New Computer Setup

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
craiggsmith
Senior Member
Posts: 711
Joined: Sun Sep 12, 2010 2:14 pm
Location: South Jordan, Utah

New Computer Setup

Postby craiggsmith » Sun Jun 23, 2013 11:35 am

I realize there have been several threads about this but I have a few more questions and thought it best to start a new one. Many of these questions are directed towards bfromm but others may have input.

I just received my first new computer of the year, a Dell Optiplex 7010. There are a number of small things in the instructions that don't apply any more and I assume they will be updated, but I have some specific questions and comments on things that may not be changed.

The instructions state that the computer will be preconfigured with tools to remotely manage and secure the computer. But the instructions then state to manually install TEM and Sophos (which is what I would interpret by "secure", although it could mean something else). In another thread here though I found that the computers really only come configured to point to the Church's update server, but that the update will install TEM. There is no mention of Sophos.

I had many errors last year with TEM trying to get pushed out via Windows Update to machines I had already installed it manually on. These may have been corrected but I think letting Windows Update install it is best. How long does it take before automatic updates run? I don't like to let a machine sit on the network for very long without all Windows security updates. And I want to get on with other tasks.

So after letting it sit for a little while I decided to manually check for updates. It immediately found the TEM update as well as a number of Windows updates. It installed those fine but afterwards there was a message in the background that required my response. I switched to it and there was a blank command window and another dialog to click OK on.

It continued to find updates and prompt for reboot 5 more times. Would it not be prudent to initiate this process and make sure it is complete before delivering the computer?

I assumed Sophos still needed to be installed manually. I did that and the install finished much faster than last year. There was no restart prompt, but the icon was displayed and it appeared to be fine. I forgot to check Task Manager to see if it was truly complete though. But after a short while I decided to restart anyway, after which it returned an "Updating failed" error. I checked the update configuration and it is pointing to the local drive, not a Church server. After a while I also got a Firewall service failure error, and it appeared Sophos received a program or configuration update. The error didn't go away so I restarted, afer which there were no more errors. But the Windows security center reports Sophos is out of date, and it's still pointing to the local drive, so I'm concerned.

I also get a message that Intel Active Management Technology is not compatible with this version of Windows.

The instructions specifically state to install Java, but there are other threads here that say it isn't necessary and don't recommend it. That could be clarified in the instructions.

I see that both Open Office and Libre Office are list; is Libre still the recommended software?

Is there any reason not to install the latest version of Acrobat?

I noticed that Flash Player installs Google Chrome and the Google Toolbar for IE unless you uncheck it. I install Chrome anyway but I don't like extra toolbars.

CutePDF - we might want to mention that the boxes to install the Ask toolbar and HotspotShield be unchecked.

I think that's it for now, thanks.

User avatar
sbradshaw
Senior Member
Posts: 2494
Joined: Mon Sep 26, 2011 8:42 pm
Location: Provo, UT
Contact:

Re: New Computer Setup

Postby sbradshaw » Wed Jun 26, 2013 11:02 pm

We're in the process of installing new computers for all the clerks' offices in our stake. In researching OpenOffice and LibreOffice, it seems that OpenOffice might be more compatible with Microsoft Office, which was important to us, so that's what we went with.

I don't think the Java install instructions are necessary. I think MLS automatically installs a Java Runtime and we haven't had any problems so far.

One of the ward clerks I was working with tonight chose to install Foxit Reader instead of Adobe Reader on his ward's computer because it's more light-weight.

We also installed Google Drive on the stake computers to have easy access to stake documents, IOS reports of out-of-unit members, etc.

russellhltn
Community Administrator
Posts: 20762
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: New Computer Setup

Postby russellhltn » Thu Jun 27, 2013 1:49 am

sbradshaw wrote:I don't think the Java install instructions are necessary. I think MLS automatically installs a Java Runtime and we haven't had any problems so far.

Yes, MLS does install it's own copy. But I think Office will trigger a "public" Java install. If it does, then you need to update that one.


sbradshaw wrote:We also installed Google Drive on the stake computers to have easy access to stake documents, IOS reports of out-of-unit members, etc.

IOS stored on not just the hard drive but on a third-party server? I think that's a bad idea. It's also not in keeping with the directive to not store confidential information on the local computer outside of the MLS database.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

chmsant
Member
Posts: 51
Joined: Mon Sep 19, 2011 11:00 am
Location: Elk Grove, CA, USA

Re: New Computer Setup

Postby chmsant » Thu Jun 27, 2013 6:22 pm

^ yup! Big no-no. Services like Google Drive, Dropbox, Box.net, etc are not authorized to be used on clerk machines.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Re: New Computer Setup

Postby aebrown » Thu Jun 27, 2013 7:19 pm

cswadner wrote:Services like Google Drive, Dropbox, Box.net, etc are not authorized to be used on clerk machines.

What's your source for that statement? This post seems to contradict your assertion (the whole topic contains a helpful discussion).

Of course, anyone using such services would have to exercise proper care in what is stored and how access is controlled, but I see no evidence that they are completely forbiddeen.

chmsant
Member
Posts: 51
Joined: Mon Sep 19, 2011 11:00 am
Location: Elk Grove, CA, USA

Re: New Computer Setup

Postby chmsant » Thu Jun 27, 2013 7:36 pm

aebrown wrote:What's your source for that statement? This post seems to contradict your assertion (the whole topic contains a helpful discussion).

Of course, anyone using such services would have to exercise proper care in what is stored and how access is controlled, but I see no evidence that they are completely forbiddeen.


There was a big to-do a year or so ago in a LDSTech broadcast about services that are "free" for personal use being installed in an enterprise environment and how it can put the Church is a risky position. Remote access services and many file transfer services were listed in that discussion.

The thread you reference cites Google Docs, but not the local install of Google Drive, which IMO are two separate things. Store what you want(minus sensitive information of course) in your personal cloud, and access when needed through web interfaces. That's fine. The way I see it though, is that the local clients should not be installed.

Not to mention the HUGE security risk about having essentially a direct connection into the local drive of the clerk desktop to transfer files in/out. Combined with the fact that any such files should be on external mediums, it just doesn't add up.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Re: New Computer Setup

Postby aebrown » Thu Jun 27, 2013 8:05 pm

cswadner wrote:There was a big to-do a year or so ago in a LDSTech broadcast about services that are "free" for personal use being installed in an enterprise environment and how it can put the Church is a risky position.

Agreed. But many of the file transfer programs are free for any kind of use. As with all software, you have to be careful of the license terms, but there's no reason to assume that all such software has such risks.

cswadner wrote:Remote access services and many file transfer services were listed in that discussion.

Remote access services were indeed a major part of the discussion. I don't recall file transfer services being mentioned at all. Can you provide a reference?

cswadner wrote:The thread you reference cites Google Docs, but not the local install of Google Drive, which IMO are two separate things. Store what you want(minus sensitive information of course) in your personal cloud, and access when needed through web interfaces. That's fine. The way I see it though, is that the local clients should not be installed.

That's an interesting analysis, and you're welcome to implement that local policy under the direction of your priesthood leaders. But I don't see how it is an absolute general policy.

cswadner wrote:Not to mention the HUGE security risk about having essentially a direct connection into the local drive of the clerk desktop to transfer files in/out.

I don't agree with your characterization of it being "essentially a direct connection into the local drive." The reputable players in this space have much better security than that.

cswadner wrote:Combined with the fact that any such files should be on external mediums, it just doesn't add up.

Your reference to "any such files" seems to get back to the issue of confidential files. I completely agree with the point that started this tangent -- IOSs should not be stored on local drives, and should absolutely not be stored in a cloud service. But there are a wide variety of files that can be usefully stored there with out even going close to any concerns about confidentiality. So let's not mix up the issues here -- I'm totally with you on not storing confidential files, but that's not an argument against using these services at all.

russellhltn
Community Administrator
Posts: 20762
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: New Computer Setup

Postby russellhltn » Thu Jun 27, 2013 8:12 pm

cswadner wrote:There was a big to-do a year or so ago in a LDSTech broadcast about services that are "free" for personal use being installed in an enterprise environment and how it can put the Church is a risky position. Remote access services and many file transfer services were listed in that discussion.


The broadcast you refer to was LDSTech Broadcast - June 1, 2012, starting at about 26:16. The narration says "Please only install authorized software" and "We recommend that you don't install additional things". It doesn't indicate that it's completely forbidden, but I agree that one must be vary careful. What is free for personal use may not be free for church use.

I went though the ELUA for Google Drive, and all I could find was "If you are using our Services on behalf of a business, that business accepts these terms."

One should note the Policies and Guidelines for Computers Used by Clerks for Church Record Keeping indicates that all software installed must be approved by the Stake President. This same policy contains the information that confidential information should not be stored on the local machine. I'd think a IOS would be confidential by anyone's standards.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

chmsant
Member
Posts: 51
Joined: Mon Sep 19, 2011 11:00 am
Location: Elk Grove, CA, USA

Re: New Computer Setup

Postby chmsant » Thu Jun 27, 2013 8:54 pm

aebrown wrote:Agreed. But many of the file transfer programs are free for any kind of use. As with all software, you have to be careful of the license terms, but there's no reason to assume that all such software has such risks.

True but as was pointed out, we were given guidelines not to install anything extra. If there is a need for something specific, check with your Stake President and then go to the GSC to ask permission.

aebrown wrote:Remote access services were indeed a major part of the discussion. I don't recall file transfer services being mentioned at all. Can you provide a reference?

russellhltn was kind enough to find the broadcast. Thanks! There was also some twitter discussion on that, don't recall exactly.

aebrown wrote:That's an interesting analysis, and you're welcome to implement that local policy under the direction of your priesthood leaders. But I don't see how it is an absolute general policy.

Well if you go back to what I said above, it's pretty clear policy. Don't install extra stuff to the machines.
aebrown wrote:The reputable players in this space have much better security than that.

Yes, they secure your files, but they don't police the contents of what you are storing. Say you link a clerk computer to your personal Dropbox which is also connected to your home computer, like many of us would do. Your personal computer becomes compromised and malware gets thrown everywhere, including into your dropbox drive. Some unsuspecting clerk goes in on sunday to open some files and accidentally clicks this malware. Sophos SHOULD catch it, but what if it doesn't? The same could happen if you're going through a web interface but it's an extra level of protection. Nothing becomes automatic.

aebrown wrote:Your reference to "any such files" seems to get back to the issue of confidential files.
I'm talking about any files in general, confidential or otherwise. Store them to the USB key and lock them up. That way if there is a hardware failure the STS can just swap the machine and be done with it. I hate having to dig because someone has a "mission critical" file on the HDD of the computer I just took out for repair/disposal.

russellhltn wrote:I went though the ELUA for Google Drive, and all I could find was "If you are using our Services on behalf of a business, that business accepts these terms.

Given the fact we were told to only install authorized software, I would venture to say that we are not able to accept any EULA or TOS of unauthorized services because at that point we are acting outside of our scope.

Obviously all of this boils down to what the Stake President decides is acceptable as he holds the keys and makes the final decisions on most of this within the guidelines he's been given. I'm merely presenting a point of view that follows good IT policy for end users and prevents a lot of headache for us STSs that work the front lines.

Now... would I love to have a stake Dropbox account to share files... yes. I just don't feel at the moment that it falls within the acceptable use guidelines that have been put forward. With the big technology push as of late (GAs on Facebook, Missionary work transition, etc) I don't think we're too far away from an in-house solution.

lajackson
Community Moderators
Posts: 6141
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: New Computer Setup

Postby lajackson » Thu Jun 27, 2013 9:08 pm

cswadner wrote:. . . we were given guidelines not to install anything extra. If there is a need for something specific, check with your Stake President and then go to the GSC to ask permission.

"We recommend that you don't install additional things" is not the same as "not to install anything extra." As you said, the stake president holds the keys to decide what is acceptable. It is not necessary to go to the GSC to ask for permission.

You seem to follow a very strict and limited policy in your area, which is wise and certainly well within policy. In our area, we are instructed to use Dropbox to retrieve certain files from the area office. And so our stake president has authorized us to do that.

But nothing sensitive or confidential comes that way.


Return to “Clerk Computers”

Who is online

Users browsing this forum: No registered users and 1 guest