¼ªÏé·»

Flag Announcement
Information Technology
Information Technology
Home Information Technology Information Security Administrative Rights to Computers

Administrative Rights to Computers

What is Administrative Rights Access?

Administrative rights access privileges on end-point computer devices are typically reserved for an institution’s information technology personnel who are responsible for computer system maintenance and user support. This is because administrative rights access privileges allow a user to perform certain actions (e.g. install software, modify computer system settings, manage users, and run certain software) which can negatively impact the security, stability and usability of a computer, other ¼ªÏé·» computers, and the ¼ªÏé·» network. Ìý¼ªÏé·» needs to ensure the highest level of security, stability, and usability for computers by limiting the use of administrative rights privileges to those users who have demonstrated a need, understand the responsibilities associated with this special access, and obtained MPP supervisor and Dean/VP or designee approval.

What are the CSU policies and standards governing administrative rights?

±Ê±ð°ùÌý, Ìý¼ªÏé·» must ensure that any changes to a computerÌý must go through a change control process and that local administrative rights must not be granted to the campus account used for activities such as web browsing.ÌýÌýIn addition per the 2016 Information Security Audit,Ìý¼ªÏé·» was cited forÌýpermitting local administrative rights which could allow disabling of security controls and the installation of unauthorized software.

Per CSU policy and the audit, ¼ªÏé·» must ensure that computers

  • Are created from a current standard secure configuration checklist.
  • Have up to date anti-virus software installed and maintained on the computers. Regular updates to virus definitions and software must be activated
  • Are configured to allow automatic application of software updates through a patch management system

Therefore, ¼ªÏé·» users with administrative rights must not block or in any manner disable and/or revise any services on the workstation that may prevent malware scans and other routine maintenance procedures.Ìý

Do I need Administrative Rights Access to Install Software?

As an alternative to acquiring Administrator Rights Access,Ìý¼ªÏé·» has trained technology staff (central IT staff, college technical staff, Student Affairs technical staff) available to help install software on university-owned devices.ÌýÌý

Responsibility of Users Granted Administrative Rights Access

ÌýUsers who have been granted administrative rights access on their computer must:

  • change theirÌý¼ªÏé·»Ìýpassword every 90ÌýdaysÌý
  • not interfere or disable any patching, software upgrades, malware checking or Level 1 data scanning
  • purchase all software through central purchasing and maintain the license information for audit purposes
  • conformÌýto the End User License Agreement (EULA) associated with any software installed on their end point computer device. The EULA is a legalÌýcontractÌýbetween the manufacturer and/or the software author and the end user of an application; it details how the software can and cannot be used and any restrictions that the manufacturer has. [Note that all End User License Agreements must be reviewed by a ¼ªÏé·» procurement unit (Purchasing, TUC, AS, USU, or University Foundation) - even for free software.Ìý
  • routinely check for and eliminate spyware, or any similar data gatheringÌýandÌýreporting software, from theirÌýworkstationsÌý
  • never share their username and password with othersÌý Ìý
  • immediately report any system failures and/or security compromises toÌýthe IT Help CenterÌý
  • read and adhere to theÌý¼ªÏé·»ÌýAcceptable use and Information SecurityÌýpoliciesÌý
  • never use their administrative rights userID to browse the web

How does Administrative Rights Access work at ¼ªÏé·»?

If your request for administrative rights is granted and additional userId for your computer(s) will be created by IT staff. You will receive an email with the special Administrative Rights userID which will be followed up by a phone call from IT staff with your password. This additional Administrative Rights userID is to be used only when you need to use administrative rights on your university-owned computer and only for the specific purpose the administrative rights were granted to you. Ordinarily, you will login using your regular ¼ªÏé·» userID credentials; you must not routinely login using your Administrative Rights userID.

Abuse of Administrative Rights AccessÌýÌý

IfÌýaÌýuserÌýabusesÌýhis/herÌýAdministrative Rights Access,Ìý¼ªÏé·»ÌýwillÌýrevoke theÌýadministrative rights access.

ÌýAbuse is defined as, but not limitedÌýto:Ìý

  • downloading software that is malicious to theÌý¼ªÏé·»ÌýnetworkÌý
  • downloading unlicensed/illegalÌýsoftwareÌý
  • downloading copyrighted material withoutÌýpermissionÌý
  • downloading malware to your machine that areÌýspecifically attributed to the use of administrative rightsÌýÌý
  • causing a breach of Level 1 or Level 2 dataÌý
  • interfering with patches, upgrades or malware scans

How to Request Administrative Rights Access

For audit purposes,Ìý¼ªÏé·»Ìýmust retain documentation showing thatÌýadministrativeÌýrights have been requested and approved.ÌýTo apply for Administrative Rights Access, a ¼ªÏé·» employeeÌýmust follow theseÌýsteps:Ìý

ÌýRead this administrative request and understand the responsibilities of being granted administrative rights on your computer.

Complete and sign theÌý

Scroll back to the top of the page