Admin Rights for LSA IT Managed Computers Policy
|Admin Rights for LSA IT Managed Computers Policy|
|Purpose||Protect the integrity and not expose our managed computing environment to unnecessary risk|
|Approved by||LSA IT Lead Team|
This policy exists to protect the integrity and not expose our managed computing environment to unnecessary risk. LSA IT’s default policy is for users to run their machines with standard (restricted) user accounts by default (which is the way our IT staff runs their machines as well).
If the policy has gone at least a year without review, a review of this policy may be necessary.
While it is not recommended, LSA IT will grant limited local administrative rights to users on their managed systems when a need is demonstrated.
Because of certain difficulties with things like software installs/updates and remote support, laptops users will be given local administrative rights as the default. The same is true for desktop class machines that are kept off-campus (outside of university control such as at home).
Policy: User Responsibilities
- When granted admin rights (for both laptops/desktops), you understand that LSA IT has the right to revoke the admin privilege at any time if the machine becomes a security or support risk.
- You understand that you may be given a secondary account with elevated rights (sudo rights in Linux) and it would be a security risk to use it as your primary account on the machine. In addition, you shouldn’t use it to elevate the rights of your primary account, or alter the permissions on the local machine.
- You should maintain good administrative practice and keep the OS fully patched at all times (keeping automatic updates on is required) along with keeping the AV/anti-malware software up-to-date. You also agree to keep your firewall enabled. You will not attempt to remove, disable, change, or otherwise alter the remote management settings on your computer.
- It is your responsibility to assure that all user installed software is fully compliant with any vendor license agreements and appropriate UM software policy.
- LSA IT is not responsible for files and data stored locally on a workstation.
This policy was approved 2016-12-06 by the LSA IT Lead Team.
This policy was last reviewed 2016-12-06.