How would one go about de-certifying in bulk. This is something that
we want to be able to do , we just had CCA installed and one of our
questions to the installer was how to log the users off in bulk at a
certain time.. He said that there was no mechanism to do that. So I'm most
curious how your doing this ...
ken ---
Ken Whittaker
Network Manager
Information Technology Group
Keene State College
229 Main St
Keene NH, 03435
Voice: 603.358.2537
Fax: 603.358.2780
E-Mail: [log in to unmask]
> From: "Flagg, Martin D." <[log in to unmask]>
> Reply-To: Perfigo SecureSmart and CleanMachines Discussion List
> <[log in to unmask]>
> Date: Wed, 27 Jul 2005 11:55:53 -0400
> To: <[log in to unmask]>
> Subject: Re: Clean Access Test Results
>
> We have thought about changing the heartbeat session timer set to 16-24
> hours so that users are not kicked if they turn off the computer
> overnight. We have a student environmental action group on campus that
> has successfully convinced students to turn their computers off when
> they are not being used. We are planning on de-certifying all machines
> at 4:00 am Monday morning, every week. Any comments or suggestions?
>
>
> Martin D. Flagg
> Network Engineer/Administrator
> Hiram College
> PH: 330-569-5376
> FAX: 330-569-5462
> email: [log in to unmask]
> -
> If you lend someone $20,
> and never see that person again,
> it was probably worth it.
>
>
>
>
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Homer Manila
> Sent: Wednesday, July 27, 2005 11:27 AM
> To: [log in to unmask]
> Subject: Re: Clean Access Test Results
>
> Oh, forgot to mention: We have the heartbeat session timer set to 2
> hours, which should force users to login again, if their machines have
> been off that long. Also, we are still deciding if we will force
> re-certification at some more frequent regular interval like 1-3 weeks
> at a time, to force scanning of machines running the agent that aren't
> being made to log-in as much. One of the timeouts is decertifying
> people, according to our graphs, wish I knew which one!
>
> Also in regards to dhcp lease times: if it still renews to the same ip,
> they still won't be forced to log in. So, disregard what I said earlier
> :)
>
> --Homer Manila
> Network Security Administrator
> Office of Information Technology
> American University
>
> Homer Manila wrote:
>> Changing network/internet access from having no requirements to CA can
>
>> be frustrating to the students. Telling them that implementing it will
>
>> make their machine more secure and the network happy sometimes isn't
>> enough. It helped that we had numbers to back up our decision to
>> implement CA: Last year alone, we had over 1200 virus tickets that
>> resulted in a loss of over $100k in man-hours and downtime. Those are
>
>> good numbers to give budget/funding too, if you have it.
>>
>> I would also suggest increasing your temporary access time to at least
>
>> 2 hours, which is what we did, to facilitate some of the longer
>> downloads(sp2). Increasing your session timeout might be a good thing
>> too; we actually don't have a timeout set for our users. Since CA
>> will make you log in after the mac-address to ip-address combo is
>> void(dhcp lease time has expired and the user receives a new ip, user
>> moves to another subnet, etc), it will make the user sign-on again. If
>
>> your dhcp lease times are set higher, the user will keep their ip
>> address longer, and have to sign-on less. Plus, we plan on forcing
>> re-certification after every year or semester is over.
>>
>> --Homer Manila
>> Network Security Administrator
>> Office of Information Technology
>> American University
>>
>>
>> Sean Ward wrote:
>>
>>> We (Bowling Green State University) recently performed a very small
>>> test of Clean Access/Perfigo in a residence hall where we have about
>>> 20 students living because of conferences and the like. Of the 20,
>>> about 14 had computers that connected, of which 10 filled out a
>>> survey on our website.
>>>
>>> Included below are the responses we received. For those of you who
>>> have been testing or have finished testing Clean Access, what type of
>
>>> response did you get from the students? Were they similar to ours?
>>> In what ways did you convince those in charge of the budget/funding
>>> that it was worth the cost?
>>>
>>> In an occurrence that could only be defined as "awesome", the
>>> instructions document is corrupted, so I cannot attach, include, or
>>> link to it until I take time to recreate it.
>>>
>>> Any and all responses would be appreciated.
>>>
>>> Thanks,
>>> Sean
>>>
>>> Did you have any issues with the documentation? If so, what were
> they?
>>>
>>> * When trying to download clean access it kept comping up with a
>>> message that said you must open excutiable file something,
>>> something, something?? and I had no clue what it was talking
>>> about, so I played around and finally figured it out. That was
>>> confusing at first and somewhat frustrating
>>> * I guess my default settings were making it difficult to
> configure
>>> the software
>>> * Some of the windows that popped up, such as the temporary
>>> connection to the network, were not in the manual so I had to
>>> click on what I thought was right.
>>> * I tried to get it to loadfor 3 hours with no luck. Finally RCC
> had
>>> to come and install a new web browser. Now it works just fine.
>>> * The documentation was fine.
>>> * I had no problem installing the software and getting back on the
>>> network. The instructions were thorough and I appreciated the
>>> screen shots that were included.
>>> * It made me update fifty million times when I first got on.
>>>
>>> Have you had any issues connecting to the network or Internet since
>>> having the software installed? If so, how many times did this happen,
>
>>> what type of issues were you having, and what were you doing at the
> time:
>>>
>>> * Every so many days it would kick me off the network and I'd have
>>> to restart my computer to be able to connect to the internet.
> This
>>> is very frustrating and annoying, especially since it happened
>>> again this morning telling me I had to download the new version.
> I
>>> thought this test was over??
>>> * Every time I attempt to connnect to the internet I am stopped
>>> because Norton Antivirus is blocking the Clean Access site
> becuase
>>> it is unknown. If you already have anti-virus software it makes
>>> this process extremely difficult, and you have to disable the
>>> previous software in order to run the new software, and I have
>>> paid a large amount of money to have my computer protected by my
>>> other services.
>>> * I had had a problem once. Everytime I tried to connect it would
> go
>>> to the main screen and then my mouse cursor would start going
>>> crazy....clicking very fast all on its own. No website would
> even
>>> appear. It would continue doing the same thing even after I
> tried
>>> restarting my computer several times. I decided to leave alone
> for
>>> the next and the next day...everything was fine and I was able
> to
>>> complete the process without any problems.
>>> * At first, I only had a temporary connection for 20 minutes.
> During
>>> that 20 minutes, I had to download a bunch of different things
> but
>>> after 20 minutes, I would have to stop because I was no longer
>>> connected. It took 9 hours just to get everything set up. Once I
>>> did, my entire computer was running extremely slow. Every three
>>> days I had to redo everything and that was a big inconvenience.
>>> * It's working well.
>>> * why do i have to re-login every few days....that kicks me off
>>> IM...I don't like it!
>>> * McAfee really slowed down my computer. I took Norton off of my
> PC
>>> and it runs just fine now.
>>> * I am very frustrated that I have been randomly kicked off line
>>> (while I've been using the internet and instant messenger) only
> to
>>> reaccept the clean access agent agreement and return to my work.
> I
>>> knew that this was going to happen (since it was stated on the
>>> instruction sheet-thanks for that info!), but I find this
>>> frustrating and unnecessary. I'd really rather not have the
>>> program on my computer. Plus, I don't know what it does and why
> I
>>> need it, other than I can't get on the internet and it's suppose
>>> to help prevent viruses. I had to work when Sean came to our
>>> meeting, and I read what was given to me but I still don't
>>> completely understand the need.
>>> * No problems after setup
>>>
>>> What could BGSU have done to make this test easier?
>>>
>>> *
>>>
>>> I guess there really isn't anything to make it easier. It's just
>>> going to be frustrating to you, if you impliment it to the whole
>>> campus, because you will be getting a lot of calls.
>>>
>>> * It would have been nice if we were asked to volunteer to do this
>>> instead of having no say.
>>> * I think it woudl be easier for the RCC staff to come configure
> the
>>> software on students' computers themselves
>>> * I wish that we would have had advanced notice that this was
> going
>>> to happen.
>>> * Had people working later to help with the set up because I
> didn't
>>> have internet for almost 2 days.
>>> * Tell people it takes a while to load.
>>> * The test itself is fine. The instructions were complete and I
> was
>>> informed that I would be kicked off the network every 3 days or
>>> so. However the fact that the system does boots me off the
> network
>>> randomly every few days is very inconvenient, especially since
>>> I've been working while it has happened.
>>> * Made the setup easier. You should only have to update once.
>>>
>>> Is there anything else you wish to add that was not mentioned?
>>>
>>> * Once I finally was able to download the Clean Access software,
> it
>>> told me that my login name was unknown and would not let me
> proceed.
>>> * After making my complaint via email and phone, RCC was able to
> fix
>>> everything on my computer so that it runs even better before.
>>> * The test itself is fine. The instructions were complete and I
> was
>>> informed that I would be kicked off the network every 3 days or
>>> so. However the fact that the system does boots me off the
> network
>>> randomly every few days is very inconvenient, especially since
>>> I've been working while it has happened.
>>> * It's annoying to have to update every three days. Once a week
>>> would be better.
>>>
>>>
>>
|