Q: Why is workstation administrator access being removed?
A. To protect the University from ransomware and other intrusions, administrator access from all MU and UM System faculty/staff computers must be removed. (MOREnet and MU Health are not included in this phase; they will receive information at a later date.)
Q: When does this change take effect?
A. Administrator access will be removed from systems in COL, UM and Health Academic devices on February 2, 2022.
Q: What should I do if I need administrator access on my workstation to complete a task or to do my job?
A. User Experience after Change:
- Faculty and staff can install pre-approved software from the Software Center application that is already available on their computers. Administrator access is not needed for these installations. Think of this as a pre-approved “app store” that you might find on your smartphone.
- The Division of IT Help Desk can assist with installs from the Software Center, and some other limited administrator access needs such as printer and other “driver dependent” installations.
- Faculty and staff that need specialized software installed will have their requests escalated to their IT Pro through the Help Desk. The Research Support Services team is also available to provide additional assistance to research faculty and staff to ensure their software needs can be taken care of effectively, while still ensuring we are very cautious about ransomware/malware threats.
- In limited cases where faculty and staff consistently need administrator access, they will be given access to a “Make Me an Admin” tool that will allow for this in a secure way.
Q: What is the Process for Requesting Administrator Access | Make Me Admin Tool?
A. In limited cases where faculty and staff consistently need administrator access, they may request access to the “Make Me an Admin” tool, which will allow for admin access in a secure way:
- If a user has a continual need for administrator access, they must initiate the request through the DoIT Service Portal: umsystem.edu/CherwellPortal/DoITPortal/SAMLLogin/One-Step/RequestAdminAccess
Note that this form requires that the user agree to certain conditions, provide their supervisor’s information (i.e., User ID, name, email, phone) and lists accurate information about their workstation (e.g., computer name and operating system). The user must also provide adequate justification for why such access is necessary.
- If the request is approved, the Make Me an Admin tool will be accessible from the start menu. Click on Grant Me Administrator Rights. A notification window will appear advising the user that they are now an administrator.
- The user will then be able to perform actions that require administrator rights. When prompted for credentials, enter your system username and password.
- After a 15-minute period or a logout/reboot/shutdown, whichever comes first, the user is notified that administrator rights have been removed. Any tasks or applications started as an administrator will continue to work until they are closed or the user performs a logout/reboot/shutdown.
Q: How long will I have my administrative access on my workstation?
A. The usage and necessity of all local administrator accounts shall be audited every six months. To continue possessing an account, a valid business purpose must continue to exist.
Security has updated the UM System Workstation policy posted on the UM System and DoIT webpages.