Frequently Asked Questions: Device Management
- What is Device Management all about?
- Why are we implementing Device Management?
- Which systems are affected?
- I see the word KACE sometimes. What is that?
- What is the Device Management agent?
- Does Device Management work on Macs?
- How will Device Management benefit me?
- I already have Windows Update/Apple Update. Why do I need Device Management?
- Is Device Management intrusive?
- How can I tell whether my computer is enrolled in Device Management?
- Do I have to Install anything to get Device Management to work?
- Will Device Management constantly show pop-up windows?
- I like to apply my own patches. Can I still do that?
- What if Device Management asks me to reboot my computer? Can I stop it?
- My computer rebooted and now I see the Pepperdine Device Management window. Why does it not warn me before rebooting?
- If I have applications that require specific versions, can I stop Device Management from patching those apps?
- What happens to mission-critical or time-sensitive apps? Will they be interrupted?
- I'd like to keep my personal devices up-to-date. Can I install the Device Management on those devices?
- What about mobile devices like Smart Phones or Tablets?
- Who can I contact about problems or questions about Device Management or Device Management?
- How do we know what is being patched? Or how can I stay up-to-date with the latest happenings in device management?
Device Management is part of Information Technology's larger strategy to gradually shift away from the traditional "break/fix" support model and move towards a proactive model that will allow our team to focus on the things that enhance educational outcomes, drive business decisions, and improve operational efficiency.
Device management will allow Information Technology to safeguard University-owned technology devices more effectively. Although device management can do a number of things, the initial focus will be on these purposes:
- Remote deployment of software updates for commonly used programs, such as Acrobat/Reader, Java, and Flash.
- Inventory of university-owned computers and software
- Initial setup of new computers and "refresh" setup of existing computers
All university owned computers must be enrolled in the Device Management service.
KACE is an appliance and software system used for device management in enterprise settings. Pepperdine's Device Management system is powered by KACE. KACE is sold and engineered by Dell.
The device management agent is a piece of software that runs on your university assigned computer that performs inventory, configuration and update tasks.
The Device Management service will have three immediate benefits for you:
- Safer computing: more effective protection from malware and identity thieves
- Asset inventory: data for fiscal stewardship and more accurate assistance with problems
- Automated Provisioning: faster deployment, redeployment and rebuild of computers
Those update services patch Microsoft and Mac software but usually will not patch 3rd-party apps such as Reader, Flash, and Java. Modern malware specifically targets these third-party programs to install on systems that have out-of-date versions of the software. Device Management can patch almost every application and will make sure these common vulnerabilities are not exploited by malware.
You will hardly notice Device Management. The agent is very small and only active while doing software and hardware inventory collection, as well as system configuration and software patching/distribution. During these activities it may use some computing power or present you with a dialog box.
Check your "Task Manager" (Windows, must "Show processes from all users") or "Activity Monitor" (Mac, must "View > All Processes") for a process called konea; if its there, your University assigned computer is enrolled.
For the initial deployment of Device Management, a dedicated IT team will assist in installing the Device Management on University-owned equipment.
It depends on the state of your device! If you have a lot of insecure programs on your machine, Device Management will need to patch them all and may need to pop up a dialog box to inform you or get your permission to proceed or reboot.
By all means! This will also reduce the amount of interaction you have with Device Management (if there's nothing to patch, it won't need to notify you). The recommended means of manually checking/patching web plug-ins is by following the instructions at browsercheck.pepperdine.edu.
Yes. If Device Management downloads and installs an update that requires a system reboot, an Alert will appear, with "Yes" and "No" buttons (or "OK" and "Snooze"). Clicking the "Yes" button will reboot your computer. Clicking the "No "button will dismiss the Alert message for one hour.
NOTE: Please save your work and close any open programs before clicking Yes and rebooting your system!
15. My computer rebooted and now I see the Pepperdine Device Management window. Why does it not warn me before rebooting?
Device Management updates will display a message window with "OK" or "Snooze" buttons when a reboot is required. If you choose to Snooze, the message window will redisplay in one hour. This is not indefinite; after one week of snoozes, the computer will reboot to complete the patch installation.
For Windows computers, please remember that Windows Software Update Services (WSUS) will periodically install critical updates and patches that require reboots to finish installation. You will receive a popup window when a Microsoft patch requires a reboot. After a timeout period, the computer will reboot to complete the patch installation.
NOTE: Best practice is to save your work and reboot to complete the patch installation as soon as practical.
By University Policy, you must maintain your computer and software up-to-date. This means you cannot use an unpatched device to the University networks, nor can you allow a University assigned computer to remain unpatched. If you have concerns, please let us know at firstname.lastname@example.org. We will research your issue and provide appropriate solutions.
As with Windows update, you have a lot of control over when applications get patched - you have to accept the initial dialog box. However, as with Windows update, you do have a limit of about a week in terms of how long you can put off an update. If you have a concern (e.g. a calculation that will run for two weeks and can't be interrupted for reboot), please contact your local tech support for timely assistance and also write email@example.com to make sure the DM team is also helping.
The Device Management is limited to University-owned equipment. For personal devices, even if you use them for work, we recommend using the service explained at browsercheck.pepperdine.edu. For more information on safeguarding your machine, please contact the Information Security team at firstname.lastname@example.org.
While our device management vendor, Dell KACE, does have a mobile solution, University IT does not manage these devices at this time. Updates for these devices are managed by the manufacturers. The Information Security Office recommends that you follow the guidelines in the Information Security Quick Reference for mobile devices to secure and update your mobile.
You can call (310) 506-4329 during business hours (8 AM ֠5 PM, Monday to Friday), or send an email to email@example.com
21. How do I know what is being patched? Or how can I stay up-to-date with the latest happenings in Device Management?
The Device Management blog will keep those in the Pepperdine community who want to know details about device management informed. The blog will contain updates periodically of what patches are being implemented on to University-owned computers.