This standard applies to all university-owned workstations running a Windows, Macintosh, or Linux desktop operating system.
This standard exists to support the University’s IT strategy to deliver efficient, secure, and cost-effective IT solutions while supporting University colleagues in variety of approaches to teaching, learning, research and enterprise. Some more specific reasons for supporting this standard are:
By default, all members of the university community using campus-owned workstations are granted the “Standard User” access level on their individual workstations. University-owned workstations are configured as part of central managed service to automatically receive software, secure configurations, updates and security patches, so administrative privileges are not necessary in most cases.
The Principle of Least Privilege. All University employees should use the least set of privileges necessary to operate their computers. By adhering to this principle, we limit the damage that can result from a poorly written application, viruses, malware, ransomware, an accident, or error.
Division of Information Technology will provide local computer “Administrator” privileges when it has been determined that there is a valid business case for needing it. All requests will be reviewed on a case-by-case basis, and if approved, workstation admin rights will be granted. The usage and necessity of all end-users with workstation admin access shall be audited every six months. To continue possessing an account, a valid business purpose must still continue to exist.
User acknowledges that Division of IT staff may inspect their workstation at any time, including execution of software compliance reports and software inventory reports on a periodic basis via manual or automated processes. User further agrees to provide licenses or purchase documentation for all software discovered during a software compliance review.
If administrative privileges are abused, the Division of IT will revoke this access immediately. In addition, the user understands that any modifications made to the workstation that disrupts the usability of the system or software will not be the responsibility of the Division of IT to troubleshoot or repair, and in the event of system instability or unusability, the Division of IT will return the computer to a fresh image state. The user will be responsible for restoring data that was stored locally on the workstation, as well as any additional software that the user installed.