快活林性息

Information Technology
Information Technology
Home Information Technology Information Security Administrative Rights to Computers

Administrative Rights to Computers

What is Administrative Rights Access?

Administrative rights access privileges on end-point computer devices are typically reserved for an institution鈥檚 information technology personnel who are responsible for computer system maintenance and user support. This is because administrative rights access privileges allow a user to perform certain actions (e.g. install software, modify computer system settings, manage users, and run certain software) which can negatively impact the security, stability and usability of a computer, other 快活林性息 computers, and the 快活林性息 network. 听快活林性息 needs to ensure the highest level of security, stability, and usability for computers by limiting the use of administrative rights privileges to those users who have demonstrated a need, understand the responsibilities associated with this special access, and obtained MPP supervisor and Dean/VP or designee approval.

What are the CSU policies and standards governing administrative rights?

笔别谤听, 听快活林性息 must ensure that any changes to a computer听 must go through a change control process and that local administrative rights must not be granted to the campus account used for activities such as web browsing.听In addition per the 2016 Information Security Audit,听快活林性息 was cited for听permitting local administrative rights which could allow disabling of security controls and the installation of unauthorized software.

Per CSU policy and the audit, 快活林性息 must ensure that computers

  • Are created from a current standard secure configuration checklist.
  • Have up to date anti-virus software installed and maintained on the computers. Regular updates to virus definitions and software must be activated
  • Are configured to allow automatic application of software updates through a patch management system

Therefore, 快活林性息 users with administrative rights must not block or in any manner disable and/or revise any services on the workstation that may prevent malware scans and other routine maintenance procedures.听

Do I need Administrative Rights Access to Install Software?

As an alternative to acquiring Administrator Rights Access,听快活林性息 has trained technology staff (central IT staff, college technical staff, Student Affairs technical staff) available to help install software on university-owned devices.听听

Responsibility of Users Granted Administrative Rights Access

Users who have been granted administrative rights access on their computer must:

  • change their听快活林性息听password every 90听days听
  • not interfere or disable any patching, software upgrades, malware checking or Level 1 data scanning
  • purchase all software through central purchasing and maintain the license information for audit purposes
  • conform听to the End User License Agreement (EULA) associated with any software installed on their end point computer device. The EULA is a legal听contract听between the manufacturer and/or the software author and the end user of an application; it details how the software can and cannot be used and any restrictions that the manufacturer has. [Note that all End User License Agreements must be reviewed by a 快活林性息 procurement unit (Purchasing, TUC, AS, USU, or University Foundation) - even for free software.听
  • routinely check for and eliminate spyware, or any similar data gathering听and听reporting software, from their听workstations听
  • never share their username and password with others听 听
  • immediately report any system failures and/or security compromises to听the IT Help Center听
  • read and adhere to the听快活林性息听Acceptable use and Information Security听policies听
  • never use their administrative rights userID to browse the web

How does Administrative Rights Access work at 快活林性息?

If your request for administrative rights is granted and additional userId for your computer(s) will be created by IT staff. You will receive an email with the special Administrative Rights userID which will be followed up by a phone call from IT staff with your password. This additional Administrative Rights userID is to be used only when you need to use administrative rights on your university-owned computer and only for the specific purpose the administrative rights were granted to you. Ordinarily, you will login using your regular 快活林性息 userID credentials; you must not routinely login using your Administrative Rights userID.

Abuse of Administrative Rights Access听听

If听a听user听abuses听his/her听Administrative Rights Access,听快活林性息听will听revoke the听administrative rights access.

听Abuse is defined as, but not limited听to:听

  • downloading software that is malicious to the听快活林性息听network听
  • downloading unlicensed/illegal听software听
  • downloading copyrighted material without听permission听
  • downloading malware to your machine that are听specifically attributed to the use of administrative rights听听
  • causing a breach of Level 1 or Level 2 data听
  • interfering with patches, upgrades or malware scans

How to Request Administrative Rights Access

For audit purposes,听快活林性息听must retain documentation showing that听administrative听rights have been requested and approved.听To apply for Administrative Rights Access, a 快活林性息 employee听must follow these听steps:听

听Read this administrative request and understand the responsibilities of being granted administrative rights on your computer.

Complete and sign the听

Scroll back to the top of the page