Desktop Administrative Rights Access Standard
Date of Current Revision or Creation: December 1, 2022
The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
Purpose
The purpose of this standard is to define the terms and conditions upon which administrative rights access to the University's owned workstations or other University-owned end-user devices are granted.
Definitions
Abuse of Privilege - When a user willfully performs an action prohibited by organizational policy or law, even if technical controls are insufficient to prevent the user from performing the action.
General User Access - Provides standard access and prevents the user from making accidental or intentional system-wide changes and can run most applications.
Administrative Rights Access - This access is also referred to as privileged, administrator, admin, or root access, which allows an individual unrestricted access to change the configuration of operating system level settings on a specific University-owned desktop, laptop, end-user device, or server on a specific computer.
Standards Statement
By default, all University employees with non-IT related job descriptions are assigned general user access privileges on their individual workstations.
In some cases, the University may grant administrative rights access to an employee to a University-owned desktop, laptop, or other end-user device. Administrative rights access allow users the ability to change standard desktop configuration settings, install unlicensed software and disable other security measures, potentially creating security weaknesses in the desktop environment. This access is a privilege only provided to individuals who require this level of access and control in order to do their jobs effectively.
Authorization Process
All centrally managed University systems and applications that are capable of authenticating to the domain must be configured to authenticate to the domain. Administrative accounts must be provisioned in the domain with approvals described in ITS Standard 04.2.0 Account Management Standard.
Requests for administrative rights access are directed to Information Technology Services (ITS) using the account request process. Administrative rights access is only granted to individuals and only to a specific system or device. Justification is required for approval.
Users are responsible for understanding the user responsibilities for their privileged access.
Administrative Rights Access - User Responsibilities
Users with privileged access must take necessary precautions to protect the security of the information encountered in the performance of their duties.
Users may not use their privileged access for unauthorized viewing, modification, copying, or destruction of system or user data.
Users with privileged access are responsible for complying with all applicable laws, regulations, policies, and procedures.
Users with privileged access must always be aware that these privileges place them in a position of considerable trust. Users must not breach that trust by misusing privileges.
Users with privileged access must login with user-level privileges at the console of the system and use elevated privileges only for necessary administrative tasks.
Users with privileged access must setup and configure University owned computer workstations in accordance with security policies and procedures including the proper installation and functioning of certified virus protection software.
Administrative Rights Access Account Audit
The Account Management Team reviews account usage and assesses the continued need for the account.
Violations
Each individual that uses administrative rights access accounts must not abuse the privileged access. Any such abuse must be immediately reported to the IT Security Office. Violators are subject to disciplinary action.
Procedures, Guidelines & Other Related Information
- Federal and State Law
- Policy 3500 - Use of Computing Resources
- Policy 3505 - Information Technology Security Policy
- IT Standard 09.1.0 - Acceptable Use Standard
- IT Standard 10.1.0 - Disciplinary Action Standard
- IT Standard 04.2.0 - Accounts Management Standard
- Administrative Rights Access Procedures
- Administrative Rights Access Guidelines
History
| Date | Responsible Party | Action |
| July 2015 | IT Policy Office | Created |
| December 2016 | IT Policy Office | Reviewed |
| December 2019 | IT Policy Office | Reviewed |
| December 2022 | IT Policy Office | Reviewed |