Frequently Asked Questions: Device Management

<< Take me back to Device Management at Pepperdine homepage

 Quick Links

  1. What is Device Management all about?
  2. Why have we implemented Device Management?
  3. Which systems are affected?
  4. I see the word KACE sometimes. What is that?
  5. What is the Device Management agent?
  6. Does Device Management work on Macs?
  7. How will Device Management benefit me?
  8. I already have Windows and/or Apple Update. Why do I need Device Management?
  9. Is Device Management intrusive?
  10. How can I tell whether my computer is enrolled in Device Management?
  11. Do I have to install anything to get Device Management to work?
  12. Will Device Management constantly show pop-up windows?
  13. I like to apply my own patches. Can I still do that?
  14. What if Device Management asks me to reboot my computer? Can I stop it?
  15. My computer rebooted and now I see the Pepperdine Device Management window. Why does it not warn me before rebooting?
  16. If I don't want my computer patched, can I stop Device Management from patching it?
  17. What happens to mission-critical or time-sensitive apps? Will they be interrupted?
  18. I'd like to keep my personal devices up-to-date. Can I use Device Management on those devices?
  19. What about mobile devices like Smart Phones or Tablets?
  20. Who can I contact with questions about Device Management?
  21. How do I know what is being patched? Or how can I stay up-to-date with the latest happenings in Device Management?

1. What is Device Management all about?

Device Management is part of Information Technology's larger strategy to shift away from the traditional "break/fix" support model and move towards a proactive model that will allow our teams to focus on the things that enhance educational outcomes, drive business decisions, and improve operational efficiency.

^ Back to top

2. Why are have we implemented Device Management?

Device management will allow Information Technology to safeguard University-owned technology devices more effectively. Although Device Management can do a number of things, the initial focus will be on these purposes:

  • Remote deployment of software updates for commonly used programs, such as Acrobat/Reader, Java, and Flash.
  • Inventory of university-owned computers and software
  • Initial setup of new computers and "refresh" setup of existing computers

^ Back to top

3. Which systems are affected?

All university owned computers must be enrolled in the Device Management service.

^ Back to top

4. I see the word KACE sometimes. What is that?

KACE is server and software system used for Device Management in enterprise settings. Pepperdine's Device Management system is powered by KACE. KACE is sold and engineered by Quest Software.

^ Back to top

5. What is the Device Management agent?

The Device Management agent is a piece of software that runs on your university assigned computer that performs inventory, configuration and update tasks.

^ Back to top

6. Does Device Management work on Macs?

Yes.

^ Back to top

7. How will Device Management benefit me?

The Device Management service will have three immediate benefits for you:

  • Safer computing: more effective protection from malware and identity thieves
  • Asset inventory: data for fiscal stewardship and more accurate assistance with problems
  • Automated provisioning: faster deployment, redeployment, and rebuild of computers

^ Back to top

8. I already have Windows and/or Apple Update. Why do I need Device Management?

Those update services patch Microsoft Windows and Mac OSX software, but usually will not patch 3rd-party apps such as Adobe Acrobat Reader, Flash, and Java. Modern malware specifically targets these third-party programs to install on systems that have out-of-date versions of the software. Device Management can patch almost every application and will make sure these common vulnerabilities are not exploited by malware.

^ Back to top

9. Is Device Management intrusive?

You will hardly notice Device Management. The agent is very small and only active while doing software and hardware inventory collection, as well as system configuration and software patching/distribution. During these activities it may use some computing power or present you with a dialog box.

^ Back to top

10. How can I tell whether my computer is enrolled in Device Management?

Check your "Task Manager" (Windows, must "Show processes from all users") or "Activity Monitor" (Mac, must "View > All Processes") for a process called konea; if it's there, your University assigned computer is enrolled. If you are unsure, ask your local IT support representative.

^ Back to top

11. Do I have to install anything to get Device Management to work?

No, Device Management will either be installed automatically or by an IT technician. However, if your computer is not serviced by an IT technician for initial deployment, there is a chance you do not have the Device Management agent. See FAQ #10 above to verify Device Management is installed and working on your device.

^ Back to top

12. Will Device Management constantly show pop-up windows?

It depends on the state of your device. If you have a lot of insecure programs on your machine, Device Management will need to patch them all and may need to pop up a dialog box to inform you or get your permission to proceed or reboot.

^ Back to top

13. I like to apply my own patches. Can I still do that?

By all means! This will also reduce the amount of interaction you have with Device Management (if there's nothing to patch, it won't need to notify you). The recommended means of manually checking/patching web plug-ins is by following the instructions at browsercheck.pepperdine.edu.

^ Back to top

14. What if Device Management asks me to reboot my computer? Can I stop it?

Yes–if Device Management downloads and installs an update that requires a system reboot, an alert will appear, with "Yes" and "No" buttons (or "OK" and "Snooze"). Clicking the "Yes" button will reboot your computer. Clicking the "No" button will dismiss the alert message for one hour.

NOTE: Please save your work and close any open programs before clicking "Yes" and rebooting your system!

^ Back to top

15. My computer rebooted and now I see the Pepperdine Device Management window. Why does it not warn me before rebooting?

Device Management updates will display a message window with "OK" or "Snooze" buttons when a reboot is required. If you choose to Snooze, the message window will redisplay in one hour. This is not indefinite; after one week of snoozes, the computer will reboot to complete the patch installation.

For Windows computers, please remember that Windows Software Update Services (WSUS) will periodically install critical updates and patches that require reboots to finish. WSUS is a separate system from Device Management which is used to update core Windows components. You will receive a popup window when a Microsoft patch requires a reboot. After a timeout period, the computer will reboot to complete the patch installation.

NOTE: Best practice is to save your work and reboot to complete the patch installation as soon as practical.

^ Back to top

16. If I don't want my computer patched, can I stop Device Management from patching it?

By University Policy, you must maintain your computer and keep software up-to-date. This means you cannot use an unpatched device on University networks, nor can you allow a University assigned computer to remain unpatched. If you have concerns, please let us know at devicemanagement@pepperdine.edu. We will research your issue and provide appropriate solutions.

^ Back to top

17. What happens to mission-critical or time-sensitive apps? Will they be interrupted?

As with Windows update, you have a lot of control over when applications get patched - you have to accept the initial dialog box. However, as with Windows update, you do have a limit of about a week in terms of how long you can put off an update. If you have a concern (e.g. a calculation that will run for two weeks and can't be interrupted for a reboot), please contact your local tech support for timely assistance and also write devicemanagement@pepperdine.edu to make sure the DM team is aware of the need.

^ Back to top

18. I'd like to keep my personal devices up-to-date. Can I use Device Management on those devices?

Device Management is limited to university-owned equipment. For personal devices, even if you use them for work, we recommend using the service detailed at browsercheck.pepperdine.edu. For more information on safeguarding your machine, please contact the Information Security team at infosec@pepperdine.edu.

^ Back to top

19. What about mobile devices like Smart Phones or Tablets?

While our device management vendor, Quest KACE, does have a mobile solution, the Pepperdine University IT department does not manage these devices at this time. Updates for these devices are managed by the manufacturers. The Information Security Office recommends that you follow the guidelines in the Information Security Quick Reference for mobile devices to secure and update your mobile.

^ Back to top

20. Who can I contact with questions about Device Management?

You can call (310) 506-4329 during business hours (8 AM ֠5 PM, Monday to Friday), or send an email to devicemanagement@pepperdine.edu.

^ Back to top

21. How do I know what is being patched? Or how can I stay up-to-date with the latest happenings in Device Management?

The Device Management Blog provides details for ongoing and upcoming initiatives. The blog also contains updates on what patches are being implemented on University-owned computers.

^ Back to top