In general, all devices must fulfil the requirements before they can be reconnected to the campus data network. Exceptions must be authorised on a case-by-case basis. Please contact the Information Security Officer Dr Eckhofer (informationssicherheit [at] tu-freiberg [dot] de).

Please use the following form so that your devices can be approved for the campus data network: 2023-02-02 Richtlinie saubere Rechner_Anlage Formular

Please report the devices to be connected via the local administrators to our Service Management System (uniintern) aufrufbar, if possible as a collective report.

The connection of devices with outdated operating systems is only possible with special authorisation. This applies in particular to Microsoft operating systems prior to "Windows 10" or "Windows Server 2012" (end of support: October 2023).

Please check carefully that the criteria are met. If in doubt, a device must not be connected or must be reinstalled.

All devices that were in the AD domain must be reinstalled.

If you are not sure which domain your Windows computer is in, you can check this as follows:

• Win key + R
• Enter: cmd (+ Enter)
• Enter: systeminfo (+ Enter)
• Domain: the domain of your Windows computer

For all other systems, it must be ensured that...

• ...no user on the system has assigned a password that matches the university login or
• ...it can be proven that no login via the network was possible on this system (remote desktop / RDP, Windows file sharing, SSH, ...).

On Windows and MacOS systems, the endpoint protection solution "Sophos Intercept X with XDR" must be installed before sharing. It is also recommended for Linux servers.

In general, please only activate network services if they are absolutely necessary. Deactivate active services and sharing accordingly by default.

If possible, please use certificate-based authentication and deactivate login by password. For OpenSSH, for example, PasswordAuthentication and ChallengeResponseAuthentication should be set to "no".