All campus owned computing devices should adhere to the UC IS-3 security policy and should take into account the Secure UCSB initiative. These guidelines apply to devices that are used in loaner programs.

Device checkout recommendations:

A checkout form should be used for your device loan program and should include the following:

  • The borrower's name and affiliation to the university (student, staff, faculty).

  • A unique identifier for the device, e.g. service tag, serial number.

  • The duration of the loan.

  • Responsible use policy.

  • Privacy considerations/disclaimer.

  • Borrower’s liability, e.g. responsibility for the cost of lost, stolen, or damaged devices.

  • Record of device return.

Device configuration recommendations:

  • All devices should be up to date and current with security patches.

  • All devices should have the campus approved Endpoint Detection and Response (EDR), Trellix installed, where the device OS is supported.

  • All devices should be enrolled in the campus approved Mobile Device Management (MDM) solution, Maas360 or JAMF.

Device login permissions recommendations:

  • For short term loans, e.g hours, it is recommended that a standard user profile be used.

  • For longer term loans, e.g several days to a quarter, there are two use cases requiring different login privileges.

  • If the loan device is a managed endpoint, then the device should have a standard user profile. An example would be devices that are joined to a department managed Active Directory (AD) domain.

  • If the device is a stand alone device that is NOT managed and/or joined to an AD domain, it is best for the user login profile to be an administrator.

  • It is NOT recommended to use NetID’s for user login profiles.

Device hygiene:

  • For short term loans, e.g. hours, it is recommended that a solution like Deep Freeze be used to reset the device to a previously known good state, before returning the device to the loan program.

  • For devices that are on a quarter or longer loan period, it is recommended that the devices be reimaged to a good known state. This is to prevent the leakage of personally identifiable information of a previous loanee.

  • For devices that are loaned for several days, it is recommended that user profiles be erased.


Last updated on: 06/05/2025