DOVER AIR FORCE BASE, Del. -- The Air Force is in the process of instituting a standard set of applications and configurations for computer terminals service-wide via the Standard Desktop Configuration, which is expected to be completely implemented by Dec. 31. 

"The SDC improves overall network security by locking down security settings and restricting administrative permission to normal-user (computer terminals)," said Robert Baird Jr., 436th Communications Squadron Network Control Center chief here. 

A "normal user" is essentially defined as anyone that is not an official network administrator or a unit client support administrator. 

Client support administrators, commonly referred to as CSAs, are responsible for the installation of the SDC on computers within their assigned units. Under the SDC, only CSAs will be authorized to load application software on a user's desktop. Normal users will be blocked from loading most applications onto their computers. 

"The reason for blocking this capability is any application has the potential for exposing the system to new vulnerabilities, and the Air Force needs the opportunity to make sure what is being loaded on Air Force systems is both suitable and adheres to best practices for security," said Mr. Baird. 

Users who require additional privileges such as accessing certain Web sites or using certain applications can obtain additional permissions through their CSA once the privileges have been justified and approved. 

Although restricting user permissions has seemingly negative implications, there are numerous benefits, said Mr. Baird. 

"The SDC will provide a universal platform throughout the Air Force and improve productivity," he said. "All Airmen will have the same applications and capabilities from one computer to the other and use one common platform regardless of where they are in the world." 

Not only will the end-users' productivity increase, but system administration costs will significantly decrease. Using the SDC, Network Control Centers and Air Force Network Operations and Security Centers can remotely manage networks from a centralized location, eliminating the need for a technician to physically perform the task. 

"Air Force-wide, the SDC will reduce the time it takes to update software applications from 52-plus days to 72 hours," Mr. Baird said. "With hacker capabilities on the rise, our ability to provide the warfighter with secure computers becomes more critical." 

Once the SDC is implemented, end users will notice subtle differences when making configuration changes such as setting up new printers and adding applications. The homepage will default to the Air Force Portal, which can be changed by the user, core applications will be upgraded to the most current versions and normal users will not have administrative permission on their computers. Changes the users can make are largely ones that do not affect network security, according to Mr. Baird. 

To avoid loss of data, Mr. Baird cautions that Airmen must properly prepare for the SDC installation on their work stations. 

"Before the CSA can install the SDC, users need to backup their local data," he said. "Normal deployment should take less than two hours to complete, but because of specialized applications, the deployment can take longer depending on the number of applications (being installed)." 

Data can be backed up by copying important information onto CDs and DVDs or by working with CSAs to back up information on available network drives. 

Airmen should know that the SDC is here not to restrict end-user access or complicate administrator tasks, but to provide Airmen with an added security capability, all while decreasing cost and improving productivity, said Mr. Baird. 

Dover Air Force Base tentatively expects to have the SDC implemented by Nov. 30.

SDC user permissions

Can:
-Run most approved applications
-Save data to directories on their hard disk (but not to the Windows and Program File directories)
-Change display properties such as screen resolution, background wallpaper, etc.
-Add favorites to Internet Explorer

Cannot:
-Add, modify or remove applications from their computer
-Change Internet Explorer settings
-Run utilities such as regedit, ntbackup, disk defrag, disk clean up, etc.
-Change local permissions, system date, time or time zone