Desktop Security Settings

macOS Security Settings

  Faculty / Staff General Use Labs Podiums Research Labs
Full Disk Encryption Enabled Disabled Disabled Disabled Disabled
Display Sleep (while plugged in) 20 minutes 60 minutes 60 minutes 60 minutes 60 minutes
Display Sleep (while on battery power) 10 minutes 60 minutes 60 minutes 60 minutes 60 minutes
Computer Sleep Disabled Disabled Disabled Disabled Disabled
Screen Saver Disabled Disabled Disabled Disabled Disabled
Require entering password to continue use? Enabled Disabled Disabled Disabled Disabled
Auto Logout Disabled 60 minutes 30 minutes 60 minutes Disabled

Windows 10 Security Settings

  Faculty / Staff General Use Labs Podiums Research Labs Experimentation Labs
Full Disk Encryption Enabled Disabled Disabled Disabled Disabled Disabled
Turn off the Display and lock (while plugged in) 20 minutes 20 minutes Disabled Disabled Disabled 60 minutes
Turn off the Display and lock (while on battery power) 10 minutes 10 minutes 30 minutes 60 minutes Disabled 60 minutes
System Sleep (while on battery and plugged in) Disabled Disabled Disabled Disabled 60 minutes Disabled
Screen Saver Disabled Disabled Disabled Disabled Disabled Disabled
Requires entering password after logout? Enabled Enabled Enabled Enabled Disabled Enabled
Auto Logout with 10 minute countdown Disabled Disabled 25 minutes 60 minutes Disabled Disabled

Notes:

What does "Display Sleep" (macOS) and what does "Turn off the Display and lock" (Windows 10) mean?

  • If a user leaves their SJU issued computer for a certain period of time, we do not want another person to be able to sit down and access the user's data and other personal information.  These settings will ensure that if you walk away from your computer, within 10 or 20 minutes (on battery power or plugged in), your screen will lock, requiring you to re-enter your password when you return.  You will not lose anything that you were working on and can resume everything once you re-enter your password.

What does "Auto Logout" mean?

  • On public computers, such as student computer labs, classroom computers, and podium computers, we are required to enforce settings that will log out a user after about 30 minutes (labs) and 60 minutes (podiums) if they have been idle for that amount of time.  Idle time is defined as not moving the mouse or using the keyboard for the specified amount of time. 

Security Audits and Requirements

  • Due to ongoing internal and external security assessments and audits mandated by the University, the desktop computer security settings listed above cannot be modified.

What's the difference between Labs, Research Labs, and Experimentation Labs

  • Certain computers in departmental computer labs, which are not publicly accessible, perform extensive experimentation that can last hours, days, or weeks.  In these cases, there are certain security settings that cannot be enforced on research and experimentation lab computers.  While research and experimentation lab computers have a weekly maintenance window to allow for security updates to be installed, and while they do enter a non-destructive system sleep after 60 minutes, they do not enforce auto-logout.  The main difference with Experimentation lab computers is that they will not go to sleep, but will rather lock the screen after 60 minutes of inactivity.  This is done to prevent any applications/software from turning off if the computer was to go to sleep, but it maintains our security requirements of preventing unauthorized access if the user were to leave the computer unattended. 


For more information, please see the article here which explains additional security measures that are implemented on University computers. 

Details

Article ID: 86503
Created
Mon 9/9/19 3:54 PM
Modified
Wed 7/7/21 3:18 PM

Related Articles (1)

Desktop Security Initiatives
This article outlines new security settings initiatives that are being managed on SJU issues Macs and PCs.