FAQ’s about University Active Directory and User Privacy
What is the new University Active Directory?
The new University Active Director (UAD) is an enterprise system that organizes university computers to allow for a variety of improvements:
- Improved Security of user information
- Easy Single-sign-on to computers using @maine.edu credentials
- More efficient and cost-effective distribution of software
- Proactive alerting of virus infections and other malware
- Faster initial deployment and re-imaging of broken or infected computers
- Reliable installation and verification of computer security updates
- Unified and seamless access to network resources, such as printers and file shares
- Creation of an authorized device inventory
Why is US:IT deploying Active Directory?
US:IT is positioning Active Directory as a strategic measure to improve user experience, overall security, and the efficiency of US:IT operations.
Does Active Directory make my computer less secure?
Active Directory lowers the risk of security compromise in many ways such as those benefits listed above. Active Directory, like any enterprise technology management tool, does introduce its own risk. However, the risks created by Active Directory are minimized by US:IT following accepted and recommended security practices, such as limiting the use of administrative accounts, employing firewalls, separation of duties, etc. In addition, as an enterprise tool, Microsoft is diligent about maintaining Active Directory’s safety.
Are user files and settings affected by joining UAD?
No, the migration process to UAD preserves user’s files and computer settings. New computers are quickly setup and added to UAD before being distributed to end users.
Does this affect PCs and Macs?
Yes. However, the tools for managing Macs are not as fully-featured as for PCs.
Does UAD install any software on users’ computers?
Yes. On Windows PCs, the Microsoft SCCM client is installed. The client allows UAD to send the computer instructions for installing updates, making software available to users, implementing security settings to protect the computer, etc. On Macs, the JAMF client is installed for similar purposes.
Will this software monitor my activities?
No, these software packages are used to manage computers, not collect data on user activities. Modern computers automatically log many system events such as software and update installations, logins and system errors. We use these logs to narrow down the source of computer issues and monitor for security intrusions. These logs do not include user activity such as websites visited, files edited, etc.
Are there situations where IT staff may monitor the data, files or other activities on my computer?
Do other Universities do this?
Yes, many other universities pro-actively manage all university-owned computers to reduce the risk of information security breaches, increase the quality of computer access and improve the speed of service to the end-user. Active Directory is one method for providing such management. In addition, many University of Maine System campuses have been proactively managing university-owned computers using Active Directory and similar technologies for decades.