Admin Rights for LSA IT Managed Computers Policy
To protect the integrity and not expose our managed computing environment to unnecessary risk LSA IT’s default policy is for users to run their machines with standard (restricted) user accounts by default (which is the way our IT staff runs their machines as well).
While it is not recommended, LSA IT will grant limited local administrative rights to users on their managed systems when a need is demonstrated.
Because of certain difficulties with things like software installs/updates and remote support, laptops users will be given local administrative rights as the default. The same is true for desktop class machines that are kept off-campus (outside of University control such as at home).
- When granted admin rights (for both laptops/desktops), you understand that LSA IT has the right to revoke the admin privilege at any time if the machine becomes a security or support risk.
- You understand that you may be given a secondary account with elevated rights (sudo rights in Linux) and it would be a security risk to use it as your primary account on the machine. In addition, you shouldn’t use it to elevate the rights of your primary account, or alter the permissions on the local machine.
- You should maintain good administrative practice and keep the OS fully patched at all times (keeping automatic updates on is required) along with keeping the AV/anti-malware software up-to-date. You also agree to keep your firewall enabled. You will not attempt to remove, disable, change, or otherwise alter the remote management settings on your computer.
- It is your responsibility to assure that all user installed software is fully compliant with any vendor license agreements and appropriate UM software policy.
- LSA IT is not responsible for files and data stored locally on a workstation.
This policy was last reviewed December 6, 2016.