Network self-registration for computers, smartphones, and tablets
Last revision October 30, 2013
Self-registration is the only supported method to register common desktop and laptop computers on the Earth Sciences network, whether Stanford owned or personally owned. You can also use it to register WiFi enabled smartphones or tablet computers that have a web browser, such as an iPhone, iPod Touch, iPad, or Android device. You must meet the following qualifications:
The device will not be regularly used in an on-campus student residence. If you are an on-campus student registering a personal device, go to the residential computing web site.
The device's primary base on campus is in the School of Earth Sciences, which includes all offices and laboratories in the Geology Corner, Mitchell Earth Sciences Building (except the Branner Earth Sciences Library), and Green Earth Sciences Building. Earth Sciences offices in the Yang and Yamazaki Environment and Energy Building (Y2E2) are also included. If your primary location is not on the Earth Sciences network, contact the local network administrator for your department to register there.
Computers must run one of these operating systems: Windows XP, Windows Vista, Windows 7, Windows 8, Mac OS X, or a desktop Linux distribution. Most smartphones and tablet computers are also supported by the self-registration system. Other devices or operating systems must use the manual registration form. Versions of Windows earlier than XP are not allowed to access the network directly - they have security vulnerabilities that will never be fixed because they are no longer supported by Microsoft. Windows XP will also be banned beginning in April, 2014, when Microsoft ceases support for it.
Due to restrictions in our workstation support contract and new directives to encrypt all workstations used for Stanford business, Stanford-owned Windows PCs must run either Windows 7 Enterprise or Ultimate editions or Windows 8 Professional or Enterprise editions and Stanford-owned Macintosh PCs must run Mac OS X version 10.7 or later. Other operating system versions are still acceptable for personally owned computers, but that may change.
You have a valid SUNet ID.
You use a login account on your computer with administrative rights while registering. Administrative rights will be needed to make security settings and install patches and required software.
The goals of the network self-registration system are to collect necessary information about the computer in a mostly automatic fashion; to "quarantine" the computer on a special network that is safe from hackers while basic security of the computer is verified; and then to register the computer for full network access, including roaming access to other campus networks besides the primary location, and wireless access if the computer has a wireless adapter.
How to use network self-registration.
First, make sure that your computer is configured to use the DHCP protocol (sometimes called "automatic configuration") to acquire its TCP/IP settings. This is the default configuration method for all modern computers. If you have changed your settings to any manual configurations, you must restore them to DHCP. You must remove any IP address, IP domain, DNS Server, gateway, or netmask settings that you may have made manually and select pure DHCP.
You can register by connecting to the wired network in the Earth Sciences buildings (not in Branner Library), or via wireless connection.
Register via wired connection if you will regularly use the computer in the same location and it has a wired interface. This will give you a reserved, fixed IP address. This is necessary if you ever want to remotely connect into this computer while it is located in your office. But make sure your wireless adapter is turned on while registering so it also will be noticed and registered. When you connect to the wireless network, you will get a temporary IP address.
Connect the wired ethernet interface from your computer to one of the active network jacks in the office or lab that you regularly use in Earth Sciences.
Register via wireless if you don't have a regular desk and so will mostly be using wireless connections, or if your device is wireless only. You can still connect via wired connections as well (much faster and more secure), but you won't have a reserved IP address. Your computer will get a temporary IP address each time you connect, whether wired or wireless.
Connect to the "Stanford" wireless network anywhere in Earth Sciences.
After connecting to the Earth Sciences network, open any web browser program on your computer (or smartphone or tablet) and go to the Network Self Registration web site at
Until you complete the registration process, you have time-limited access to the Internet from a special quarantined network. This quarantined network has strict firewall settings to protect your computer from being seen or probed by hackers while it is being tested, upgraded, and registered. It is not considered part of the Stanford network and you cannot access Stanford restricted network resources while registering. If you do not complete the registration within six days, you will have to start over.
Simply follow the instructions on the self-registration web site, using the big Continue buttons to advance through the steps. You must login with a SUNet ID and provide information about your computer or other device.
For Windows or Macintosh PC registrations, you must download and run the Stanford Network Registration Tool program. You may need to install security patches or anti-virus software to pass the security checks. If you must restart your computer after installations, run the Stanford Network Registration Tool program again to continue.
If you are registering an iOS v4 (or later) device (iPhone or iPad), you will be asked to select a configuration profile from the Mobile Device Managment service. The basic profile automatically configures settings such as email, calendar, and VPN for use at Stanford. If you are working with Stanford non-public data, additional settings provide more security for that data.
After you have completed all requirements, your computer information will be entered into Stanford's network registration database. The Stanford DHCP servers will be upgraded within 20 minutes. You then either renew your DHCP lease or restart your computer to get full campus and Internet access.
Details of the self registration procedure.
The rest of this page gives a more complete description of the steps involved in network self-registration. Continue reading if you want to know in advance what you are getting into!
On the first page, you must agree to abide by the provisions of the Stanford University Computer and Network Usage Policy. Even if you don't bother to read the policy shown on this web page, you will be held to its standards, so you should at least read the summary.
Next, you must login with your SUNet ID and password on the standard Stanford Webauth page. Only SUNet ID holders may register their computers for use on Stanford's network. A limited form of guest access is available for Stanford's wireless networks.
The next registration page will ask you to select your department and building location from drop-down menus, and enter your room number. Your specific department or program should be listed as the default; if not, please select the correct one from the drop-down menu.
Another page collects information about your computer. The self registration system tries to guess your computer type and operating system. Correct its guesses as needed using the drop-down menus. A unique network name based upon your SUNet ID will be assigned to your computer. You may edit that name to select one of your own choosing. The program will check to make sure that your desired name is not already in use on the network. You can check a desired name in advance using this web page.
You must select whether this computer is owned by Stanford or is your personal property. The School of Earth Sciences provides full support for Stanford-owned computers and only limited support for personally owned computers, under the provisions of its Computer Workstation Support Policy.
Finally, you must select whether or not this computer will be used to contain restricted data. Restricted data has a very specific meaning: personal identity information such as social security numbers, credit card numbers or other financial data, health records, or student records of other people that you obtain from Stanford sources. Stanford is required by law to keep such data private. We are not talking about your own information, which you can store anywhere you like, but only information about other people. Stanford restricted data must be stored in encrypted form and may not be stored on a personally-owned computer. The question on restricted data alerts our support staff that this computer needs to be configured for full-disk encryption.
For a Windows or Macintosh PC registration, you will be asked to download and run the Stanford Network Registration Tool program.
The Stanford Network Registration Tool program is designed to check for and enforce security requirements. Departments have some discretion to select which features are required on their network. In the School of Earth Sciences, all security features checked by this tool are required before your network registration will be completed.
For both Windows and Mac OS X, the Stanford Network Registration Tool program verifies that you have set non-trivial passwords on your local accounts, that you have properly configured "Windows Updates" on a Windows PC or "Software Update" on a Mac to check regularly for new security patches, and that you have installed all critical security patches released by Microsoft or Apple.
If you are missing security patches, the Stanford Network Registration Tool program downloads and installs Windows patches directly for you. For Mac OS X, it opens the Software Update application so you can download and install Apple's patches. After you install patches, restart your computer and then re-run the Stanford Network Registration Tool program to continue.
For both Windows and Mac OS X, the Stanford Network Registration Tool program requires that you have a modern anti-virus program installed. If it does not detect one, it directs you to install the Stanford site-licensed version of Sophos Anti-Virus from the Essential Stanford Software web site. After installing anti-virus software, restart your computer and then re-run the Stanford Network Registration Tool program to continue.
For both Windows and Mac OS X, the Stanford Network Registration Tool program also requires that you install the site-licensed BigFix patch management program from the Essential Stanford Software web site. You must select the an appropriate BigFix "group" during installation - choose "Earth Sciences". No restart is needed.
BigFix operates as a backup to your automatic Microsoft "Windows Updates" or Apple "Software Update" settings, to make sure security patches are installed. Our desktop support technicians can use it to remotely query the security status of your PC. It also allows the campus Windows infrastructure team to quickly force out a patch to your computer in the event of a security emergency. For example, this was used effectively during the Zotob/Esbot infection that swept campus in August, 2005, to cut the probability of infection by a factor of ten for PCs running BigFix.
If you are registering your personal computer, when you leave Stanford, you should remove the BigFix program. On Windows, use the Add/Remove Programs control panel. On Mac OS X, get the BigFix installer package again from the Essential Stanford Software web site and run the BESAgent Uninstaller.app program.
For Windows, additional security checks are done. The Stanford Network Registration Tool program makes various registry settings to improve security and runs the Microsoft Malicious Software Removal Tool to remove the most common virus and worm programs, if any are present.
After passing the security checks, and clicking the Continue button in the Stanford Network Registration Tool program, your information will be entered in the campus network database to register your computer, and you will be sent to a web page that describes Earth Sciences specific configurations that you should make. That web page is the same one referenced in the Next Step link at the bottom of this page.
Wait about 20 minutes for the campus DHCP servers to be updated, and then you should be able to access the full campus network and Internet. You must either renew your DHCP lease or restart your computer.
The ITS Network Self-Registration web site provides details of the system internals for local network administrators.