Overview
Provost IT realizes that some users must have greater control over their computer compared to a standard user. This greater control can take the form of being designated as a local administrator on their own workstation or being given a special account which has administrator access to a small group of workstations they might be delegated certain responsibilities for. Administrator access might be necessary for several reasons including, but not limited to:
- Facilitating the installation or removal of software on a frequent basis without having to involve Provost IT
- Ability to compile code for software or web development purposes
- Ability to assist coworkers, in very limited circumstances, with various technical issues
Purpose
The purpose of this policy is to define Provost IT’s policy regarding staff not working for Provost IT having administrator access to end user computers. As listed above, sometimes situations might exist where users might require local administrator access. The list above is a sample, but not complete list, of reasons why such access might be necessary. Other reasons not listed above might apply in certain situations and circumstances; however, the decision to grant local administrator access to a user shall always and only by made by Provost IT.
Guidelines
The following additional guidelines apply to local administrator accounts granted to staff not within Provost IT:
- Local administrator accounts shall have, whenever possible, a different username and password than the primary account holder requiring the administrator access. This “customer admin” account’s password shall still have the same Provost IT account password guidelines apply to it; however, the password must change at least every three months instead of what the regular password policy prescribes.
- Customers shall only be granted access for a legitimate business purpose, as defined and determined by Provost IT.
- Customers with local administrator accounts shall be required to complete regular computer security training.
- The usage and necessity of all local administrator accounts shall be audited every three months. To continue possessing an account, a valid business purpose must still continue to exist.
- Local administrator accounts shall have an expiration set automatically no later than eight months past the creation of the account, assuming the account is not their regular Provost computer login account used by the individual for accessing their regular user profile.
- Approval for access to an account with local administrator permission shall be documented in a Provost IT help desk ticket.
Scope
This policy applies to all users who use computers supported by Provost IT.