Standard for ISUAD Domain Connectivity of ISU-Owned Systems and Devices

Introduction

ISUAD.indstate.edu is the OIT centrally-managed Microsoft Domain intended for use by all Indiana State University Faculty, Staff, Student Employees, and Affiliates.  The ISUAD Domain provides a common set of services, data, tools, and security, and is currently required for all ISU-owned systems unless provided an exemption.

Benefits and key features

• Fosters efficiency and collaboration across the Institute by providing a common set of security, services, data, and tools.
• ISU Active Directory Kerberos username/password integration
• Extensions to standard Windows Group Policy settings unique to ISU
• Periodic self-maintenance scripting and behavior
• Central logging of system, application, and security events to a secure central log server, allowing for troubleshooting and backtracking in case of total system failure
• Integrated problem/bug reporting system

How can I tell if my system is on the domain?

How do I connect my system to the domain?

Only OIT personnel and authorized individuals can connect a system to the isuad.indstate.edu domain. How to Join Windows 10 to Domain

1. Logon to Windows 10 machine. ...
2. Under System Properties, select Computer Name tab and click Change.
3. In the Computer Name/Domain Changes dialog box, choose Domain under Member of option and enter domain name of your AD Domain and click OK.
4. Enter domain Administrator credential.

Can departments on campus host their own domains?

Since ISU OIT is responsible for the continuous operation of the campus network, all domains using University resources are required to reside on the ISU OIT domain controllers and DNS systems.

Any unauthorized computer domains discovered will be removed from the ISU network.

Can Computers be Exempted from the ISUAD Domain?

Specific use-cases may require that computers are exempted from the ISUAD domain.

• This use-case must be established by the department with the requirement for a domain exemption documented in detail and approved by the unit supervisor.
• Domain exempted computers are expected to have a (OIT ITSM/TDX) documented baseline for both physical and system security, since they will not have managed encryption of endpoint security software.
  • This baseline must include:
    • A documented and approved data security plan for the use of regulated data, or data that falls into Restricted or Highly Restricted categorization per ISU data security policy.
    • A documented plan for physical security of the system.
    • Automatic Updates of Operating System and Applications Enabled
    • Anti-Virus
    • A screenlock policy is enforced.
      • If automatic screenlock is problematic, this must also be documented with attention to physical security and user awareness to lock it manually.
    • Strong username and passwords that adhere to ISU’s Password Policy.
    • Best practices for administrative privileges, where upon no user is logging in as administrator for normal system usage.
    • A decal on the system noting lack of encryption and proper use of data.
    • Do not load non-work-related software on your ISU computer.  Personal or recreational applications that are purchased or downloaded may create problems with the software that is critical to ISU work, and they also may offer additional vectors for hackers and misuse of the system and ISU network.
• A domain exemption can be requested here: https://indstate.teamdynamix.com/TDClient/1851/Portal/Requests/ServiceDet?ID=20696