Skip to main content

University-Owned Devices Standard Frequently Asked Questions

My work involves sensitive data that can only be accessed by specific individuals. Doesn’t requiring machines to be authenticated using Enterprise Directory Services make devices less secure, since that would allow anyone with WVU Login credentials to access the device?
Enterprise Directory Services authentication does allow users to use their WVU Login credentials to access University technology resources; however, if required, specific machines can be configured to allow only particular people to access them. All machines that authenticate to Enterprise Directory Services can be scanned by ITS to monitor and identify security vulnerabilities across the University network as well as managed and updated remotely.

My device will only be used off-campus. Using Enterprise Directory Services authentication would be unnecessary since the computer will rarely be on the University network to scan or update remotely.
ITS has started to manage off-campus devices, such as travel machines, using Azure/InTune which only requires an internet connection to scan and update. We will be working with more colleges this upcoming year to implement Azure/InTune for their devices that are used off-campus.

As part of our contract with it, a vendor provides a computer that runs the specific technology system we purchased. Would this standard apply?
If a machine is owned and operated by a vendor but it is running a technology application at WVU, the requirements within this standard would not apply because the device is not owned by the University; however, should a device be identified as a security vulnerability to the University network, ITS will request it be removed.

The warranty requirement in this document is unrealistic. Are you going to provide funds for us to purchase new devices every three years?
ITS strongly recommends not using or repurposing devices that are out of warranty, but this statement does not mean that the use of out of warranty devices is strictly prohibited. ITS understands the budget constraints we are all under and that some colleges follow their own upgrade cycles. With the closing of our Computer Repair Assistance program last year, ITS made the decision to no longer work on machines that are out of warranty or test deployments on machines older than five years. Individual colleges have made similar determinations and started purchasing extended warranties. Similarly, if there are college IT groups that do choose to repair and troubleshoot older devices, that is up to the IT director. However, should an out of warranty machine be identified as a security vulnerability to the University, ITS will request that it be removed from the network.

My student workers use old, out-of-warranty devices that would not function if we encrypted them. What should I do with these devices?
ITS understands that replacing old devices will be a continual process. The standard requires that all newly-purchased desktops, laptops, and notebooks must support encryption and be encrypted with whole disk encryption prior to use. Older devices that do not support encryption must be protected with compensating controls (e.g., used off-network) and replaced as soon as possible with a device that does support encryption. Contact ITS if you need assistance identifying appropriate compensating security controls for the device.

Is there a specific software that we need to use to maintain our IT asset inventory?
An internal audit completed in 2018, required that a full technology asset inventory be compiled across campus. This standard now requires that an asset inventory be maintained; however, it does not identify a specific software to use. Some colleges have a full inventory maintained on a spreadsheet and that is acceptable. ITS has chosen Lansweeper as our enterprise inventory tool. We are currently testing both the installed agent and agentless scanning capabilities to determine the best enterprise option. We hope to release it for use outside of ITS and providing support for it by the end of 2019.

Requiring Macs to be registered in JamF is going to be an additional financial burden on colleges since those licenses aren’t covered centrally, like SCCM. Is ITS going to cover those costs?
ITS is notified when a new Mac machine is purchased through Mountaineer Marketplace and then assigns the device to the appropriate management group within JamF Pro. If the group is not using JamF, the device is not assigned. Currently, ITS has been covering the costs for groups who have less than 20 devices within JamF; however, we will begin covering all the costs for JamF Pro licensing, as we do for SCCM, beginning FY2020.

My research involves using highly-specialized equipment that is operated by an out-of-warranty machine that I cannot afford to replace. What should I do to be in compliance with this standard?
ITS acknowledges that WVU is an R1 institution and has research labs across campus running equipment that may not be able to meet the requirements outlined in this standard which cannot easily be replaced/upgraded due to budget issues. If there is a research facility or device that cannot meet the standards identified, please notify ITS and request an exception to the standard. We will work with you to ensure appropriate security controls are in place to protect the device, your data, and the University network.

I don’t understand how Apple School Manager works. Does this mean that I’ll now have a personal Apple ID and a University-issued Apple ID?
Apple School Manager allows all University-owned mobile devices (iPhone, iPads) to be managed in a central University account and not through the individual’s Apple ID account. This way, central IT can install updates and upgrades to the device without requiring it to be physically brought to IT. Additionally, devices can be shared between employees while providing a personalized experience for each.

What do you mean when you say devices must run a supported operating system? Does this also include open-source software?
University-owned devices must run an operating system that is supported by either a vendor, open source community, or an individual. That means the entity that developed OS must be actively and routinely providing and deploying patches and security updates.

We are an academic institution that teaches operating systems. Does this standard apply to our students?
ITS acknowledges that WVU is first and foremost an academic institution and that students will learn to develop operating systems. Students that deploy operating systems on virtual machines or within coding environments would not be subject to compliance with this standard. Students that develop and deploy operating systems on bare-metal machines that are owned by the University would be responsible for maintaining the OS and ensuring it is adequately patched and secured while the machine is being utilized at the University.

I have a monthly meeting that requires reviewing information using a computer in a conference room. The computer locking every 15 minutes is annoying. Can I set that computer never to lock?
ITS highly discourages this practice. To prevent screens locking during a long meeting or presentation, set the computer to presentation mode or temporarily change the settings just for the meeting. A computer that is set to never lock will be left unsecured for the other 29 days of the month.

What do you mean when you say that devices must be “sanitized” prior to going to surplus?
ITS is currently working to develop a new standard that outlines how data should be cleaned off University-owned devices prior to sending them to surplus to ensure that all University data is securely removed. We plan release more information about this process as it is finalized.

Connect With Us

Service Desk Hours and Contact

Service Desk Hours

Monday – Friday: 7:30 a.m. – 5 p.m.

Closed on Saturdays, Sundays, and official University holidays.

Contact Us

Information Technology Services
One Waterfront Place
Morgantown, WV 26506

(304) 293-4444 | 1 (877) 327-9260
ITSHelp@mail.wvu.edu

Get Help

Maintenance Schedule

To function effectively and securely, applications and the systems that support them must undergo regularly planned maintenance and updates.

See Schedule