Client Computer Administration Policy

Purpose

Thayer School owns a very large number and variety of client computers. Computing Services seeks to make administration of these systems as efficient as possible while still allowing appropriate flexibility for users. As part of this, we offer several options for levels of Computing Services involvement in administration of client computers.

Levels of Support for Client Computers

We provide three levels of support:

  1. Full Control
  2. Launch Pad
  3. Minimal Involvement

Each of these provides a different balance between user participation and Computing Service control. Greater user participation requires greater skill on the part of the user and sometimes makes it more difficult for Computing Services to troubleshoot and help maintain client computers. Greater Computing Services control can occasionally result in less flexibility and convenience for the user. The intent of the levels of support is to allow users to choose the level for a particular client computer that best fits their situation and to help them be aware of the implications their choice will have on Computing Services' ability to support them.

Important Security Consideration

The Dartmouth Information Security Committee (DISC) has established the Dartmouth Information Security Policy with definitions of what constitutes sensitive data and controls for how we need to configure and operate computers that contain or access sensitive data. We operate "Full Control" computers to comply with DISC requirements. If you opt for "Launch Pad," this means you could reconfigure or otherwise operate the computer in a way that takes it out of compliance. And if you opt for "Minimal Involvement," the computer will not be in compliance when you start. With either of these levels, you are responsible for either ensuring you never store or access sensitive data on the computer in question or you learn and follow the DISC controls on that computer to ensure you are protecting the data according to the appropriate level of sensitivity of the data you store or access on that computer.

Full Control

Choosing this level means Computing Services assumes full responsibility for system administration of the client computer. We install the operating system, install applications on request, maintain patches, create user accounts, etc. The user(s) of computers supported under this level will have no administrator access. This is how we handle all our lab and compute server client computers. Only certain operating systems are eligible for this level of support:

  • Windows 10 Enterprise
  • macOS 10.14 (Mojave) and higher
  • Ubuntu Linux 22.04 (jammy)

We will also need to impose limits on the kinds of hardware we support at this level.

These are operating systems we know well and are well equipped to support. They are also the only operating systems that are fully tested with all Thayer systems (e.g. ThayerFS and Jumbo).

Having control of the computers at this level results in much greater efficiency for Computing Services. We know what is on each system and in many cases can dramatically streamline system administration tasks. When a problem arises, we don't have to worry about what a user-administrator may have changed that could be affecting the situation. A user with a problem on a client computer at this level of support can expect Computing Services to put full priority and effort into addressing their issue as it is likely to affect the rest of the client computers at this level.

Computing Services pledges to be very responsive to the needs of users with client computers at this level of support. We hope to have as many client computers as possible at this level so we will endeavor to make it a positive experience for as many users as possible. If you are in doubt as to which level to use, we recommend you start at this level.

Launch Pad

With the "Launch Pad" level of support, Computing Services installs a standard operating system image on the client computer and then provides administrator access to the user. Depending on the OS and what the user does, the client computer may continue to get some or all of our updates. But the user-administrator is responsible for the system and has control to do what they want to it.

This level of support again only applies to the operating systems and versions listed above.

Computing Services will provide best-effort support of systems like this, and the fact that the system started out with a standard OS image will assist our efforts. A crucial caveat about this level of support is that Computing Services may end up recommending reinstalling the standard OS image if a problem gets too time-consuming for us to troubleshoot. At this point the user-administrator can decide if they will fix the problem on their own or start from the "Launch Pad" again. Computing Services will try to avoid this situation, but we cannot assume responsibility for trouble-shooting all problems on systems at least partially operated by others.

Since we have no control over what may or may not have been done to the system while it is in the "Launch Pad" state, if a user decides to return to the "Full Control" support level after the computer has been installed at or converted to the "Launch Pad" support level, the system will have to be re-installed.

Minimal Involvement

In this level, the user handles all installation and system administration of the client computer in question and Computing Services' involvement is at most in a consulting role. Users wishing to run operating systems not on our list or hardware too unfamiliar for the other levels of support will have to run their computer at this level of support. Users needing to tweak the operating system frequently (e.g. Linux kernel mods) or who wish to have complete control over everything on their client computer will also need to use this level of support.

Computing Services will still provide best-effort support of systems at the minimal involvement level, but the amount of time we can put into these one-of-a-kind systems will be limited. We wish to help all users, but will place higher priority on problems encountered by users in the previous two support levels. Solving issues on mainstream systems will in general provide more benefit to our user community than solving issues on one-of-a-kind systems. Also, we will be more productive troubleshooting issues on systems we know well and whose administration history we know.

Computing Services Access to Client Computers

Computing Services needs to access Thayer School owned computers. We will endeavor to make sure you are aware or at least notified when we do so, but this may not always be possible. We will leave your data untouched as much as possible, but if you have anything truly sensitive on the computer you might want to consider storing it on ThayerFS, Jumbo or Google Drive or encrypting it.