Synopsis:
Below please find the technical details that distinguish between the following types of computing environments on campus:

• DeSC Standard computers
• DeSC Lite computers
• MacDeSC computers
• MacDeSC Lite computers
• Non-Managed Domain computers
• Non-Domain Windows computers

DeSC Standard is a fully managed and standardized computing environment for University faculty and staff desktop and laptop computers. The DeSC Standard computer is a particular model, running a particular set of central software, and adheres to policy restrictions detailed below and within the DeSC website.

Benefits

• University Business Applications (UBAs) are tested, fully supported and guaranteed
• Microsoft Windows Small Footprint Image (SFI) image available, allowing automated computer setup and configuration quickly and easily
• For DeSC Standard desktops, guaranteed backup and restore capabilities with required RAID mirroring
• Specific computer hardware requirements enable better departmental pricing and maintenance support fees
• Standardized computer host naming convention, providing ease of identification and inventory systems
• Extremely secure computing environment with standard access for end users (no admin access)
• By default all Princeton domain users can log into the computer, allowing hardware to be shared
• Encryption software configured for all DeSC Standard laptops

Characteristics

• Computers are joined to the Princeton Domain
• DeSC Standard desktop computers are centrally powered down on week nights
• Mandatory quarterly password changes for administrator password for enhanced security, invisible to end users
• KACE Agent maintains central software
• Active Directory GPO manages central software and user/password/computer settings
• ePO Agent deploy as a GPO on all domain machines (ePO distributes and manages encryption and malware clients)
• Most Active Directory (AD OUs) have “opt in” for their Microsoft Updates to point to the Princeton WSUS

DeSC Lite is a fully managed and standardized computing environment for University faculty and staff desktop computers, yet without the DeSC Standard restrictions detailed above.

Characteristics

• University Business Applications tested but not guaranteed to run in this environment
• Microsoft Windows Small Footprint Image (SFI) image available, allowing automated computer setup and configuration quickly and easily (See DeSC Program Software Offerings for supported Operating Systems versions).
• Active Directory GPO manages a smaller number of password/computer settings
• Most Active Directory Organizational Units (AD OUs) have “opt in” for their Microsoft Updates to point to the Princeton WSUS
• ePO Agent deploy as a GPO on all domain machines (ePO distributes and manages encryption and malware clients)
• Computer is a member to and joined to the Princeton Domain
• Three letter prefix machine naming convention
• By default all Domain users can log into the computer
  

For University faculty and staff Macintosh computers, the MacDeSC environment has many of the same policies as the DeSC Standard environment detailed above.

Characteristics

• University Business Applications (UBAs) are tested but NOT guaranteed to run in this environment
• Specific models are authorized to become a member of MacDeSC (see www.princeton.edu/desc for more information)
• ePO Agent deploy as a GPO on all domain machines (ePO distributes and manages encryption and malware clients)
• Computers are joined to the Princeton Domain
• Standardized computer host naming convention, providing ease of identification and inventory systems
• Extremely secure computing environment with standard access for end users(no admin access)
• Mandatory quarterly password changes for administrator password for enhanced security, invisible to end users
• Apple Updates are provided from Princeton Software Update Server
• By default all Domain users can log into the computer
  

For University faculty and staff Macintosh computers, the MacDeSC Lite environment has many of the same policies as the DeSC Lite environment detailed above.

Characteristics

• University Business Applications (UBAs) are tested but NOT guaranteed to run in this environment
• Snow Leopard (10.6); Lion (10.7) and Mountain Lion (10.8) support is available
• Apple Laptop models are authorized to become a member of MacDeSC Lite
• KACE Agent deployed and maintains all DeSC central software except DeSC Standard Licensed software
• McAfee ePO Agent deployed (ePO distributes and manages malware clients)
• Standardized computer host naming convention, providing ease of identification and inventory systems
• Apple Updates are provided from Princeton Software Update Server

All computers owned by faculty, staff and students are able to join the Princeton Domain without being centrally administered. The characteristics and benefits are as follows:

Characteristics

• University Business Applications (UBAs) are NOT authorized to run on these machines (except MacDeSC machines)
• Can be any operating system that can be configured to join Active Directory Domain ( currently Windows 2000, XP, Vista, Windows 7 and OSX)
• SCCM 2007 Client installed but may not be maintaining non-DeSC Standard Licensed central software
• Active Directory GPO manages small number of password/computer settings
• Most Active Directory OUs have “opt in” procedure to point to the Princeton WSUS for security patches as well as updates for Microsoft applications
• Active Directory GPO may or may not be managing non-DeSC Standard licensed central software set
• ePO Agent deploy as a GPO on all domain machines (ePO distributes and manages encryption and malware clients)
• Computer is a member to and joined to the Princeton Domain
• By default all Domain users can log into the computer
  

Windows computers that do not join the Princeton domain are defined as the following:

Restrictions and Characteristics

• University Business Applications (UBAs) are NOT authorized to run on these computers
• Can be any Windows operating system or version (for example Windows Home or Starter)
• ePO Agent needs to installed manually
• Must be configured manually to point to Princeton WSUS for security patches as well as updates for Microsoft applications
• Users can log into the computer with local accounts only
• Password complexity GPO is not applied so the computer may have weak passwords on local accounts
• No Domain account can log into the computer
• Must authenticate separately to connect to Princeton resources (for example centrally managed print queues and H: drives)

Related Links:

• DeSC Standard computing environment
• DeSC Lite computing environment
• MacDeSC computing environment
• Windows Software Update Services (WSUS)
• How to join, access, or authenticate to the Princeton domain