You are here

User Administrative Privilege

See the User Administrative Privilege Standard in the University's Information Security policy for specific requirements that you must follow.

Standard and Process

Configuration

Configure the device to operate with user-level privileges. Use the configuration setting to prompt the user if administrative-level privilege is needed.

User Education

Due to the increased risk and responsibility inherent in operating with administrative privileges, users must be educated regarding these factors and the additional responsibilities.

Users who have administrative privileges on IT resources are responsible for the following:

  • using the account with administrative privilege only when that privilege level is required
  • not blocking, disabling or otherwise circumventing any services which were included in the initial configuration of the device to install operating system updates/patches, application software patches and anti-virus updates
  • maintaining software licensing information for any user installed software
  • maintaining and patching for user installed software

The University reserves the right to revoke administrative privileges granted to any user on a University owned system.

Documentation

Maintain a general document that classifies your users/user groups and explains their need for administrative level privileges. Periodically review the document to evaluate the continuing need for and risks of administrator privileges.

More Information

  • User Access Control (UAC) setting - Prompt user when higher level privileges are requested:
  • Active Directory for Windows operating system
  • Casper Suite for Mac operating systems
  • Deploy Studio
  • RSoP - Understanding Group Policy Objects (GPO) on a Microsoft Windows computer
  • SCCM (System Center Configuration Manager)

Document Owner: University Information Security

Document Approver: Brian Dahlin, Director, University Information Security and Patton Fast, University Enterprise Architect

Effective Date: October 2013

Last Reviewed Date: November 2014