You can remove their certification in bulk at a specified time/interval,
thus causing them to recertify the *next* time they log in.
Another alternative: we require our users to certify at every login. As a
result, if we need anyone (or any group of someones) to recertify, we simply
kick them. Not something we'd do regularly, but in the event of an outbreak
or other "crisis" ....
-Bob Black
Miami University
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of ken whittaker
> Sent: Thursday, July 28, 2005 8:05 AM
> To: [log in to unmask]
> Subject: Re: Clean Access Test Results
>
> How would one go about de-certifying in bulk. This is
> something that
> we want to be able to do , we just had CCA installed and one of our
> questions to the installer was how to log the users off in bulk at a
> certain time.. He said that there was no mechanism to do
> that. So I'm most
> curious how your doing this ...
>
> ken ---
>
> Ken Whittaker
> Network Manager
> Information Technology Group
>
> Keene State College
> 229 Main St
> Keene NH, 03435
>
> Voice: 603.358.2537
> Fax: 603.358.2780
>
> E-Mail: [log in to unmask]
>
>
> > From: "Flagg, Martin D." <[log in to unmask]>
> > Reply-To: Perfigo SecureSmart and CleanMachines Discussion List
> > <[log in to unmask]>
> > Date: Wed, 27 Jul 2005 11:55:53 -0400
> > To: <[log in to unmask]>
> > Subject: Re: Clean Access Test Results
> >
> > We have thought about changing the heartbeat session timer
> set to 16-24
> > hours so that users are not kicked if they turn off the computer
> > overnight. We have a student environmental action group on
> campus that
> > has successfully convinced students to turn their computers off when
> > they are not being used. We are planning on de-certifying
> all machines
> > at 4:00 am Monday morning, every week. Any comments or suggestions?
> >
> >
> > Martin D. Flagg
> > Network Engineer/Administrator
> > Hiram College
> > PH: 330-569-5376
> > FAX: 330-569-5462
> > email: [log in to unmask]
> > -
> > If you lend someone $20,
> > and never see that person again,
> > it was probably worth it.
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Perfigo SecureSmart and CleanMachines Discussion List
> > [mailto:[log in to unmask]] On Behalf Of Homer Manila
> > Sent: Wednesday, July 27, 2005 11:27 AM
> > To: [log in to unmask]
> > Subject: Re: Clean Access Test Results
> >
> > Oh, forgot to mention: We have the heartbeat session timer set to 2
> > hours, which should force users to login again, if their
> machines have
> > been off that long. Also, we are still deciding if we will force
> > re-certification at some more frequent regular interval
> like 1-3 weeks
> > at a time, to force scanning of machines running the agent
> that aren't
> > being made to log-in as much. One of the timeouts is decertifying
> > people, according to our graphs, wish I knew which one!
> >
> > Also in regards to dhcp lease times: if it still renews to
> the same ip,
> > they still won't be forced to log in. So, disregard what I
> said earlier
> > :)
> >
> > --Homer Manila
> > Network Security Administrator
> > Office of Information Technology
> > American University
> >
> > Homer Manila wrote:
> >> Changing network/internet access from having no
> requirements to CA can
> >
> >> be frustrating to the students. Telling them that
> implementing it will
> >
> >> make their machine more secure and the network happy
> sometimes isn't
> >> enough. It helped that we had numbers to back up our decision to
> >> implement CA: Last year alone, we had over 1200 virus tickets that
> >> resulted in a loss of over $100k in man-hours and
> downtime. Those are
> >
> >> good numbers to give budget/funding too, if you have it.
> >>
> >> I would also suggest increasing your temporary access time
> to at least
> >
> >> 2 hours, which is what we did, to facilitate some of the longer
> >> downloads(sp2). Increasing your session timeout might be a
> good thing
> >> too; we actually don't have a timeout set for our users. Since CA
> >> will make you log in after the mac-address to ip-address combo is
> >> void(dhcp lease time has expired and the user receives a
> new ip, user
> >> moves to another subnet, etc), it will make the user
> sign-on again. If
> >
> >> your dhcp lease times are set higher, the user will keep their ip
> >> address longer, and have to sign-on less. Plus, we plan on forcing
> >> re-certification after every year or semester is over.
> >>
> >> --Homer Manila
> >> Network Security Administrator
> >> Office of Information Technology
> >> American University
> >>
> >>
> >> Sean Ward wrote:
> >>
> >>> We (Bowling Green State University) recently performed a
> very small
> >>> test of Clean Access/Perfigo in a residence hall where we
> have about
> >>> 20 students living because of conferences and the like.
> Of the 20,
> >>> about 14 had computers that connected, of which 10 filled out a
> >>> survey on our website.
> >>>
> >>> Included below are the responses we received. For those
> of you who
> >>> have been testing or have finished testing Clean Access,
> what type of
> >
> >>> response did you get from the students? Were they
> similar to ours?
> >>> In what ways did you convince those in charge of the
> budget/funding
> >>> that it was worth the cost?
> >>>
> >>> In an occurrence that could only be defined as "awesome", the
> >>> instructions document is corrupted, so I cannot attach,
> include, or
> >>> link to it until I take time to recreate it.
> >>>
> >>> Any and all responses would be appreciated.
> >>>
> >>> Thanks,
> >>> Sean
> >>>
> >>> Did you have any issues with the documentation? If so, what were
> > they?
> >>>
> >>> * When trying to download clean access it kept comping
> up with a
> >>> message that said you must open excutiable file something,
> >>> something, something?? and I had no clue what it was talking
> >>> about, so I played around and finally figured it
> out. That was
> >>> confusing at first and somewhat frustrating
> >>> * I guess my default settings were making it difficult to
> > configure
> >>> the software
> >>> * Some of the windows that popped up, such as the temporary
> >>> connection to the network, were not in the manual so I had to
> >>> click on what I thought was right.
> >>> * I tried to get it to loadfor 3 hours with no luck.
> Finally RCC
> > had
> >>> to come and install a new web browser. Now it works
> just fine.
> >>> * The documentation was fine.
> >>> * I had no problem installing the software and getting
> back on the
> >>> network. The instructions were thorough and I appreciated the
> >>> screen shots that were included.
> >>> * It made me update fifty million times when I first got on.
> >>>
> >>> Have you had any issues connecting to the network or
> Internet since
> >>> having the software installed? If so, how many times did
> this happen,
> >
> >>> what type of issues were you having, and what were you
> doing at the
> > time:
> >>>
> >>> * Every so many days it would kick me off the network
> and I'd have
> >>> to restart my computer to be able to connect to the internet.
> > This
> >>> is very frustrating and annoying, especially since
> it happened
> >>> again this morning telling me I had to download the
> new version.
> > I
> >>> thought this test was over??
> >>> * Every time I attempt to connnect to the internet I am stopped
> >>> because Norton Antivirus is blocking the Clean Access site
> > becuase
> >>> it is unknown. If you already have anti-virus
> software it makes
> >>> this process extremely difficult, and you have to disable the
> >>> previous software in order to run the new software,
> and I have
> >>> paid a large amount of money to have my computer
> protected by my
> >>> other services.
> >>> * I had had a problem once. Everytime I tried to
> connect it would
> > go
> >>> to the main screen and then my mouse cursor would start going
> >>> crazy....clicking very fast all on its own. No website would
> > even
> >>> appear. It would continue doing the same thing even after I
> > tried
> >>> restarting my computer several times. I decided to
> leave alone
> > for
> >>> the next and the next day...everything was fine and
> I was able
> > to
> >>> complete the process without any problems.
> >>> * At first, I only had a temporary connection for 20 minutes.
> > During
> >>> that 20 minutes, I had to download a bunch of
> different things
> > but
> >>> after 20 minutes, I would have to stop because I was
> no longer
> >>> connected. It took 9 hours just to get everything
> set up. Once I
> >>> did, my entire computer was running extremely slow.
> Every three
> >>> days I had to redo everything and that was a big
> inconvenience.
> >>> * It's working well.
> >>> * why do i have to re-login every few days....that kicks me off
> >>> IM...I don't like it!
> >>> * McAfee really slowed down my computer. I took Norton
> off of my
> > PC
> >>> and it runs just fine now.
> >>> * I am very frustrated that I have been randomly
> kicked off line
> >>> (while I've been using the internet and instant
> messenger) only
> > to
> >>> reaccept the clean access agent agreement and return
> to my work.
> > I
> >>> knew that this was going to happen (since it was
> stated on the
> >>> instruction sheet-thanks for that info!), but I find this
> >>> frustrating and unnecessary. I'd really rather not have the
> >>> program on my computer. Plus, I don't know what it
> does and why
> > I
> >>> need it, other than I can't get on the internet and
> it's suppose
> >>> to help prevent viruses. I had to work when Sean came to our
> >>> meeting, and I read what was given to me but I still don't
> >>> completely understand the need.
> >>> * No problems after setup
> >>>
> >>> What could BGSU have done to make this test easier?
> >>>
> >>> *
> >>>
> >>> I guess there really isn't anything to make it
> easier. It's just
> >>> going to be frustrating to you, if you impliment it
> to the whole
> >>> campus, because you will be getting a lot of calls.
> >>>
> >>> * It would have been nice if we were asked to
> volunteer to do this
> >>> instead of having no say.
> >>> * I think it woudl be easier for the RCC staff to come
> configure
> > the
> >>> software on students' computers themselves
> >>> * I wish that we would have had advanced notice that this was
> > going
> >>> to happen.
> >>> * Had people working later to help with the set up because I
> > didn't
> >>> have internet for almost 2 days.
> >>> * Tell people it takes a while to load.
> >>> * The test itself is fine. The instructions were complete and I
> > was
> >>> informed that I would be kicked off the network
> every 3 days or
> >>> so. However the fact that the system does boots me off the
> > network
> >>> randomly every few days is very inconvenient,
> especially since
> >>> I've been working while it has happened.
> >>> * Made the setup easier. You should only have to update once.
> >>>
> >>> Is there anything else you wish to add that was not mentioned?
> >>>
> >>> * Once I finally was able to download the Clean Access
> software,
> > it
> >>> told me that my login name was unknown and would not let me
> > proceed.
> >>> * After making my complaint via email and phone, RCC
> was able to
> > fix
> >>> everything on my computer so that it runs even better before.
> >>> * The test itself is fine. The instructions were complete and I
> > was
> >>> informed that I would be kicked off the network
> every 3 days or
> >>> so. However the fact that the system does boots me off the
> > network
> >>> randomly every few days is very inconvenient,
> especially since
> >>> I've been working while it has happened.
> >>> * It's annoying to have to update every three days. Once a week
> >>> would be better.
> >>>
> >>>
> >>
|