Administrative Access Policy
If you would like to request administrative access on your computer, please review the policy below. After reviewing the policy, please submit this form to the current VP of ITS.
Administrative Access request form
This Policy defines The College of Saint Rose (the “College”) policy regarding local Administrator Access for all College employees to College-owned workstations, computers, tablets, servers and other computing devices.
The College is committed to providing members of the College community with reliable technology in a stable operating environment while appropriately addressing College needs and maintaining College system integrity, data security and legal and regulatory compliance. While most employees can complete their job tasks with standard User Access to their computers, certain circumstances may call for the granting of Administrator Access to employees in order for them to complete their job tasks. Administrator Access introduces some risks to the College and must be tightly restricted and controlled.
More specifically, restricting and controlling Administrator Access has the following benefits:
- Assists with the required management of software licensed to the College.
- Prevents the installation of unlicensed software on College-owned computers or systems.
- Prevents potentially unsafe third-party software containing spyware, malware or other malicious software from being installed on College-owned computers or systems.
- Reduces the likelihood that the College’s protected financial and other data as well as student and employee personal information is made vulnerable at the workstation level.
- Allows ITS to manage its limited technical support resources by creating standard computer configurations and avoiding the support of unlimited variations of software configurations.
- Enhances cyber security and system stability by ensuring that anti-virus and other cyber security technology cannot be uninstalled, disabled or compromised.
This Policy applies to all College employees (including faculty, administrators, and staff) and all College owned workstations, computers, tablets, servers and other computing devices.
4.1. Security Access Levels
There are two security access levels to College-owned computers:
A. User Access
The User Access level allows many administrative controls with some restrictions. Installation of software or hardware that makes changes to the underlying operating system will require the assistance of the Information Technology Services (ITS) Help Desk. The standard User Access level will generally assure the highest level of stability and security for College-owned computers, systems and data.
B. Administrator Access
Under certain circumstances, Administrator Access may be issued to employees on either a temporary or ongoing basis to perform tasks within the scope of their employment. The College recognizes that issuing Administrator Access to computers introduces an increased risk to the security of its systems and data. Therefore, strict guidelines have been developed to mitigate these risks.
Administrator Access allows the employee to have complete and unrestricted access to the operating system. This includes the ability to install any hardware or software, edit operating system settings, manage the default access accounts and change file level permissions. It will also allow for the inadvertent installation of viruses, spyware, keystroke loggers and other malware. Manipulating the configuration of the software / hardware devices may cause serious stability problems with the computer and could affect the data transmission between computer and other devices on the College’s network.
4.2. Requests for Administrator Access
A. By default, all College employees are assigned User Access to their individual computers. Employees who meet certain requirements can make a request to gain Administrator Access. Examples where Administrator Access might be appropriate include cases where licensed software will not run on the computer without elevated permissions, the user provides technical support for their department, or where the user teaches or works in a technology field requiring frequent access to advanced administration options.
B. Requests for Administrator Access must be submitted and accompanied by an approved authorization form signed by the applicable Vice President or Dean. Once ITS staff receive notification of the request, they will have an opportunity to submit comment about the application and make a recommendation to Executive Director of ITS who will make the final decision regarding whether to approve a request. Once the signed authorization form is received and approved by ITS, Administrator Access rights will be granted. If Administrator Access is denied by ITS, the employee may submit a request to the Vice President for Finance and Administration (VPFA) to have the request re-reviewed. The decision of the VPFA will be final.
C. The use of these rights and the level of access to the computer are to be in accordance with the College’s Acceptable Use Policy and all other applicable policies including the College’s Copyright Policy, Mobile Device Policy, Password Policy and Information Security Policy.
D. Administrator Access will only be granted on a very limited basis and only when absolutely necessary. Administrator Access will not be granted primarily for reasons of employee convenience.
4.3 Requirements for Employees with Administrator Access
A. College-owned computers are intended for College related business.
B. Employees with Administrator Access must be extra vigilant in protecting sensitive and confidential data including Personally Identifiable Information (PII) of employees and students, Health Insurance Portability and Accountability Act (HIPAA) information, and Family Educational Rights and Privacy Act (FERPA) data including student grades stored on their College issued computer.
C. Employees cannot download or install software applications (software) that are not licensed specifically to the College. Employees who install software on College-owned computers must maintain adequate documentation that the software was legally acquired and must ensure that it can legally be installed on College-owned computers. This documentation must be provided by the employee upon request of ITS or in the event of an internal or external software audit. The College conducts regular software audits on random samples of computers that have User Access and all computers that have Administrator Access.
D. The employee must abide by the End User License Agreement (EULA) associated with any software they install on a College-owned computer. The EULA is a legal contract between the manufacturer, the author and/or the copyright owner and the end user of an application. The EULA details how the software can and cannot be used and any restrictions that the manufacturer/author/owner imposes. There are generally no Fair Use rights in regard to computer software. EULAs are legal contracts that supersede other rights and privileges.
E. Employees cannot install applications that may establish network share protocols which interfere with network functionality or introduce cyber security vulnerabilities to the College’s network or systems.
F. Employees cannot alter, reconfigure or remove any standard software that was originally installed by ITS. Changes to standard software create labor intensive support challenges for ITS.
G. Employees cannot change network settings such as the computer name, domain/workgroup affiliation or IP address. Computers whose network settings have been changed will be removed from the College’s network.
H. ITS is not responsible for supporting non-standard software. ITS will not troubleshoot, repair or install non-standard software applications. In the event that a computer becomes unstable or unusable, ITS will reinstall the base software image for that computer. This will likely result in the loss of any software or data stored on the computer.
I. Reformatting, reinstalling, or upgrading the operating system without the direct assistance of ITS is prohibited.
J. In the event of computer or network performance issues associated with a computer enabled with Administrator Access, ITS will remove the computer from the network and only restore the computer to the standard configuration for College-owned computers.
K. All College-owned computers are configured with remote support software. This software allows authorized ITS staff to remotely control the computer if necessary for troubleshooting. Removal or disabling of this software will result in the revocation of Administrator Access to the computer.
L. Individuals requiring Administrator Access must submit a completed and signed Administrator Access Request Form. A signed copy will be kept on file in the ITS department. Appropriate supervisors must also sign off on the form.
M. Computers assigned to employees with Administrator Access will be subject to random, unannounced software and cyber security audits more frequently than computers assigned to employees with standard User Access.
N. ITS reserves the right to revoke Administrator Access if the guidelines of this or other policies are not followed or if the Administrator Access leads to abuse or causes problems with the College’s technology infrastructure or systems. Violations of the law, including Copyright law, will also lead to revocation of Administrator Access. Administrator Access may be revoked at any time for violating any part of this policy.
Failure to comply with this Policy will result in Administrator Access being removed immediately. In addition, it may be addressed through the College’s Corrective Action processes as noted in the College’s applicable handbooks. If warranted, an employee’s failure to comply will result in disciplinary action up to and including termination of employment. Failure to comply may also be a violation of civil/criminal law and may cause the employee to be subject to applicable penalties.
|User Access||The standard level of security access to College-owned workstations, computers, tablets, servers and other computing devices.|
|Administrator Access||This level of access to College-owned workstations, computers, tablets, servers and other computing devices allows the employee to have complete and unrestricted access to the operating system. This includes the ability to install any hardware or software, edit operating system settings, manage the default access accounts and change file level permissions. It will also allow for the inadvertent installation of viruses, spyware, keystroke loggers and other malware.|