TN 4399: Exempt personally owned software
from the scope of institutional licenses

2011.09.22 (reviewed)

Often in an academic setting, the same application programs that are institutionally licensed and installed on lab computers may also be personally licensed and installed on computers owned by faculty or staff. But KeyAccess may be required on these 'personal' computers in order to grant faculty or staff access to a different application program that is institutionally licensed and managed by KeyServer. In this case, special care must be taken by the KeyServer administrator to make sure the institutional license policies enforced by KeyServer do not interfere with the use of the personally owned software copies.

One solution is to configure KeyServer to only manage keyed program copies, but these require special preparation and distribution methods. KeyServer version 7.x makes it easy to Manage usage within one Group of computers while ignoring usage outside of the group.

When the appropriate scope of the institutional licenses is known precisely (e.g. computer labs) then a Group should be configured to include these computers - see the Groups documentation for various ways to do this. Then a single Manage Policy is made for the Product, and the Group is used as the Scope of the Policy. The Policy then only applies to clients in the group, while outside the group, no applicable Policy exists, and usage is ignored.

If on the other hand the institutional licenses should apply to some less well defined group of clients, you may need to explicitly add individual computers to a group as you learn which computers should use the institutional license. Other than the detail of how the group is defined, the Policy configuration in this case can be exactly the same as above.

In cases where you cannot say for certain what computers should use institutional licenses and what computers own their own, you may want to consider a slightly more complex configuration, in order to ensure that you will deny launches until you know whether you should allow them. One way to do this is by configuring two Policies for the Product. The first is a Manage Policy, with Scope & “institutional” - this is the group which you will add clients to as you learn that they should use the Institutional license. The second is a Deny Policy, with Scope “!owners”. Notice the exclamation point - this means “no in the owners group”. Then every launch that occurs outside of both the “institutional” and “owners” groups will be Denied. As you determine how to treat each computer you can add it to one of the groups. Computers in the “institutional” group will be managed by the license, while computers in the “owners” group will be ignored.