IT Policies‎ > ‎

Admin Rights for Faculty Computers

Laptop & Off Campus Desktop Machines
Because of unavoidable difficulties with things like software installs/updates and remote support, faculty laptops users will be given local administrative rights as the default. The same is true for desktop class machines that are kept off campus (outside of University control such as at home). Only in the event of violations of the Users Responsibilities section will rights for laptops be revoked.

On Campus Desktop Machines
While it is strongly not recommended, LSA IT - Randall will grant limited local administrative rights to faculty members (or a single delegate) for their managed desktop systems under certain conditions and only if requested.

Some of the conditions that we may recognize for the granting of administrative rights are:
  • If the unavoidable delay in a managed environment is significantly impacting your research and teaching efforts.
  • You have specialized software/hardware used in your research or instructional activities that requires admin rights to function. 
Please be aware that meeting one or more of these conditions is not a guarantee that administrative rights will be granted. 

The process for determining whether or not the rights will be granted to a desktop will be as follows...
  1. A request is made for administrative rights through the LSA IT ticketing system (this initiates a "paper trail" for the request). The request must include the justification for administrative rights (and the name of the delegate if applicable). Be aware that "Inconvenience" is never an acceptable justification and will always result in a denied request.
  2. The request will be discussed internal to LSA IT - Randall and the computing security history of the requester will be taken into account. If you have had significant computing security issues in the past, it could result in denial of your request. This process should take no longer than 5 business days.
  3. Notification of our decision will be sent along with information on how to arrange for the rights to be setup or reasons for the denial along with next steps (such as appeal or mitigation that, if performed, could result in granting of the rights).

User Responsibilities
When/If admin rights are granted (for both laptops/desktops), you understand that LSA IT has the right to revoke the admin privilege at any time if the machine becomes a security or support risk. Violation of one or more of the following conditions will be considered a security risk.
  • You understand that you will be given a secondary account with elevated rights (sudo rights in Linux) and it would be a security risk to use it as your primary account on the machine. In addition, you won’t use it to elevate the rights of your primary account, alter the ACLs on the local machine,  or create additional accounts. 
  • You understand that in the event your elevated access results in a security compromise, you may be held responsible for any damages that may result. This may include financial obligations.
  • You agree to maintain good administrative practice and keep the OS fully patched at all times (keeping automatic updates on is required) along with keeping the AV/anti-malware software up to date. You also agree to keep your firewall enabled and the number of open ports minimal.
  • You will not attempt to remove, disable, change, or otherwise alter the remote management settings on your computer.