What will happen to my local admin status?

We realize that some users have administrator status accounts on the local machine. Unfortunately this is not a practice supported by Central security policies. For this reason you will not have admin status after the migration. However, you can make a case for it as there is now a formal process for exceptions. We have a special form you can request via our Service Desk. We have a sample of that form here for you to review.

Administrative Accounts at York College – Statement of Agreement

 Statement of Purpose

 In order to pursue research, advance teaching and provide install access for non-standard locally approved specialized applications members of the faculty and staff who request administrative accounts on York College owned computer(s) that they use will be granted a separate administrative account, pursuant to the conditions stated within this document. Each request should be submitted to Information Technology CIO. Approval will be given upon signed receipt.

Definition of Terms

Modern desktop operating systems provide for secure access to a given computer through the implementation of user accounts. These accounts allow certain privileges, ranging from limited access to full control over the local machine. In the Microsoft environment, the account with full (total) control over the local machine is termed “administrator.”

Impact Statement

With administrative privileges, lack of computer security awareness may lead to serious consequences on the local machine, including total loss of files. Lack of computer security awareness might also have untoward consequences for the York College network.

Conditions (requirements to acquire an administrative account)

Security Awareness

All computer users at York College must complete the CUNY Security Awareness training. The link to this training is provided in the Desktop Security and Best Practices document attached with this agreement. Computer users with access to an administrative account are especially vulnerable to many more risk due to the level of access on their local systems.

Security Awareness Training http://www.enterprisetraining.com/cunycourse.htm

The above course runs about 25 minutes and is interactive. It is best with speakers or headphones.

Software Installation Requirements

All software installed on college-owned computers must be properly licensed.

All users, including those with administrative privileges, must adhere to all federal and state laws, and University regulations, paying particular attention to copyright.

Peer-to-peer applications, which open the user’s machine to other computers on the Internet allowing outsiders’ access to the York College Network, are known to pose risks to the user’s computer and the network; hence such software should not be used except for research purposes and with the knowledge of the Information Technology CIO.

Information Technology will not offer technical support for any user-installed, specialized software.

Integrity of User Files

Aside from software provided by the College, the user bears responsibility for any loss or corruption of files due to his or her use of the administrative account.

Network Access

All users will continue to have access to the network services provided to the college, such as email, Internet access, etc.

Elevated user privileges on the local machine(s) do not apply to network devices or services.

Passwords and User Accounts

Information Technology will maintain an administrative account on each machine.

The user will not install any unauthorized administrator user accounts on the machine.

The user will not delete any user accounts initiated by IT on the machine.

The user will not make any password change that results in restricting Information Technology from administering the machine.

The admin user account will be unique and not the same as the login user account

The admin user account will only be used for administrative purposes

Local Machine

The introduction of a virus, or any other destructive situation affecting the York College Network, will automatically result in the disconnection of the affected machine from the York College Network and the user will be immediately contacted.

Hardware configurations cannot be modified in such a way as to void the manufacturer’s warranty.

Peripherals (e.g., printers, scanners, external drives, etc.) can be added by the user.

The user will not permanently uninstall, disable or modify any software designed to protect the system that has been installed by Information Technology, without prior consultation  and approval by IT.

Information Technology will schedule the determination and resolution of any technical problems created as a result of an administrative account within the normal technical support schedule.

General Guidelines and Loss of Privileges

Information Technology in consultation with the Office of the Provost or a body designated by the Provost reserves the right to suspend the administrative account if any condition is violated.

Users acknowledge that compromised operating systems might require re-installation, potentially resulting in partial or total loss of files.

The user agrees to make a good faith effort not to disrupt any network services for other researchers, other faculty, staff and students.

User Rights

IT will maintain the same level of service as provided to power users. This includes installation and re-installation of site licensed software. It also includes trouble-shooting problems not unique to user-installed software

The presence of user-installed software does not constitute the prima facie cause of any apparent difficulty with the PC.

Recommendations

The user is encouraged to allow network specialists in Information Technology to audit the system semi annually to insure compliance of the local desktop in an administrative environment.

IT will provide a list of “best practices” to help users properly utilize their administrative privileges

Acceptance of Agreement

I hereby agree to the terms and conditions to acquire administrative privileges, and I have reviewed the Best Practices document as well as have taken the Security Awareness training.

Name   _____________________(printed)                            Date __________

Signature____________________

For Technician Use Only

Work Order # __________     Asset Tag #______                 Phone Ext:_______

Loc. _________________        York bar code # ____________________

Date Completed ___________________________

Technician Name __________________________

This document will be attached to the completed work order.

Document Actions