Administration Access Agreement

Body

All admin requests must be accompanied with a written business purpose for justification of admin access.

Administrative privileges on modern desktop operating systems grant users complete control over most functions and features of the operating system and applications. Unguarded computing habits can lead to malware infections that can cause detrimental effects ranging from the widespread exposure of sensitive information stored on your personal device to compromising the performance and security of the entire college’s network environment.  IT offers numerous other solutions to install software including a software install library in Ivanti and JAMF.  IT staff are also available to schedule software installs.  Virtual Desktop Infrastructures (VDIs) may also be available for specialized software installations.

Integrity of User Files

Software Installation Requirements

General Guidelines and Loss of Privileges

Appropriate Use of the Administrator Account

Oversight and Enforcement
 

Integrity of User Files

Aside from software provided by the University, the user bears responsibility for any loss or corruption of files due to his or her use of the privileges available through the administrative account.
 

Software Installation Requirements

  • All software installed on University owned computers must be properly licensed.
     
  • All users, including those with administrative privileges, must adhere to all federal and state laws and University regulations, paying particular attention to copyright.
     
  • Peer-to-peer applications, which open the user’s machine to other computers on the Internet allowing outsiders access University networks, are known to pose risks to the user’s computer and the network; hence such software should not be used except for research purposes and with great caution.
     
  • IT will not offer technical support for any user-installed specialized software.
     
  • IT may maintain an administrative account on each machine. The user will not create any unauthorized administrator or user account on the machine.
     
  • The user will not delete any user accounts initiated by central or unit IT on the machine.
     
  • The user will not make any password change that results in restricting IT from administering the machine.
     
  • The detection of a malware activity or any other disruptive element affecting the network will automatically result in the disconnection of the affected machine from the network and revocation of administrative privileges.
     
  • Hardware configurations cannot be modified in such a way as to void the manufacturer’s warranty.
     
  • Peripherals (e.g., printers, scanners, external drives, etc.) can be added by the user.
     
  • The user will not permanently uninstall, disable or modify any software designed to protect the system that has been installed by IT without prior permission.
     

General Guidelines and Loss of Privileges

  • Central or unit IT reserves the right to suspend the administrative account if any condition is violated.
     
  • Users acknowledge that compromised operating systems might require re-installation - potentially resulting in partial or total loss of files.
     
  • The user agrees to make a good faith effort not to disrupt any network services for other researchers, faculty, staff and students.
     
  • IT may audit systems for compliance purposes.
     

IMPORTANT:

  • Only use the administrative account for administrative purposes (downloading, installing, and upgrading software and hardware applications and performing basic maintenance).
     
  • Never use the administrative account for day-to-day computer tasks (browsing websites, using social media, checking email, working with documents, spreadsheets, and database), which are vectors for transmitting malware. Contracting malware with administrative account grants administrative control over the computer resources to the malware.
     
  • Schedule a meeting with technicians for advice and assistance maintaining the local desktop in an administrative environment.
     
  • Users are encouraged to perform daily tasks using the generic user account. The administrative account is reserved exclusively for tasks that require elevated privileges (software installation, updates, upgrades, troubleshooting, etc.).
     
  • Prefer to use: username_la for account name, exceptions can be made for research systems.
     
  • By default, UD restricts administrative privileges on UD-owned computers to IT support staff only. Faculty and staff who have been issued these devices as part of their employment at the University have provisioned access as a “local user” of the device. This limited access protects UD’s network and data from the risks associated with malware or device compromise.
     
  • The need for direct administrator access on a UD-owned computer is generally rare and/or brief (e.g., installing non-standard software). In these cases, employees contact the IT Service Center for timely assistance. In rare cases this periodic intervention by the IT Service Center may be insufficient. UDit may provision an employee with an administrator account to their UD-owned computer pending agreement to the conditions listed below.
     

Appropriate Use of the Administrator Account

  • The administrative account should be used for administrative purposes ONLY (e.g., downloading, installing, and upgrading software and hardware applications and performing basic maintenance). Perform daily tasks with your local user account.
     
  • Do not create unauthorized administrator or user accounts or delete/modify any user accounts initiated by UDit or unit IT.
     
  • Do not uninstall, disable or modify software designed to protect the system (e.g., Crowdstrike, Ivanti) without prior permission from UDit.
     
  • Comply with UD’s Fair Responsible and Acceptable Use of Electronic Resources policy.
     

Oversight and Enforcement

  • UDit may audit systems for compliance purposes and reserves the right to suspend the administrative account if any condition is violated.
     
  • The detection of malware activity or any other disruptive element affecting the network will automatically result in the disconnection of the affected machine from the network and revocation of administrative privileges.
     
  • Repairing a compromised operating system may require re-installation - potentially resulting in partial or total loss of files.
     
  • The employee bears responsibility for any loss or corruption of University data due to use of the privileges available through the administrative account. Support of systems with local admin privileges will be best effort and IT may only be able to wipe and reinstall the OS for service.

Details

Details

Article ID: 157902
Created
Fri 9/15/23 11:22 AM
Modified
Thu 10/5/23 8:03 AM