Thanks this is exactly what I needed to know ...
ken ---
Ken Whittaker
Network Manager
Information Technology Group
Keene State College
229 Main St
Keene NH, 03435
Voice: 603.358.2537
Fax: 603.358.2780
E-Mail: [log in to unmask]
> From: "King, Michael" <[log in to unmask]>
> Reply-To: Perfigo SecureSmart and CleanMachines Discussion List
> <[log in to unmask]>
> Date: Thu, 28 Jul 2005 09:29:59 -0400
> To: <[log in to unmask]>
> Subject: Re: Clean Access Test Results
>
> This is assuming 3.2.13 or higher
> Page is
> Clean Access -> Certified Devices ->Certified List (Default page when
> you click on Clean Access)
> If you clear this list (using the Clear All Button) All people will be
> logged out, and forced to recertify. That's the manual process.
>
> If you look on the 2nd level menu, there is an option marked "Timer"
> Enable the certified device list timer
> And give it a time and a number of days.
>
> We clear ours Every Sunday at 3am. (Set it to clear next Sunday at 3am,
> and then every 7 days) That's the time that our students have told us
> is the most convenient for them, 3am.
>
>> -----Original Message-----
>> From: Perfigo SecureSmart and CleanMachines Discussion List
>> [mailto:[log in to unmask]] On Behalf Of ken whittaker
>> Sent: Thursday, July 28, 2005 8:05 AM
>> To: [log in to unmask]
>> Subject: Re: Clean Access Test Results
>>
>> How would one go about de-certifying in bulk. This is
>> something that
>> we want to be able to do , we just had CCA installed and one
>> of our questions to the installer was how to log the users
>> off in bulk at a certain time.. He said that there was no
>> mechanism to do that. So I'm most curious how your doing this ...
>>
>> ken ---
>>
>> Ken Whittaker
>> Network Manager
>> Information Technology Group
>>
>> Keene State College
>> 229 Main St
>> Keene NH, 03435
>>
>> Voice: 603.358.2537
>> Fax: 603.358.2780
>>
>> E-Mail: [log in to unmask]
>>
>>
>>> From: "Flagg, Martin D." <[log in to unmask]>
>>> Reply-To: Perfigo SecureSmart and CleanMachines Discussion List
>>> <[log in to unmask]>
>>> Date: Wed, 27 Jul 2005 11:55:53 -0400
>>> To: <[log in to unmask]>
>>> Subject: Re: Clean Access Test Results
>>>
>>> We have thought about changing the heartbeat session timer set to
>>> 16-24 hours so that users are not kicked if they turn off
>> the computer
>>> overnight. We have a student environmental action group on campus
>>> that has successfully convinced students to turn their
>> computers off
>>> when they are not being used. We are planning on de-certifying all
>>> machines at 4:00 am Monday morning, every week. Any
>> comments or suggestions?
>>>
>>>
>>> Martin D. Flagg
>>> Network Engineer/Administrator
>>> Hiram College
>>> PH: 330-569-5376
>>> FAX: 330-569-5462
>>> email: [log in to unmask]
>>> -
>>> If you lend someone $20,
>>> and never see that person again,
>>> it was probably worth it.
>>>
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Perfigo SecureSmart and CleanMachines Discussion List
>>> [mailto:[log in to unmask]] On Behalf Of Homer Manila
>>> Sent: Wednesday, July 27, 2005 11:27 AM
>>> To: [log in to unmask]
>>> Subject: Re: Clean Access Test Results
>>>
>>> Oh, forgot to mention: We have the heartbeat session timer set to 2
>>> hours, which should force users to login again, if their
>> machines have
>>> been off that long. Also, we are still deciding if we will force
>>> re-certification at some more frequent regular interval
>> like 1-3 weeks
>>> at a time, to force scanning of machines running the agent
>> that aren't
>>> being made to log-in as much. One of the timeouts is decertifying
>>> people, according to our graphs, wish I knew which one!
>>>
>>> Also in regards to dhcp lease times: if it still renews to the same
>>> ip, they still won't be forced to log in. So, disregard what I said
>>> earlier
>>> :)
>>>
>>> --Homer Manila
>>> Network Security Administrator
>>> Office of Information Technology
>>> American University
>>>
>>> Homer Manila wrote:
>>>> Changing network/internet access from having no requirements to CA
>>>> can
>>>
>>>> be frustrating to the students. Telling them that implementing it
>>>> will
>>>
>>>> make their machine more secure and the network happy
>> sometimes isn't
>>>> enough. It helped that we had numbers to back up our decision to
>>>> implement CA: Last year alone, we had over 1200 virus tickets that
>>>> resulted in a loss of over $100k in man-hours and downtime. Those
>>>> are
>>>
>>>> good numbers to give budget/funding too, if you have it.
>>>>
>>>> I would also suggest increasing your temporary access time to at
>>>> least
>>>
>>>> 2 hours, which is what we did, to facilitate some of the longer
>>>> downloads(sp2). Increasing your session timeout might be a
>> good thing
>>>> too; we actually don't have a timeout set for our users. Since CA
>>>> will make you log in after the mac-address to ip-address combo is
>>>> void(dhcp lease time has expired and the user receives a
>> new ip, user
>>>> moves to another subnet, etc), it will make the user
>> sign-on again.
>>>> If
>>>
>>>> your dhcp lease times are set higher, the user will keep their ip
>>>> address longer, and have to sign-on less. Plus, we plan
>> on forcing
>>>> re-certification after every year or semester is over.
>>>>
>>>> --Homer Manila
>>>> Network Security Administrator
>>>> Office of Information Technology
>>>> American University
>>>>
>>>>
>>>> Sean Ward wrote:
>>>>
>>>>> We (Bowling Green State University) recently performed a
>> very small
>>>>> test of Clean Access/Perfigo in a residence hall where we
>> have about
>>>>> 20 students living because of conferences and the like.
>> Of the 20,
>>>>> about 14 had computers that connected, of which 10 filled out a
>>>>> survey on our website.
>>>>>
>>>>> Included below are the responses we received. For those
>> of you who
>>>>> have been testing or have finished testing Clean Access,
>> what type
>>>>> of
>>>
>>>>> response did you get from the students? Were they
>> similar to ours?
>>>>> In what ways did you convince those in charge of the
>> budget/funding
>>>>> that it was worth the cost?
>>>>>
>>>>> In an occurrence that could only be defined as "awesome", the
>>>>> instructions document is corrupted, so I cannot attach,
>> include, or
>>>>> link to it until I take time to recreate it.
>>>>>
>>>>> Any and all responses would be appreciated.
>>>>>
>>>>> Thanks,
>>>>> Sean
>>>>>
>>>>> Did you have any issues with the documentation? If so, what were
>>> they?
>>>>>
>>>>> * When trying to download clean access it kept comping
>> up with a
>>>>> message that said you must open excutiable file something,
>>>>> something, something?? and I had no clue what it was talking
>>>>> about, so I played around and finally figured it
>> out. That was
>>>>> confusing at first and somewhat frustrating
>>>>> * I guess my default settings were making it difficult to
>>> configure
>>>>> the software
>>>>> * Some of the windows that popped up, such as the temporary
>>>>> connection to the network, were not in the manual so I had to
>>>>> click on what I thought was right.
>>>>> * I tried to get it to loadfor 3 hours with no luck.
>> Finally RCC
>>> had
>>>>> to come and install a new web browser. Now it works
>> just fine.
>>>>> * The documentation was fine.
>>>>> * I had no problem installing the software and getting
>> back on the
>>>>> network. The instructions were thorough and I appreciated the
>>>>> screen shots that were included.
>>>>> * It made me update fifty million times when I first got on.
>>>>>
>>>>> Have you had any issues connecting to the network or
>> Internet since
>>>>> having the software installed? If so, how many times did this
>>>>> happen,
>>>
>>>>> what type of issues were you having, and what were you
>> doing at the
>>> time:
>>>>>
>>>>> * Every so many days it would kick me off the network
>> and I'd have
>>>>> to restart my computer to be able to connect to the internet.
>>> This
>>>>> is very frustrating and annoying, especially since
>> it happened
>>>>> again this morning telling me I had to download the
>> new version.
>>> I
>>>>> thought this test was over??
>>>>> * Every time I attempt to connnect to the internet I am stopped
>>>>> because Norton Antivirus is blocking the Clean Access site
>>> becuase
>>>>> it is unknown. If you already have anti-virus
>> software it makes
>>>>> this process extremely difficult, and you have to disable the
>>>>> previous software in order to run the new software,
>> and I have
>>>>> paid a large amount of money to have my computer
>> protected by my
>>>>> other services.
>>>>> * I had had a problem once. Everytime I tried to
>> connect it would
>>> go
>>>>> to the main screen and then my mouse cursor would start going
>>>>> crazy....clicking very fast all on its own. No website would
>>> even
>>>>> appear. It would continue doing the same thing even after I
>>> tried
>>>>> restarting my computer several times. I decided to
>> leave alone
>>> for
>>>>> the next and the next day...everything was fine and
>> I was able
>>> to
>>>>> complete the process without any problems.
>>>>> * At first, I only had a temporary connection for 20 minutes.
>>> During
>>>>> that 20 minutes, I had to download a bunch of
>> different things
>>> but
>>>>> after 20 minutes, I would have to stop because I was
>> no longer
>>>>> connected. It took 9 hours just to get everything
>> set up. Once I
>>>>> did, my entire computer was running extremely slow.
>> Every three
>>>>> days I had to redo everything and that was a big
>> inconvenience.
>>>>> * It's working well.
>>>>> * why do i have to re-login every few days....that kicks me off
>>>>> IM...I don't like it!
>>>>> * McAfee really slowed down my computer. I took Norton
>> off of my
>>> PC
>>>>> and it runs just fine now.
>>>>> * I am very frustrated that I have been randomly
>> kicked off line
>>>>> (while I've been using the internet and instant
>> messenger) only
>>> to
>>>>> reaccept the clean access agent agreement and return
>> to my work.
>>> I
>>>>> knew that this was going to happen (since it was
>> stated on the
>>>>> instruction sheet-thanks for that info!), but I find this
>>>>> frustrating and unnecessary. I'd really rather not have the
>>>>> program on my computer. Plus, I don't know what it
>> does and why
>>> I
>>>>> need it, other than I can't get on the internet and
>> it's suppose
>>>>> to help prevent viruses. I had to work when Sean came to our
>>>>> meeting, and I read what was given to me but I still don't
>>>>> completely understand the need.
>>>>> * No problems after setup
>>>>>
>>>>> What could BGSU have done to make this test easier?
>>>>>
>>>>> *
>>>>>
>>>>> I guess there really isn't anything to make it
>> easier. It's just
>>>>> going to be frustrating to you, if you impliment it
>> to the whole
>>>>> campus, because you will be getting a lot of calls.
>>>>>
>>>>> * It would have been nice if we were asked to
>> volunteer to do this
>>>>> instead of having no say.
>>>>> * I think it woudl be easier for the RCC staff to come
>> configure
>>> the
>>>>> software on students' computers themselves
>>>>> * I wish that we would have had advanced notice that this was
>>> going
>>>>> to happen.
>>>>> * Had people working later to help with the set up because I
>>> didn't
>>>>> have internet for almost 2 days.
>>>>> * Tell people it takes a while to load.
>>>>> * The test itself is fine. The instructions were complete and I
>>> was
>>>>> informed that I would be kicked off the network
>> every 3 days or
>>>>> so. However the fact that the system does boots me off the
>>> network
>>>>> randomly every few days is very inconvenient,
>> especially since
>>>>> I've been working while it has happened.
>>>>> * Made the setup easier. You should only have to update once.
>>>>>
>>>>> Is there anything else you wish to add that was not mentioned?
>>>>>
>>>>> * Once I finally was able to download the Clean Access
>> software,
>>> it
>>>>> told me that my login name was unknown and would not let me
>>> proceed.
>>>>> * After making my complaint via email and phone, RCC
>> was able to
>>> fix
>>>>> everything on my computer so that it runs even better before.
>>>>> * The test itself is fine. The instructions were complete and I
>>> was
>>>>> informed that I would be kicked off the network
>> every 3 days or
>>>>> so. However the fact that the system does boots me off the
>>> network
>>>>> randomly every few days is very inconvenient,
>> especially since
>>>>> I've been working while it has happened.
>>>>> * It's annoying to have to update every three days. Once a week
>>>>> would be better.
>>>>>
>>>>>
>>>>
>>
|
