Left Accent
UAB CIS Header
Nav Left

Home » IT & Facilities » CIS IT Documentation » UAB's Portable Computing Security Initiative and Personal Laptops

Personally Owned Windows Laptops - Technical Guidance

Printer-friendly versionPDF version
Updated on Wed, 11/11/2009 - 3:20pm
Printer-friendly versionPDF version

Introduction

On May 15, 2009 UAB approved the Portable Computing Security Initiative – Laptop Standard found at: http://main.uab.edu/Sites/it/documents/63069.pdf. This policy defines acceptable configurations for both UAB owned and personally owned laptops which are conducting UAB Business (as defined within the policy). The policy requires that all such laptops meet certain technical specifications regarding disk encryption, antivirus, and password configuration.

Users who wish to use personal laptops for UAB Business are required to take the necessary steps to bring their laptops into compliance with the policy and then obtain departmental approval for their device prior to using it for UAB Business.

These documents are provided as a guide for the steps necessary to bring your personal laptop into compliance with the policy. They are intended only as an overview and not as a definitive step-by-step procedure, since there are many variants of Windows and your personal configuration could slightly change the appearance or steps required. If you have questions specific to your machine, please contact your local IT staff for assistance.

UAB IT has also produced a series of videos documenting how to perform these steps. You may access them at http://main.uab.edu/Sites/it/internal/all/information-security/60079/

Procedure Overview

The steps you will need to perform are outlined below.

  1. Perform Microsoft Update (aka Windows Update)
  2. Verify/Obtain Current Antivirus Software
  3. Configure your Screensaver
  4. Verify You are Using a Strong Password
  5. Defragment Your Disk
  6. Backup Your Laptop
  7. Encrypt Your Laptop
  8. Obtain Departmental Approval for UAB Business

Step 1. Perform Microsoft Update

Ensure that your system has received all of the required updates from Microsoft. You can run Windows Update by going to Start -> All Programs -> Microsoft Update. Make sure that you have the latest version of the Microsoft Update software and that all required patches have been applied to your system.

Step 2. Verify/Obtain Current Antivirus Software

The policy requires that all laptops conducting UAB Business run current antivirus software. If you are already running antivirus software, verify that you have the latest set of virus definitions. If you need to obtain antivirus software, UAB will provide you Microsoft Forefront free-of-charge. You may download Microsoft Forefront at http://main.uab.edu/Sites/it/internal/all/software-library/antivirus/

Step 3. Configure your Screensaver

The policy requires a screensaver which locks to a password in no more than 15 minutes of inactivity. To configure Windows, right-click on your Desktop, choose Properties, click the Screensaver tab, set the screensaver timeout to 15 minutes, and enable the checkbox for password protection.

Step 4. Verify You are Using a Strong Password

The policy requires that the user accounts on the laptop have a strong password. UAB has published guidance about strong passwords at http://main.uab.edu/Sites/it/faqs/49118/

Step 5. Defragment your Disk

The encryption process will go faster if your disk is first defragmented. Windows ships with a Disk Defragmenter utility. To access it, go to Start -> All Programs -> Accessories -> System Tools -> Disk Defragmenter. Click the Defragment button. This step may take an hour or more.

Step 6. Backup your Laptop

You should always backup your laptop before starting encryption. There are many ways to backup a laptop. Options include backing up to an external hard drive such as a Seagate FreeAgent (most of these products come with backup software), using an online backup service such as Mozy, or transferring your files over a network to another computer.

Step 7. Encrypt your Laptop

Note: To perform this step, you should have an active Internet connection and be connected to an A/C power source.

Please see the documentation which UAB has provided for downloading, installing and configuring  PGP Whole Disk Encryption. The documentation can be found at http://main.uab.edu/Sites/it/faqs/58698/.

Note that in Step 8 of that document, you are asked to enter your BlazerID and password in the PGP Enrollment dialog box. This step will register your copy of the PGP software with UAB (for license tracking purposes) and will allow the UAB AskIT helpdesk to help you perform a recovery of your laptop in the event that you forget your password. In Step 11, you are again asked for a username and password – this time you should use the username and password that you use to log into your laptop. This is the password that PGP will use for decrypting the hard drive once it is encrypted.

Step 8. Obtain Departmental Approval for UAB Business

Once you have completed the steps above, you will need to present your laptop to your local IT staff to receive confirmation that it is configured correctly and approval to use the laptop for UAB Business. Your IT staff is required to keep an inventory of all laptops being used for UAB Business, and they will collect information such as your MAC addresses, serial number, model number, and the type of UAB Business performed with the laptop. You may also be asked to present your laptop for a compliance audit at regular intervals in the future.

Accent Right
Login for CIS Users

Disclaimer for official UAB web pages
UAB Dept. of Computer and Information Sciences
115A Campbell Hall, 1300 University Boulevard
Birmingham, Alabama 35294-1170
Phone: 205.934.2213   Fax: 205.934.5473