From the KnowledgeBase

Title:
DeSC, Domain, and managed computers: What are the differences?
Synopsis:
Below please find the technical details that distinguish between the following types of computing environments on campus.

Windows environments

Mac OS X environments




DeSC Standard computers

DeSC Standard is a fully managed and standardized computing environment for University faculty and staff desktop and laptop computers. The DeSC Standard computer is a particular model, running a particular set of central software, and adheres to policy restrictions detailed below and within the DeSC website.

Benefits

  • University Business Applications (UBAs) are tested, fully supported and guaranteed
  • Microsoft Windows Small Footprint Image (SFI) image available, allowing automated computer setup and configuration quickly and easily
  • For DeSC Standard desktops, guaranteed backup and restore capabilities with required RAID mirroring
  • Specific computer hardware requirements enable better departmental pricing and maintenance support fees
  • Standardized computer host naming convention, providing ease of identification and inventory systems
  • Extremely secure computing environment with standard access for end users (no admin access)
  • By default all Princeton domain users can log into the computer, allowing hardware to be shared
  • Encryption software configured for all DeSC Standard laptops

Characteristics

  • Computers are joined to the Princeton Domain
  • DeSC Standard desktop computers are centrally powered down on week nights
  • Mandatory quarterly password changes for administrator password for enhanced security, invisible to end users
  • KACE Agent maintains central software
  • Active Directory GPO manages central software and user/password/computer settings
  • ePO Agent deploy as a GPO on all domain machines (ePO distributes and manages encryption and malware clients)
  • Most Active Directory (AD OUs) have “opt in” for their Microsoft Updates to point to the Princeton WSUS


DeSC Lite computers

DeSC Lite is a fully managed and standardized computing environment for University faculty and staff desktop computers, yet without the DeSC Standard restrictions detailed above.

Characteristics

  • University Business Applications tested but not guaranteed to run in this environment
  • Microsoft Windows Small Footprint Image (SFI) image available, allowing automated computer setup and configuration quickly and easily (See DeSC Program Software Offerings for supported Operating Systems versions).
  • Active Directory GPO manages a smaller number of password/computer settings
  • Most Active Directory Organizational Units (AD OUs) have “opt in” for their Microsoft Updates to point to the Princeton WSUS
  • ePO Agent deploy as a GPO on all domain machines (ePO distributes and manages encryption and malware clients)
  • Computer is a member to and joined to the Princeton Domain
  • Three letter prefix machine naming convention
  • By default all Domain users can log into the computer


DeSC Basic Managed Domain Windows machines


The Basic Managed Domain environment is a partially managed computing environment, for University faculty and staff Windows machines with the Dell KACE agent and McAfee ePO agent installed, yet without an OIT Image and any of The DeSC Program managed environments restrictions detailed above. Windows machines are “opted-out” by default. Users or departments may “opt-in” machines, which meet the below criteria, by following the "Joining" instructions on the DeSC Basic Managed section of the DeSC website or, for multiple machines, by completing the Non-SFI Managed “Opt-in” Request Form.

Characteristics
Windows devices not purchased using personal funds with KACE and ePO agents installed that join the Princeton domain and meet the following requirements:

  • Does not have an OIT image (Small Footprint Image, Cluster, etc.) installed
  • University Business Applications (UBAs) are NOT certified to run on these machines
  • Has a Princeton OIT Host Database Record
  • Dell KACE and McAfee ePO Agents are installed.
    NOTE: KACE and ePO Agent deploy as a GPO on all departmental domain machines
  • Can be any of the following operating systems certified to support KACE and ePO agents:
    • Windows XP to Windows 8.1
    • OSX 10.4 to 10.8
  • Active Directory GPO manages small number of password/computer settings
  • Must “opt in” to point to the Princeton WSUS for security patches as well as updates for Microsoft applications
  • Computer is a member to and joined to the Princeton Domain
  • By default all Domain users can log into the computer

Benefits

All Basic Managed Windows machines receive distributions from KACE, which deploys the following software if it is not installed on computer:

  • Mozilla Firefox
  • McAfee Endpoint Protection Security Software (McAfee ePO)

KACE distributes updates to the following software if it is installed on the computer

  • McAfee ePO Agent
  • Dell KACE Agent
  • Mozilla Firefox web browser
  • Oracle Java
  • Adobe Flash
  • Adobe Shockwave
  • Adobe Air
  • Apple iTunes
  • McAfee Security Software (McAfee ePO)



DeSC Basic Managed Non-Domain Windows machines

The Basic Managed Non-Domain environment is a partially managed computing environment, for University faculty and staff desktop and laptop computers with the Dell KACE agent and the McAfee ePO agent installed, yet without any of The DeSC Program managed environments restrictions detailed above. Devices are “opted-out” by default. Users or departments may “opt-in” machines, which meet the below criteria, by following the "Joining" instructions on the DeSC Basic managed section of the DeSC website or, for multiple machines, by completing the Basic Managed “Opt-in” Request Form.


Characteristics

Windows computers not purchased using personal funds with KACE and ePO agents installed and meet the following requirements:

  • Does not have an OIT image (Small Footprint Image, Cluster, etc.) installed
  • University Business Applications (UBAs) are NOT certified to run on these computers
  • Has a Princeton OIT Host Database Record
  • Dell KACE and McAfee ePO Agents are installed
  • Can be any of the following operating systems certified to support the KACE and ePO agents:
    • Windows XP to Windows 8 (Non-Domain machines)
  • Must be configured manually to point to Princeton Microsoft WSUS for security patches as well as some Microsoft application updates
  • For Non-Domain Windows machines:
    • Users can log into the computer with local accounts only
    • No Domain account can log into the computer
    • Must authenticate separately to connect to Princeton resources (for example centrally managed print queues and H: drives)

Benefits

All Basic Managed Windows machines receive updates from KACE unless otherwise noted below. KACE deploys the following software if it is not installed on computer:

  • Mozilla Firefox web browser
  • McAfee Endpoint Protection Software (McAfee ePO)

Distributes updates to the following software if it is installed on the computer

  • Dell KACE Agent
  • McAfee ePO Agent
  • Mozilla Firefox
  • Oracle Java
  • Adobe Flash
  • Adobe Shockwave
  • Adobe Air
  • Apple iTunes
  • Apple Quicktime
  • McAfee Security Software (McAfee ePO)




MacDeSC Standard computers

For University faculty and staff Macintosh computers, the MacDeSC Standard environment has many of the same policies as the DeSC Standard environment detailed above.

Characteristics

  • University Business Applications (UBAs) are tested but NOT guaranteed to run in this environment
  • Specific models are authorized to become a member of MacDeSC (see www.princeton.edu/desc for more information)
  • ePO Agent deploy as a GPO on all domain machines (ePO distributes and manages encryption and malware clients)
  • Computers are joined to the Princeton Domain
  • Standardized computer host naming convention, providing ease of identification and inventory systems
  • Extremely secure computing environment with standard access for end users(no admin access)
  • Mandatory quarterly password changes for administrator password for enhanced security, invisible to end users
  • Apple Updates are provided from Princeton Software Update Server
  • By default all Domain users can log into the computer


MacDeSC Lite computers

For University faculty and staff Macintosh computers, the MacDeSC Lite environment has many of the same policies as the DeSC Lite environment detailed above.

Characteristics

  • University Business Applications (UBAs) are tested but NOT guaranteed to run in this environment
  • Snow Leopard (10.6); Lion (10.7) and Mountain Lion (10.8) support is available
  • Apple Laptop models are authorized to become a member of MacDeSC Lite
  • KACE Agent deployed and maintains all DeSC central software except DeSC Standard Licensed software
  • McAfee ePO Agent deployed (ePO distributes and manages malware clients)
  • Standardized computer host naming convention, providing ease of identification and inventory systems
  • Apple Updates are provided from Princeton Software Update Server

MacDeSC Basic computers


The MacDeSC Basic environment is a partially managed computing environment, for University faculty and staff desktop and laptop computers with the Dell KACE agent and the McAfee ePO agent installed, yet without any of The DeSC Program managed environments restrictions detailed above. Devices are “opted-out” by default. The computers can be Domain or Non-Domain authenticated. Users or departments may “opt-in” machines, which meet the below criteria, by following the "Joining" instructions on the MacDeSC Basic managed section of the DeSC website or, for multiple machines, by completing the Basic Managed “Opt-in” Request Form.

Characteristics

Mac computers not purchased using personal funds with KACE and ePO agents installed and meet the following requirements:
  • Can be Domain or Non-Domain
  • University Business Applications (UBAs) are NOT certified to run on these computers
  • Has a Princeton OIT Host Database Record
  • Dell KACE and McAfee ePO Agents are installed
  • Can be any of the following operating systems certified to support the KACE and ePO agents:
    • OSX 10.4 to 10.8(Non-Domain or Princeton Domain machines)
  • Must be configured manually to point to Princeton OSX SUS for security patches as well as some Apple application updates
  • For Non-Domain OS X machines:
    • Users can log into the computer with local accounts only
    • No Domain account can log into the computer
    • Password complexity GPO is not applied so the computer may have weak passwords on local accounts
  • For Princeton Domain OS X machines:
    • By default all Domain users can log into the computer
    • Password complexity GPO is applied for domain accounts
  • Must authenticate separately to connect to Princeton resources (for example centrally managed print queues and H: drives)

Benefits
All Basic Managed OS X machines receive updates from KACE unless otherwise noted below. KACE deploys the following software if it is not installed on computer:
  • Mozilla Firefox web browser
  • McAfee Endpoint Protection Software (McAfee ePO)

Distributes updates to the following software if it is installed on the computer
  • Dell KACE Agent
  • McAfee ePO Agent
  • Mozilla Firefox
  • Oracle Java (OSX SUS)
  • Adobe Flash
  • Adobe Shockwave
  • Adobe Air
  • Apple iTunes (OSX SUS)
  • Apple Quicktime (OSX SUS)
  • McAfee Security Software (McAfee ePO)


Non-managed Domain computers

All computers owned by faculty, staff and students are able to join the Princeton Domain without being centrally administered. The characteristics and benefits are as follows:

Characteristics

  • University Business Applications (UBAs) are NOT authorized to run on these machines (except MacDeSC machines)
  • Can be any operating system that can be configured to join Active Directory Domain ( currently Windows 2000, XP, Vista, Windows 7 and OSX)
  • SCCM 2007 Client installed but may not be maintaining non-DeSC Standard Licensed central software
  • Active Directory GPO manages small number of password/computer settings
  • Most Active Directory OUs have “opt in” procedure to point to the Princeton WSUS for security patches as well as updates for Microsoft applications
  • Active Directory GPO may or may not be managing non-DeSC Standard licensed central software set
  • ePO Agent deploy as a GPO on all domain machines (ePO distributes and manages encryption and malware clients)
  • Computer is a member to and joined to the Princeton Domain
  • By default all Domain users can log into the computer


Non-Domain Windows computers

Windows computers that do not join the Princeton domain are defined as the following:

Restrictions and Characteristics

  • University Business Applications (UBAs) are NOT authorized to run on these computers
  • Can be any Windows operating system or version (for example Windows Home or Starter)
  • ePO Agent needs to installed manually
  • Must be configured manually to point to Princeton WSUS for security patches as well as updates for Microsoft applications
  • Users can log into the computer with local accounts only
  • Password complexity GPO is not applied so the computer may have weak passwords on local accounts
  • No Domain account can log into the computer
  • Must authenticate separately to connect to Princeton resources (for example centrally managed print queues and H: drives)


Related Links:


Last Updated:
August 28, 2014

Solution ID:
1034