Blocking the Dropbox client on Lab workstations

In order to try and ensure the continuity of the Managed Desktop service for Lab workstations, we have decided to block users from installing and using the Dropbox sync client on Lab workstations.

This is due to the fact that the Dropbox client will install for users with USER rights and once installed and configured could potentially download Gigabytes of data from the Dropbox service to the user’s profile on the local workstation.
This could fill the disk of the workstation and cause numerous issues, especially if a few users all did this on the same workstation.

Dropbox files still available via the web portal
Please note that access to the Dropbox service is not being blocked, the recommended access to such services for all users is via the web portal for the service which will allow users to transfer files individually, so only transferring those files that are actually required which is more appropriate than sync’ing every file in their Dropbox account unnecessarily.

AppLocker
The method for blocking the installation of the client is using a technology called ‘AppLocker’ which is available with Windows 7.
This will restrict defined executables from being run, and is configured within a Group Policy.
At present we have set up a Group Policy to block the Dropbox client and Sugarsync client from installing and running and this policy has been applied to all Lab workstations.

If the user tries to run an application that is blocked they receive the following message on screen:

For more information on AppLocker see:
http://technet.microsoft.com/en-us/library/dd548340(WS.10).aspx

Other sync clients
We do intend to add other sync clients to the list of blocked applications as soon as we have tested to ensure they are blocked as expected and don’t cause other issues.
The biggest issue with Dropbox is that it will allow USERS to install the client, where as clients such as Googlesync will not install if the user is not a local administrator.

Updated VPN client and settings for MD7 laptops

From the week beginning 6th August 2012, Networks and Infrastructure will be releasing an updated VPN client to all MD7 Office laptops in order to improve the user experience for MD7 laptop users.

The updated client will allow more concurrent connections to the VPN service and provide enhanced security.

Installation Process

The VPN client update will install during the workstation startup process and once available there will be two icons on the desktop to allow connection to the SHU VPN and to disconnect when finished.

Connecting to the SHU VPN

In order to connect to the VPN the user should double click on the ‘Connect to SHU VPN’ desktop shortcut. This will launch the the application and display the login screen where the user will be required to enter their SHU usercode and password.

The client does have a slightly different login screen to the previous client as this is an updated version of the client software.

Drives Mapped

As part of the updated settings, once the connection has been successful the user should receive a message informing them that the network drives have been mapped successfully and the user will then have same drive letters mapped as they get whilst working within the University.

Access to the University Resources

Once connected to the VPN the user will be using  the SHU network and so will have access to SHU resources that are not normally available from outside the University, such as Homespace, shared drives and University services.

Using the Internet

Whilst the user is connected to the VPN all internet traffic will be directed through the SHU VPN network until the VPN is disconnected, when traffic will revert to using the ISP network.

Disconnecting from the SHU VPN Network

In order to disconnect from the SHU VPN network users should double click on the Disconnect desktop shortcut. As part of the disconnect process this will remove the drive mappings to the SHU network file store.

Gallery