Stanford University respects your privacy, and VLRE does not collect any personal data (email, calendar events, contacts, personal files, etc) from your laptop or desktop computer. VLRE does not have the capability of modifying or enforcing settings on your computer, but rather periodically reports on your computer's configuration in order to determine its level of compliance with the University's endpoint security requirements. If your computer is found to be non-compliant based on VLRE's reporting as reflected in MyDevices, it is your responsibility to make the necessary changes.
Here's what VLRE collects and stores (and why):
- Computer name, serial number, model and type (for identifying the computer in MyDevices)
- VLRE version (to determine whether the installed version of VLRE is current)
- Operating system type, version, and patch status (to determine whether the computer is running a supported and patched OS)
- MAC addresses (for associating the information reported by VLRE to other data about this device in MyDevices)
- Encryption status of non-removable drives (to determine the compliance status of the computer with respect to whole disk encryption requirements)
- Whole disk encryption recovery key (to enable owner to escrow the recovery key for later retrieval if needed [only if opted-in during initial setup])
- Presence of the Mac OS Keychain menu bar item on Apple computers
- Usernames of logged on local users (to determine which user accounts on the computer are currently active)
- Answers to Enrollment App questions (to identify primary user's SUNet ID, Stanford/personal ownership, and whether the computer is used with High Risk data)
- Screensaver configuration (to determine whether a password-protected screensaver is in place for all active users, with an idle timeout that satisfies the compliance criteria)
- Local firewall status (to determine whether a local firewall is enabled)
- Whether anti-virus is installed (to determine compliance status with respect to antivirus protection)
- On Macs only: Keychain lock status (to determine whether the keychain is password protected)
- CrashPlan client ID and server URL (to enable MyDevices to look up and display CrashPlan back-up status, where possible)
- Stanford client certificate names (to enable MyDevices to look up and display basic information about certificates installed for authentication to Stanford services)
The collected data is considered to be Moderate Risk data in the University's risk classification system.
See the Administrative Guide for Stanford's official policy regarding privacy. If you have any questions about this policy, please submit a Help ticket.
