Service categorie: Desktop Computing

The service provides centrally managed workstations integrated into Active Directory domains. This service is for employees of the central university administration and kiz on campus-wide locations. Desktop systems and notebooks are used.

These computers are used to provide basic equipment such as office and communication software, the use of output devices (printers), access to personal, departmental or group-specific networks as well as an Internet access. They are also equipped with software adapted to the specific requirements and the respective user group.

Mobile computers receive appropriate software and configuration to access the file systems and applications securely from outside the campus network.

Service description

All managed desktops

• Provision of a desktop computer or a mobile computer (with docking station and separate screen) per user. There is no entitlement to multiple centrally managed computers for one user.
• Mobile computers have a VPN (or comparable) access to campus network or network segments, where resources such as file and print services are provided for the respective user group (networks F & L, ZUV, ZUV campus).
• Mobile computers (notebooks) are divided into 2 categories: "fully managed laptops" and "standard laptops" and "self-administered laptops"
  • Fully managed laptop: fully equipped with software on the local device
  • Standard laptop: Minimal installation as ThinClient - work is done via RDP on a permanently assigned VM
  • Self-managed laptop: Team DC issues an unconfigured device that is set up and managed by the user (this category is only possible within kiz)
• Users are not granted administrative access rights to the respective computers.
• Ensure prior protection of viruses, Trojans and other malicious software by a virus scanner with automatic updating and by taking further configuration measures (for example, deactivating the automatic execution of macros and certain programs).
• Providing basic software: Microsoft Office Suite, Web browser, e-mail client, PDF reader, SSH client, VPN client
• Personal homedirectory on a CIFS server with access via an automatically connected network share
• Directories for departments, teams, work and project groups on a CIFS server with access via automatically connected network drives (shares)
• Ensuring a data access restricted to the respective user and his group membership by implementing a rights and role concept in the respective Active Directory.
• All directories on the CIFS servers, which can be connected as standard via network drives, are integrated into an automatic backup. The retention periods of the secured data, up to which a restore is possible, are defined within the service "Backup".
  A restoration is requested preferably via e-mail to the helpdesk of the kiz.
  It also supports the user-executable function to restore older or deleted file versions using the "Previous Versions" function from the Windows Explorer's File Properties dialog.
• Providing output devices (printer) depending on the requirements profile at the workplace and / or centrally for departments, departments, groups, etc.
  The printers are used via a central print server, which provides the available queues in the system environment of the PC workstations. The resulting printing costs are charged to the respective institution (department or department).
• Providing special software according to the user's requirements profile (eg SAP, SOS, POS, ZUL, Creative Suite, Library software).
  The determination which special software is necessary for the performance of official tasks is made by agreement between the department management and the administration team of the kiz.
• Additional software will be installed on the workstations, provided that this is possible taking into account effort, compatibility, safety evaluation and licensing requirements. The request must be directed to the kiz by the respective department manager. There is no claim to the installation. The requested software is replaced by similar software if necessary. If licensing costs arise through the installation, the respective institution (department) has to pay them.
• The kiz doesn’t assure functionality of the provided system environment with simultaneous login with the same access data on different computers.

Managed desktops of the kiz

• Authentication (login) with the kiz account in the general Active Directory of the university
• Direct Internet access (can be restricted for security reasons)

Managed desktops of the Central University Administration

• Authentication (login) with the account for the Active Directory of the Central Administration (not identical to the kiz account)
• Internet access via a separate proxy server (can be restricted for security reasons)
• The files stored on the mobile computers are encrypted and secured with 2-factor authentication (protected USB stick + pin / password). If the USB stick or PIN / password is lost, the data cannot be restored.
• Standard laptops without a USB stick are only encrypted with a pin - the background to this is that no data should be stored there, as work takes place on the VM.

User groups

Employees of the kiz and the Central University Administration

Service hours

24 x 7 x 365

Application conditions

A separate account for the use of managed desktops is not required for kiz employees. The kiz account automatically set up with the university setting is sufficient. The required authorisations are assigned to this account in the general Active Directory.

ZUV employees are assigned the additional role "Administration" in the SVA. This automatically generates a separate account in the ZUV Active Directory via the IDM.

The provision of a new workstation (desktop or mobile) must be requested via the helpdesk six weeks in advance, but at the latest when the hiring is initiated.

Charge / Fees

The following fees are charged for the service:

• Procurement of the end devices (desktops, notebooks)
• Cost of additional software that is not covered by existing license agreements