Content (1175)
When using the ARS Web Management tools, remote users are required to connect with CU VPN.To use the web-based ARS Web Management tool, use a supported browser
To uninstall Spirion, drag the Spirion Application Bundle into the Trash. If you reinstall Spirion again later, all previous custom Preferences and licensing/activation information will be intact.Alternatively, right-click (or ctrl-click) the application and select Move to Trash.
Shredding files in Spirion permanently removes them from your machine. You cannot recover shredded files.
Your list of possible confidential data matches may include "false positives." A false positive is something that looked like confidential data to Spirion, but is not. You can ignore false positives. They will be skipped in future scans (unless they are changed).
Is it Confidential Data?ActionDetailsStep-by-StepNoIgnoreThe match was a false positive.
You can use Spirion to scan the following:External hard drivesThumb drivesCDs and DVDsMounted encrypted volumes (for example, FileVault volumes)Some unit/department have optional policies in place; scanning may not be available in some locations. If you are scanning a folder on a server, you…
Spirion is a tool to help you locate stored confidential data, but you’ll need to work through the results before you can be sure your machine is in compliance with University policy and local practices. Spirion is configured to run automatically, but you can also perform manually-triggered scans.
Red Hat Enterprise Linux (RHEL) is an open-source operating system. Prior to September 2019, Cornell University maintained a contract with the vendor to provide automated updates and support. Due to declining use of RHEL at Cornell, CIT chose not to renew the contract.
CornellAD does not provide third-party tools to facilitate Linux management. It has been tested with PowerBroker (freeware) that allows you to join Linux clients to the domain, and allows users to log in using their domain credentials.Likewise Open is now called PowerBroker Identity Services Open…
CIT creates and manages Group Policy Objects (GPO) for domain and forest-wide functions such as default password policy. Each individual unit is responsible for creating and managing their own set of local GPOs.
Group management privileges can be assigned at the OU level, or directly on the group using primary and secondary owners. This page covers how to delegate permissions at the OU level. This involves:
In order for a computer to appear in the correct local OU, the CornellAD Organizational Unit (OU) administrator needs to create the computer account within their OU under the local objects branch using ARS. OU admins should use the computer name assigned by the ARS tool to name the actual computer…
HoldingID is the term used for an account/principal created in CornellAD, which can "belong" to an individual or a department and has its own password (as all accounts do). One use of a HoldingID is allowing programmatic access to an Exchange Group Accounts (EGA). HoldingIDs are created via…
CornellAD makes heavy use of DNS by dynamically registering services via SRV records. The Authoritative DNS Server for cornell.edu is dns.cit.cornell.eduNS Pointers are configured to DNS servers for the following sub-zones:
The password and account policies in CornellAD are domain-wide settings, and affect all accounts in the cornell.edu domain. The policy is set at the domain level by CIT and is pushed down to all organizational units (OUs). CIT is not able make modifications to these parameters based on requests…
The CornellAD Planning Committee is the governing body for matters affecting the entire CornellAD forest/domain. Each CornellAD top-level unit is entitled to have a representative on this committee. The Planning Committee addresses issues such as schema changes, naming conventions, security…
CornellAD is backed up nightly.Only AD objects are backed up. Devices that happen to be joined to CornellAD are not.
ARS provides default logging for 30 days. If you need older logs to troubleshoot a local problem, please contact the IT Service Desk.
Learn more about the three directory instances available, and how to choose the right one.CornellAD supports LDAP queries on standard ports (389 for LDAP and 636 for LDAPS) for retrieving information about objects in CornellAD.
Learn more about the three directory instances available, and how to choose the right one.