User Administrative Privilege
Standard and Process
Configure the device to operate with user-level privileges. Use the configuration setting to prompt the user if administrative-level privilege is needed.
Due to the increased risk and responsibility inherent in operating with administrative privileges, users must be educated regarding these factors and the additional responsibilities.
Users who have administrative privileges on IT resources are responsible for the following:
- using the account with administrative privilege only when that privilege level is required
- not blocking, disabling or otherwise circumventing any services which were included in the initial configuration of the device to install operating system updates/patches, application software patches and anti-virus updates
- maintaining software licensing information for any user installed software
- maintaining and patching for user installed software
The University reserves the right to revoke administrative privileges granted to any user on a University owned system.
Maintain a general document that classifies your users/user groups and explains their need for administrative level privileges. Periodically review the document to evaluate the continuing need for and risks of administrator privileges.
- User Access Control (UAC) setting - Prompt user when higher level privileges are requested:
- Active Directory for Windows operating system
- Casper Suite for Mac operating systems
- Deploy Studio
- RSoP - Understanding Group Policy Objects (GPO) on a Microsoft Windows computer
- SCCM (System Center Configuration Manager)
Document Owner: University Information Security
Document Approver: Brian Dahlin, Director, University Information Security and Patton Fast, University Enterprise Architect
Effective Date: October 2013
Last Reviewed Date: November 2014