Operating a computer system with administrative privileges poses significant risks to the confidentiality, integrity, security, and availability of the University's information assets. Limiting these privileges is essential to mitigate such risks, though it may occasionally cause inconvenience due to delayed software/hardware installation or updates.
To safeguard university information assets, administrative privileges on all university-owned computers will be reserved exclusively for authorized IT staff. Administrator privileges shall be strictly controlled and limited to IT personnel. Furthermore, access for both end users and administrators must adhere to the principle of least privilege.
In line with recent information security audits and recommendations of our cybersecurity insurance partners, all University issued laptop and desktop computers must:
- Be integrated into the University's active directory domain,
- Have management software for asset tracking, license compliance, software installation/upgrading, remote assistance, or troubleshooting,
- Be equipped with active, properly configured security agents,
- Receive IT-approved service packs, patches and automatic software updates via one of the University’s endpoint management platforms such as Kaseya or Jamf,
- Maintain up-to-date anti-virus software, with regular updates to virus definitions and software.
Software Installation by IT Staff
To install software on university-owned devices, University personnel should request assistance from IT Client Services; who will perform installations as per University policy and security guidelines
Devices not in compliance to this policy will be disabled from connection to the University network and access to University data until such time as administrative privileges on the devices are corrected to meet the standards defined herein.
Approved by IT Governance Committee on 12/12/2023