Overview
By default, users do not have administrative rights on their UM-Dearborn machines. Upon submission of the Administrative Account Request form and review by UM-Dearborn ITS Operations (as well as their faculty advisor or supervisor in select cases), users may be granted administrative rights via a local administrative account on Windows or granting their user profile admin rights on macOS.
This article outlines the terms and conditions of having administrative access on a UM-Dearborn managed system. Users that are granted access are expected to abide by these terms and conditions, failure to do so will result in administrative access being revoked.
Terms and Conditions
UM-Dearborn ITS requires that the Administrative Account Request form be submitted for all administrative rights requests. This form must be completed by the user requesting administrative rights. By submitting the form, you agree to:
- Perform day-to-day work as a non-privileged user and only use privileged accounts for tasks that require additional capabilities and administrative privileges.
- Understanding that you will be given a privileged secondary account with elevated rights (commonly referred as an “install” account) and it would be a security risk to use it as your primary account on the machine. In addition, you will not use it to elevate the rights of your primary account, alter the Access Control List (ACL) on the local machine, or create additional accounts.
- Understanding that in the event your elevated access results in a security incident, you may be held responsible for any damages that result. Security incident examples include compromised user accounts, computer system intrusion, ransomware infection, unauthorized access or changes of systems, or interference with the intended usage of IT resources.
- Maintaining good administrative practices such as keeping the operating system fully patched and keeping the enhanced endpoint protection (CrowdStrike Falcon) enabled. You also agree to keep your firewall enabled and the number of open ports minimal.
- You will not attempt to remove, disable, change, or otherwise alter the remote management settings on your computer.
- Submitting the Administrative Account Request form does not grant access to administrative rights on all machines that you work with. ITS requires that the form is submitted once per machine, per user. Install accounts are not to be shared between users.
References
Still need assistance? See the following related services: