/ DEPARTMENT OF MANAGEMENT SERVICES
ADMINISTRATIVE POLICY
TITLE: Local Area Network and Personal Computer Use / POLICY NUMBER
IT-10-105
EFFECTIVE: May 1, 2010
REVISED:

PURPOSE

DMS recognizes the importance of properly managing our Local Area Network (LAN) and its use, and the use of desktop and laptop computers in our agency. This policy covers standards, acceptable use, standards and methods associated with our LAN and personal computers.

SCOPE

This policy applies to all DMS employees. The DMS LAN and Desktop Support Team is responsible for enforcing this policy. However, every employee is also responsible for carrying out this policy, and DMS management is responsible for supporting this policy.

AUTHORITY

Florida Statute 282.318

DISTRIBUTION

The following individuals should be notified of this policy / Method of notification
Departmental IT, Division of Retirement IT /
  • Detailed review by Chief Information Officer (CIO)

All DMS Users /
  • E-mail communication by CIO.
  • Information Security Awareness Training
  • DMS Website
  • The Workplace

DMS Executive Leadership /
  • Executive Leadership meetings

DEFINITIONS

Word/Term / Definition
Laptop Computer / A typical mobile computer such as a Dell Latitude.
Desktop Computer / A computer designed to sit on top of the desk or as a small tower, meant to be used as a personal computer.
Personal Computer or PC / Either a laptop or desktop computer made for use by a single person.
Local Area Network (LAN) / A collection of computers, printers, disk space and other equipment connected by a network, and managed by network software to control permissions and access to network resources and applications.
Active Directory / Microsoft software DMS uses to control permissions and access to network resources and applications, and to administer the LAN.
Administrative Privileges / Computer rights to perform any operating system configuration changes, and to add and delete software.
DMS Users / Full Time, Part Time, Contractors, and OPS employees that use state-owned and -provided personal computers.

POLICY

Personal Computers

  • Standard configuration for personal computers:
  • Operating System - Microsoft Windows. The Desktop Support team is responsible for ensuring that the version in use at DMS is a currently supported version by Microsoft.
  • Productivity Tools – Microsoft Office. The Desktop Support team is responsible for ensuring that the version in use at DMS is a currently supported version by Microsoft.
  • Virus Protection – Trend Micro and Sophos. The Desktop Support team is responsible for ensuring that the version in use at DMS is current as well as all associated files.
  • The DMS Desktop Support and LAN Support teams fully support personal computers with the above standards . The Desktop Support team will maintain “standard builds” (images of standard configurations ready to copy to any personal computer) for the above stated standards so as to efficiently and effectively setup new hardware for DMS Users. Standard builds will include all appropriate configuration settings that align with this policy, and that make up that standard personal computer at DMS.
  • The Desktop Support team fully supports personal computers with standard build provided by the Desktop Support team .
  • DMS prohibits Personal Computer configurations other than the standard listed above,without CIO approval for an exception. DMS understands that certain positions, especially technical engineers and graphics developers, may need a non-standard configuration to be most productive for the kind of work performed;however, you must get approval before purchasing non-standard hardware and software.
  • The Desktop Support team does not support personal computer configurations other than the standard listed . If the CIO grants an exception , the DMS User and associated division agree that desktop support is the responsibility of the division. Configurations deemed to put the DMS LAN or DMS information at risk will be not be permitted.
  • OS, Security, Virus, and Spyware Updates – See policy IT-09-104.
  • Personal Computer Rights – DMS Users will not be granted Administrative (Admin) privileges on their personal computer while connected to the DMS LAN. For those users who might need to periodically download and install software or components on their personal computer, for which Admin rights are required, Desktop Support may setup a local user account that will allow personal computer Admin privileges for performing such tasks. This local user account will not be able to connect to the LAN server software. It is recommended that Desktop Support perform the download and install tasks for desktop computers. CIO approval will be required for extenuating circumstances where non-standard rights are deemed necessary.
  • Desktop computers and computer monitors will not be taken from DMS premises without permission of management.
  • Only state-owned devices may be attached to DMS personal computers, with the exception of personal printers and network connections connecting to laptops while away from the office.
  • Laptop computer use – see policy IT-09-103.
  • DMS Users have access to the personal computer’s hard drive and the network shared drives; however, the personal computer’s hard drive is not backed up. Network shared drives are backed up on a daily basis and we recommend you store data files there. . If you store data on the personal computer hard drive, take steps to protect it, such ascopying it regularly to a network shared drive to allow it to be backed up overnight.
  • Personal computers are meant to be used for work purposes only. Software installations must be for work related purposes.Installing software applications for personal use is prohibited without express permission from management. However, the following software is strictly prohibited from being installed, loaded, or running on personal computers without CIO approval:
  • BitTorrent software.
  • Any other peer-to-peer or file sharing software for file sharing outside of the DMS network. This includes, but is not limited to, eMule, Gnutella, LimeWire, and Kazaa.
  • Server processes are not allowed to run on personal computers, except for software application development purposes, without permission from the Desktop Support Team.
  • Proxy services are not permitted to be setup on personal computers without permission from the Desktop Support team.
  • E-mail and Internet use – See policy Admin-99-104.
  • Software Licenses – All software installed on DMS personal computers must be properly licensed. Personal computer software should be installed by the Desktop Support team. The team will ensure the software is properly licensed before installing it, and document the instance of the license. Any software installed by a DMS User must be reported to the Desktop Support team through the DMS Help Desk. Failure to do so will result in the inability for DMS to defend software licensing during an audit, which could result in fines and penalties.
  • Departmental IT maintains the ability to remotely connect to any DMS personal computer. DMS may at any time monitor computer use and review the contents of personal computer files.
  • The Desktop Support team maintains an Administrator UserID on every DMS personal computer.
  • It is recommended that DMS Users logoff or lock their personal computer before leaving a work area.
  • DMS Users shall not disable, alter, or otherwise circumvent personal computer configurations set by policy or any security measures.

Local Area Network (LAN) Use

  • Only state-owned and state managed personal computers are allowed to be connected to the DMS LAN, unless it is connected from the internet using a secure VPN (Virtual Private Network). Non-state-owned personal computers can connect to the 802.11 wireless network named CCOC-Guest, available in DMS buildings at the CCOC. Exceptions to this policy item require approval of the CIO.
  • Only Departmental IT employees will have Administrator rights in Active Directory.
  • Every DMS User will have a unique UserID and password for accessing the LAN. Passwords must not be shared with other DMS Users.
  • Group or shared UserIDs for LAN or DMS application access is prohibited. UserIDs used must be unique to each DMS User.
  • All management of the DMS LAN (except for physical infrastructure such as wiring, switches, routers, etc.) will be carried out, or contracted out, by Departmental IT.
  • Network drives are made available to DMS Users through the LAN to store files of any type. This includes shared network drives and a network drive for individual use (i.e. the H: drive). Network drives are available for work related files only. DMS Users are prohibited from copying music, pictures, and other files of a personal nature to anynetwork drive. These network drives are backed up on a daily basis.
  • User groups may be created so that group members may have permissions granted to folders in the network drives. User groups are created and managed by the LAN Support team. Beginning with the implementation of this policy, group or individual access permissions will be set no deeper than two folders (directories) from the root of any drive letter without an exception granted from the CIO.
  • DMS Users access network printers and scanners through the LAN. These network printers and scanners, as well as direct attached printers, are for work related printing and scanning only. Exceptions may be granted by management.
  • The folder owner must approve access requests for folders within shared drives. If ownership appears to be a group of users, then the supervisor of the group must provide approval.
  • Several LAN characteristics are controlled and enforced by electronic policy (configuration settings either stored on the LAN or sent to each individual personal computer). These will include the following:
  • LAN Password expiration is every 90 days.
  • A computer will lock after 15 minutes of inactivity.
  • A password will lock after 3 failed attempts, and will unlock after 30 minutes.
  • A password must be at least 7 characters, with at least one capital letter and one number.
  • Passwords cannot be re-used until after the password has changed 6 times.
  • Last Login ID will not be displayed on the login screen for Windows.
  • Presentation of Legal Notice prior to login screen for Windows.
  • DMS Users will be held accountable for their user account activity.
  • DMS Users are responsible for safeguarding their password.

Terminated DMS Users

  • UserIDs and permissions for DMS Users whose LAN access has been terminated will remain in Active Directory for one year, per the State Library & Archives of Florida’s General Records Schedule GS1-SL for State and Local Government Agencies. (
  • Upon terminating LAN and personal computer use, a DMS user’s computer files will be moved to an archive location on shared network drive, with access permissions given to a designated DMS user or users as instructed in the termination paperwork. This includes e-mail data files stored on the personal computer’s hard drive or the network shared drive. These files will remain in this location for 90 days, to provide time for the appropriate team to review the information and copy the files that must be retained to other appropriate locations. After 90 days the archived information will be deleted. The DMS Desktop Support team must approve any exception.

RESPONSIBILITIES

Individual
or Group / Responsibilities
Departmental IT /
  • Enforce adherence to this policy for personal computer and LAN use.

Division of Retirement Director and IT Management Vendor /
  • Enforce adherence to this policy for division personal computer and LAN use.

DMS Leadership Team /
  • Support this policy.

Employees /
  • Policy review at implementation.
  • Ongoing policy awareness and adherence.

CIO /
  • Communicate the approval and implementation of this policy to all employees upon approval.
  • Include policy information in the annual Information Security Awareness training.
  • Add the policy, and supporting items, to the Departmental IT Workplace site.

Page 1 of 6 DMS Policy No. IT-10-105

LAN and Personal Computer Use