual User Responsibility |
A password is required upon resuming from inactive state |
Required |
Screen saver must activate within 30 minutes |
Unit Responsibility |
Desktop/laptop computers must be logged off during non-work hours |
Unavailable |
Administrative level account provided when required |
Unit Responsibility |
Separate standard user level account used for daily tasks |
Unit Responsibility |
A software firewall must be enabled |
Unavailable |
Anti-virus protection must be present |
Unit Responsibility |
Automatic Updates must be enabled |
Unavailable |
Enhanced Security Policy - Mac OS X
Reference
Disabled account auto-login |
Default |
Display account login with name and password |
Default |
Turn off IPv6 transition mechanisms |
Unavailable |
Turn on FileVault protection |
Unavailable |
Master FileVault password is set |
Unavailable |
Require password to wake computer |
Required |
Disable automatic login |
Default |
Require password to unlock secure system preferences |
Unavailable |
|
|
|
 |
|
