University of Calgary
UofC Navigation

Unmanaged to managed

Submitted by ebsharpe on Fri, 04/01/2016 - 3:26pm

Submitted by wendy.thatcher on Thu, 06/23/2016 - 4:41pm

Thank you for taking the time to check your device. Simply use the following tool to find out whether your device is managed and in the managed environment. If your device is unmanaged, or you are in the unmanaged environment, further information will be provided to help you become managed. 

Once you begin, you will be prompted for your IT username and password. 

If you have any questions during this process, please feel free to contact the IT Support Centre at 403-220-5555 or itsupport@ucalgary.ca

What is the difference between managed and unmanaged devices?

A managed device is a university-owned device that is centrally managed and administered by IT over the network using applications to ensure that it follows the configuration and policies required to maintain its security, reliability and accessibility. This includes virus protection, software updates, and the ability for IT to keep both those up to date remotely.

An unmanaged device is one that connects to the university network but is not managed and centrally administered to ensure its security, reliability and to some level accessibility. It may be university owned, but may also be personally owned.

What if I have an unmanaged device and all of my files are within the managed domain, like a network share? Can I still see my files?

If your files are on a shared drive or network drive, then no. Access to file shares within the managed domain will require a managed device moving forward. To gain access to these network drives, your unmanaged devices will be required to be transitioned into the managed domain.

This is to ensure the integrity and protection of all secure data, and our managed network spaces. This is not a punitive action, but a necessary part of protecting the important information assets the university creates and maintains. 

Will there be an outage during the weekend of July 1 as you change the structure of the network?

We are not expecting an outage at this time. You may find that some services that you once had access to, like printing or network drives are no longer accessible. This is not an outage, but a planned part of securing our network. 

If my computer is unmanaged, what can I access?

Unmanaged devices will only have access to data that you manage personally on your device. You will have access to public facing data and most of web-enabled services will be available to you. With an unmanaged device, on any internet connection, you would have access to the following:

  • Webmail (both Office 365 and Cyrus)
  • D2L 
  • PeopleSoft web portal (via my.ucalgary.ca)
  • SharePoint sites
  • ucalgary.ca (and Drupal if you are the web administrator on that site)
  • And other web-enabled services.

How do I know if my current machine is unmanaged?

Any Windows computer on the UC domain is considered managed. When logging in to your computer, if you’re logging in with your IT account, and it says “Log on to: uc.ucalgary.ca” or “Log on to: UC” underneath your password, your computer is on the UC domain.

There are faculties in which their own faculty purchased a Windows machine and are currently being transitioned to IT – these would be considered “managed”. Do you log onto another University domain like the Arts domain? These are also considered to be managed computers, because you have an IT team which helps you keep your computer up to date and secure.

If you are unsure whether your computer is managed or unmanaged, contact the IT Support Centre 403-220-5555 or itsupport@ucalgary.ca for clarification, when you have your computer with you.

How do I connect to the managed domain? (airuc-secure/physically connected)

If you are connecting to the secure wireless internet, (airuc-secure), the following is required:

  1. A managed computer
  2. A faculty or staff account and password (the username/password combination you use to unlock your computer or access your email)

If you are using a physical connection, (a network cable), the following is required:

  1. The port that your cable is plugged into must be a managed port, set up to allow secure access. Contact the IT Support Centre at 403-220-5555 or itsupport@ucalgary.ca to validate;
  2. A managed computer; and
  3. A faculty or staff account and password (the username/password combination you use to unlock your computer or access your email)

If you require further clarification, contact the IT Support Centre at 403-220-5555 or at itsupport@ucalgary.ca.

I only access the network from home. Can I stay unmanaged?

If you only require access to public facing and/or most of web-enabled services through the Internet, then your computer can stay unmanaged.

IT set me up at home on my home computer with VPN connectivity. Will I still be able to use my home computer and the VPN the same way as I have been?

If you have been setup with VPN, you may be connecting in one of two ways:

Option 1: General Purpose VPN (GPVPN) which will provide access to the unmanaged domain. You will not be able to access shared network drives. You will require an Admin VPN connection and a SecurID for two-factor authentication. 

Option 2: Admin VPN (AVPN) which will provide access to the managed domain. This will require you to obtain two-factor authentication, using a SecurID. Your experience should not change.

How long will it take if I want my computer to become managed? What is the process?

Preparation is underway to establish the process of migrating unmanaged devices into the managed domain. This should be ready by July 4, 2016 and will be accessible from this page.

Since there is an expectation that there will be a significant number of requests initially, the target will be within 10 business days of the request.

My lab has confidential data on unmanaged machines. IT does not have the right legally or through my research submission to come into my machine.

a. IT personnel will not be accessing your machine for the purposes of using, disclosing or modifying personal or confidential information, but simply for the purpose of ensuring that the university's network remains secure and free of viruses, malware, etc.

b. IT personnel take oaths of confidentiality and will not use, disclose or modify any personal or confidential information on your machine.

c. If your machine is unmanaged, it cannot be connected to the university's managed network for security reasons. However, you will be able to access public facing and/or most web-enabled services through the Internet.

d. If you want your machine to be connected to the university's managed network, then the university's IT department must be able to access your machine to ensure that it is and remains free of viruses, malware etc. It is important that the university's network is a secure and reliable environment for handling research data and other information.

Will I be able to access the same services on my managed laptop from home that I get to today?

Managed laptops will be able to connect using Admin VPN (AVPN) to the same on campus services that you would normally access. Remote access will only be provided through Admin VPN (AVPN) with two-factor security (a SecurID), to all managed domains.

I have a computer that I purchased with university funds, but it is not an IT standard device. Can it still be considered a managed device?

Not all devices can be migrated to the managed domain. Some of the key factors that will determine whether a device can be migrated will be the following:

  1. Operating system
  2. Machine type
  3. Age of machine

To validate whether you can or cannot be migrated, please contact the IT Support Centre at 403-220-5555 or itsupport@ucalgary.ca.

Will I be able to print on a university printer from my unmanaged device?

For the near term, you will not be able to print to a network university printer. Please do not buy a printer in the interim!

The university is currently in the process of replacing the entire fleet of Xerox printers. Part of this process will involve printing with new technology that provides greater functionality, including printing from managed or unmanaged devices, regardless of your location in the university domain. 

Why don't our policies require me to be managed?

Our policies require updates. Most of the policies relating to information management and system security were last revised in 2007. The policies will be reviewed and revised over the course of the 2016/17 academic year.

What is two-factor authentication/SecurID?

Two-factor authentication requires two mechanisms to validate a secure connection. You may have already used two-factor authentication to enhance the security of your other devices or connections by including a phone number, or fingerprint requirement, along with a password or passcode combination to access your phone or personal email account. 

In addition to your IT username and password, you will need a SecurID to access the university's Admin VPN (AVPN). We  use a SecurID as either a digital RSA FOB or an app on a mobile device (this app generates a number or password to be used). These two factors (your username/password and SecurID) make up the two halves of two-factor authentication.

To get the two-factor authentication app for your mobile device, contact the IT Support Centre at 403-220-5555 or service.now@ucalgary.ca and ask for a SecurID.

How IT Manages Desktops FAQ

Submitted by ebsharpe on Tue, 06/21/2016 - 5:44pm

What will be different if my computer is managed?

A managed computer is a desktop or laptop that IT can perform some automatic actions on, for your security and convenience.  These actions include managing your power settings and Windows updates, updating your software, managing and scaning your computer for viruses, and rebooting your computer on a weekly basis. Many of these activities happen in a maintenance window, a controlled window of time. 

A managed computer is able to access secure parts of the IT services, like file shares or network drives, if they are on a secure network. 

If my computer is managed, is IT looking at all my files?

IT personnel will not be accessing your machine for the purposes of using, disclosing or modifying personal or confidential information, but simply for the purpose of ensuring that the university's network remains secure and free of viruses, malware, etc. Most actions taken on managed computers are done automatically through an interface that never directly accesses your desktop (like a remote session with the IT Support Centre does). Having a managed computers does not mean that your computer's contents are exposed to a person.

IT personnel take oaths of confidentiality, and sign confidentially agreements. We will not use, disclose or modify any personal or confidential information on your machine.

Can tablets or phones be managed devices?

At this time only computers, (Mac or Windows) are being managed by IT. All other devices are considered unmanaged. However some of these devices may be eligible for Admin VPN (AVPN) access. 

What is my maintenance window and when is it?

A maintenance window is a defined period of time when updates for your Windows operating system are installed, applications are updated, and your computer is rebooted (if required.) This window typically beings Thursday night at 10:00pm (MST) unless you work in IT. IT staff have a maintenance window on Wednesday night at 10:00pm so there is no overlap between these two windows of time. 

Does my computer need to be turned on during the maintenance window?

For IT to be able to do tasks during the maintenance window, your computer needs to be turned on, or in sleep mode and plugged in. We are able to wake up a sleeping computer to do the maintenance window. If your computer is off or hibernating, it will not wake up for the maintenance window. 

We do not wake laptops that are not plugged in to ensure we do not use your battery life. If your laptop is on battery during the maintenance window, it will not wake up to preserve it for your use. 

What happens if my computer is never turned on/in sleep mode during maintenance windows?

Once your computer gets too far behind on updates, we will start applying updates and forcing you to reboot at any point when your computer is on. This is not ideal, and we highly recommend that your computer be available for maintenance windows.

Can I manually install updates?

Yes, if you have enough privileges on your computer to install/update software on your computer. You will need to open the program Software Centre, and check off the updates you wish to install in the Available Software tab. 

Why can't my Windows XP computer be managed by IT?

Windows XP is not a supported operating system, which means that it is not receiving regular updates from Microsoft. This leaves it vulnerable to attack and cannot be made secure until the operating system is upgraded to a more current version (if the computer has the capability to run a newer operating system.) 

Power Saving Policies FAQ

Submitted by ebsharpe on Wed, 01/27/2016 - 1:55pm

What does the Power Saving Policy mean for me?

All IT managed computers are now automatically being put to sleep after 5:00pm if not in use to reduce electricity usage. By putting computers to sleep, IT will still be able to remotely access computers and perform routine updates and virus scans over night and on weekends while significantly reducing electricity consumed by computers. 

Can I opt out of the power saving policy?

Yes, and to do so please follow these instructions for Altering Your Default Power Settings.

What is the difference in electricity consumption between a computer that is put to sleep compared to one left on?

A standard computer and monitor use 70 watts and 30 watts respectively. When your computer is put to sleep and your monitor turned off, together they only use 5 watts (95% less power)! If everyone put their computer to sleep and turned off their monitor at the end of the day, we could save approximately $40.00/year/computer on electricity costs alone. This number will increase if your computer is always in sleep mode when you are not at your desk.

For example, in an office with 100 computers we could save $4000.00 (approximately) every year.

What happens if I completely turn off my computer at night?

Your computer will miss it’s “maintenance window” and receive scheduled updates at some point when it is turned on again. The computer will also miss it’s scheduled virus scans and begin those immediately upon login. The benefit to putting your computer into sleep mode is that your updates and virus scans may run at off hours, rather than when you’re using the computer. 

Will these changed impact my computer if I work on a satellite campus or in a Faculty with its own IT Department?

Most locations will be affected by this change, including all IT managed computers in Calgary. University of Calgary in Doha will not be affected by this change. 

What is the difference between Control+Alt+Delete and sleep mode?

When you use the keyboard combination Ctrl-Alt-Delete or Windows-L your computer simply locks. A locked computer is still 'awake' in that it is only waiting for your password to resume normal operation. This is an excellent practice to get into when leaving your computer for a short time as it simply makes your desktop inaccessible. When a computer is in sleep mode it is also locked in the same way, but far more of the computer is powered down. 

If I am on an unmanaged computer can I make these changes manually?

All computers have settings that manage their power consumption. Personal computers, computers purchased with grants, or other computers that are not managed by IT can still benefit from power savings. 

For Windows computers, these Power Options can be found in the Control Panel which can be accessed through the Start Menu.

For Mac computers, these settings can be found by clicking on the Apple icon in the top, left hand corner of your screen. Select System Preferences, and look for the Energy Saver icon which appears a light bulb. 

If I am working on my computer at 5 PM will it go into sleep mode?

Only computers which are not actively in use will go into sleep mode. This means that if you were to step away from your computer for longer than 10 minutes it would go into sleep mode, but if you are actively using it it would not. 

What should I do if I often remote-in to my computer from home?

If you intend to remote into your computer and do not wish to have the default power settings applied, please see the instructions for Altering Your Default Power Settings.

Anti-Virus / Security FAQ

Submitted by ebsharpe on Tue, 06/21/2016 - 5:59pm

What anti-virus software is used to protect managed desktops?

We use Microsoft System Center Endpoint Protection on University of Calgary managed computers. IT automatically installs this on all managed desktops and laptops, and keeps it updated to protect our assets. 

When does the software do its scans?

There is a daily quick scan scheduled for every day at 10:00pm. There is a full scan scheduled for every Friday at 10:00pm. For IT to be able to do the scan, your computer needs to be on, or in sleep mode and plugged in. We are able to wake up a sleeping computer to do the maintenance window. If your computer is off, hibernating, or not plugged in it will not wake up for the maintenance window.

What happens if my computer misses the scheduled virus scans?

If your computer misses two scans in a row, the software will run the scan as soon as your computer is available. This will likely be right as you log in to your computer for the first time of the day.

When does Microsoft System Center Endpoint Protection update its virus definitions?

Microsoft System System Endpoint Protection checks for updates to it's virus definitions every 4 hours, and before any daily scan. IT has the ability to force your computer to update the virus definitions when an outbreak occurs. This is vital because the virus definitions are it identifies malicious software on your computer. 

Can IT block a malicious program from running?

Yes, IT has this ability to protect your computer. We can use a Microsoft Windows service called AppLocker to block a program from running. If we add a program to the “deny list” users will see a message that the program has been blocked:

Hard Drive Encryption FAQ

Submitted by ebsharpe on Tue, 06/21/2016 - 6:41pm

What is encryption?

Encryption is a technology that protects the contents of your laptop’s hard drive. It is a much stronger level of protection than typical security features, such as logging into an operating system with your username and password or protecting individual files with passwords.

What does encryption do?

Encryption converts the data on your hard drive into a scrambled code. Without the encryption key, the data is unreadable to anyone accessing the hard drive.

How does encryption protect me?

Encryption ensures that in the event your laptop is lost or stolen, the data contained on the hard drive is inaccessible to anyone who finds the laptop and does not have the encryption key.

How do I know if my computer is encrypted?

If you have a University of Calgary managed device, you will be able to see if your computer is encrypted . For Windows computers, any device that is encrypted will display a lock icon on Local Disk C: if it is encrypted.

Windows 7

  • Click Start menu > Computer

Windows 8

  • Click File Explorer > Computer

Windows 8.1 & Windows 10

  • Click File Explorer > This PC

macOS (OS X)

  • macOS (OS X) computers use FileVault to encrypt the local drive called Macintosh HD.
  • Click the Apple icon on the menu at the top of your screen, select System Preferences, and click the Security & Privacy icon. FileVault will indicate it is turned on for Macintosh HD.

Who needs encryption?

Anyone who uses a university managed laptop should be using encryption to protect our assets. Some older models of computers, and Mac computers are not eligible for encryption yet. 

What do I do if encryption locks me out of my own computer?

You can obtain your BitLocker recovery key by visiting http://unlock.ucalgary.ca/ when your laptop is on campus within the university network, or calling the IT Support Centre at 403-220-5555.

Encryption Recovery

Are managed computers encrypted?

Managed Windows laptop computers are encrypted, and any laptop that becomes managed will eventually be encrypted to ensure better security. Mac computers will also eventually be encrypted as well, but as of today are not. 

Search IT

Note: we are unable to reset your password via chat – reset online or by calling us at 403-220-5555.

Support Centre Status