Frequently Asked Questions: Device Management
- What is Device Management all about?
- Why have we implemented Device Management?
- Which systems are affected?
- I see the word KACE sometimes. What is that?
- What is the Device Management agent?
- Does Device Management work on Macs?
- How will Device Management benefit me?
- I already have Windows and/or Apple Update. Why do I need Device Management?
- Is Device Management intrusive?
- How can I tell whether my computer is enrolled in Device Management?
- Do I have to install anything to get Device Management to work?
- Will Device Management constantly show pop-up windows?
- I like to apply my own patches. Can I still do that?
- What if Device Management asks me to reboot my computer? Can I stop it?
- My computer rebooted and now I see the Pepperdine Device Management window. Why does it not warn me before rebooting?
- If I don't want my computer patched, can I stop Device Management from patching it?
- What happens to mission-critical or time-sensitive apps? Will they be interrupted?
- I'd like to keep my personal devices up-to-date. Can I use Device Management on those devices?
- What about mobile devices like Smart Phones or Tablets?
- Who can I contact with questions about Device Management?
- How do I know what is being patched? Or how can I stay up-to-date with the latest happenings in Device Management?
Device Management is part of Information Technology's larger strategy to shift away from the traditional "break/fix" support model and move towards a proactive model that will allow our teams to focus on the things that enhance educational outcomes, drive business decisions, and improve operational efficiency.
Device management will allow Information Technology to safeguard University-owned technology devices more effectively. Although Device Management can do a number of things, the initial focus will be on these purposes:
- Remote deployment of software updates for commonly used programs, such as Acrobat/Reader, Java, and Flash.
- Inventory of university-owned computers and software
- Initial setup of new computers and "refresh" setup of existing computers
All university owned computers must be enrolled in the Device Management service.
KACE is server and software system used for Device Management in enterprise settings. Pepperdine's Device Management system is powered by KACE. KACE is sold and engineered by Quest Software.
The Device Management agent is a piece of software that runs on your university assigned computer that performs inventory, configuration and update tasks.
The Device Management service will have three immediate benefits for you:
- Safer computing: more effective protection from malware and identity thieves
- Asset inventory: data for fiscal stewardship and more accurate assistance with problems
- Automated provisioning: faster deployment, redeployment, and rebuild of computers
Those update services patch Microsoft Windows and Mac OSX software, but usually will not patch 3rd-party apps such as Adobe Acrobat Reader, Flash, and Java. Modern malware specifically targets these third-party programs to install on systems that have out-of-date versions of the software. Device Management can patch almost every application and will make sure these common vulnerabilities are not exploited by malware.
You will hardly notice Device Management. The agent is very small and only active while doing software and hardware inventory collection, as well as system configuration and software patching/distribution. During these activities it may use some computing power or present you with a dialog box.
Check your "Task Manager" (Windows, must "Show processes from all users") or "Activity Monitor" (Mac, must "View > All Processes") for a process called konea; if it's there, your University assigned computer is enrolled. If you are unsure, ask your local IT support representative.
No, Device Management will either be installed automatically or by an IT technician. However, if your computer is not serviced by an IT technician for initial deployment, there is a chance you do not have the Device Management agent. See FAQ #10 above to verify Device Management is installed and working on your device.
It depends on the state of your device. If you have a lot of insecure programs on your machine, Device Management will need to patch them all and may need to pop up a dialog box to inform you or get your permission to proceed or reboot.
By all means! This will also reduce the amount of interaction you have with Device Management (if there's nothing to patch, it won't need to notify you). The recommended means of manually checking/patching web plug-ins is by following the instructions at browsercheck.pepperdine.edu.
Yes–if Device Management downloads and installs an update that requires a system reboot, an alert will appear, with "Yes" and "No" buttons (or "OK" and "Snooze"). Clicking the "Yes" button will reboot your computer. Clicking the "No" button will dismiss the alert message for one hour.
NOTE: Please save your work and close any open programs before clicking "Yes" and rebooting your system!
15. My computer rebooted and now I see the Pepperdine Device Management window. Why does it not warn me before rebooting?
Device Management updates will display a message window with "OK" or "Snooze" buttons when a reboot is required. If you choose to Snooze, the message window will redisplay in one hour. This is not indefinite; after one week of snoozes, the computer will reboot to complete the patch installation.
For Windows computers, please remember that Windows Software Update Services (WSUS) will periodically install critical updates and patches that require reboots to finish. WSUS is a separate system from Device Management which is used to update core Windows components. You will receive a popup window when a Microsoft patch requires a reboot. After a timeout period, the computer will reboot to complete the patch installation.
NOTE: Best practice is to save your work and reboot to complete the patch installation as soon as practical.
By University Policy, you must maintain your computer and keep software up-to-date. This means you cannot use an unpatched device on University networks, nor can you allow a University assigned computer to remain unpatched. If you have concerns, please let us know at firstname.lastname@example.org. We will research your issue and provide appropriate solutions.
As with Windows update, you have a lot of control over when applications get patched - you have to accept the initial dialog box. However, as with Windows update, you do have a limit of about a week in terms of how long you can put off an update. If you have a concern (e.g. a calculation that will run for two weeks and can't be interrupted for a reboot), please contact your local tech support for timely assistance and also write email@example.com to make sure the DM team is aware of the need.
Device Management is limited to university-owned equipment. For personal devices, even if you use them for work, we recommend using the service detailed at browsercheck.pepperdine.edu. For more information on safeguarding your machine, please contact the Information Security team at firstname.lastname@example.org.
While our device management vendor, Quest KACE, does have a mobile solution, the Pepperdine University IT department does not manage these devices at this time. Updates for these devices are managed by the manufacturers. The Information Security Office recommends that you follow the guidelines in the Information Security Quick Reference for mobile devices to secure and update your mobile.
You can call (310) 506-4329 during business hours (8 AM ֠5 PM, Monday to Friday), or send an email to email@example.com.
21. How do I know what is being patched? Or how can I stay up-to-date with the latest happenings in Device Management?
The Device Management Blog provides details for ongoing and upcoming initiatives. The blog also contains updates on what patches are being implemented on University-owned computers.