[ skip to content ]

More Information about this image

Handbook and paperwork for the newly hired.

Old Dominion University

Information Technology Standard

04.3.0 Desktop Administrative Rights Access Standard

Date of Current Revision or Creation: December 1, 2022

The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

  1. Purpose

    The purpose of this standard is to define the terms and conditions upon which administrative rights access to the University's owned workstations or other University-owned end-user devices are granted.

  2. Definitions

    Abuse of Privilege - When a user willfully performs an action prohibited by organizational policy or law, even if technical controls are insufficient to prevent the user from performing the action.

    General User Access - Provides standard access and prevents the user from making accidental or intentional system-wide changes and can run most applications.

    Administrative Rights Access - This access is also referred to as privileged, administrator, admin, or root access, which allows an individual unrestricted access to change the configuration of operating system level settings on a specific University-owned desktop, laptop, end-user device, or server on a specific computer.

  3. Standards Statement

    By default, all University employees with non-IT related job descriptions are assigned general user access privileges on their individual workstations.

    In some cases, the University may grant administrative rights access to an employee to a University-owned desktop, laptop, or other end-user device. Administrative rights access allow users the ability to change standard desktop configuration settings, install unlicensed software and disable other security measures, potentially creating security weaknesses in the desktop environment. This access is a privilege only provided to individuals who require this level of access and control in order to do their jobs effectively.

    Authorization Process

    All centrally managed University systems and applications that are capable of authenticating to the domain must be configured to authenticate to the domain. Administrative accounts must be provisioned in the domain with approvals described in ITS Standard 04.2.0 Account Management Standard.

    Requests for administrative rights access are directed to Information Technology Services (ITS) using the account request process. Administrative rights access is only granted to individuals and only to a specific system or device. Justification is required for approval.

    Users are responsible for understanding the user responsibilities for their privileged access.

    Administrative Rights Access - User Responsibilities

    Users with privileged access must take necessary precautions to protect the security of the information encountered in the performance of their duties.

    Users may not use their privileged access for unauthorized viewing, modification, copying, or destruction of system or user data.

    Users with privileged access are responsible for complying with all applicable laws, regulations, policies, and procedures.

    Users with privileged access must always be aware that these privileges place them in a position of considerable trust. Users must not breach that trust by misusing privileges.

    Users with privileged access must login with user-level privileges at the console of the system and use elevated privileges only for necessary administrative tasks.

    Users with privileged access must setup and configure University owned computer workstations in accordance with security policies and procedures including the proper installation and functioning of certified virus protection software.

    Administrative Rights Access Account Audit

    The Account Management Team reviews account usage and assesses the continued need for the account.

    Violations

    Each individual that uses administrative rights access accounts must not abuse the privileged access. Any such abuse must be immediately reported to the IT Security Office. Violators are subject to disciplinary action.

  4. Procedures, Guidelines & Other Related Information

    Federal and State Law

    Policy 3500 - Use of Computing Resources

    Policy 3505 - Information Technology Security Policy

    IT Standard 09.1.0 - Acceptable Use Standard

    IT Standard 10.1.0 - Disciplinary Action Standard

    IT Standard 04.2.0 - Accounts Management Standard

    Administrative Rights Access Procedures

    Administrative Rights Access Guidelines

  5. History

    Date Responsible Party Action
    July 2015 IT Policy Office
    		 Created
    December 2016 IT Policy Office Reviewed
    December 2019 IT Policy Office Reviewed
    December 2022 IT Policy Office Reviewed

Contact

IT Project Management

IT Project Management coordinates the efforts and resources of ODU ITS to produce effective, quality solutions for the University's students.

Student Computing

Faculty & Staff Computing

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.