Information Technology Policies

X-99.02(A)

UMB IT Administrative Rights Policy

Information Technology   |   Approved April 13, 2015

Responsible VP/AVP

Peter J. Murray, PhD, CAS, MS

Applies to Faculty, Staff, Students

Revision History

Approved April 13, 2015. Last reviewed May 01, 2019.

Policy Statement

Recent advances in networking technology, such as permanent connectivity to the Internet, have brought numerous opportunities to organizations.  Unfortunately, a connection between a computer and any network, especially the Internet, increases the level of risk from malicious software and external attackers.

A significant factor that increases the risks from malicious software is the tendency to give users administrative rights on their computers.  When a user or administrator logs on with administrative rights, any programs that they run, such as browsers, e-mail clients, and instant messaging programs, also have administrative rights.  If these programs activate malicious software, that software can install itself, manipulate services such as anti-virus programs and even hide from the operating system.  Users can run malicious software unintentionally and unknowingly, for example, by visiting a compromised web site or by clicking a link in an email message.

Purpose

This document defines the University of Maryland Baltimore’s (UMB) policy regarding administrative privileges to UMB owned workstations. The University is committed to providing reliable technology in stable operating condition while appropriately addressing the University needs and maintaining University system integrity and data security.

Scope

The Administrative Rights Policy applies to all faculty/staff of the University of Maryland Baltimore and is in compliance with the USM IT Security Standards v4.0.  It also follows industry best practices, such as those defined by TechNet. 

Definitions

Administrator:  these privileges provide users complete and unrestricted access to the computer.

General User:  these privileges provide standard access and prevents the user from making accidental or intentional system-wide changes and can run most applications. 

Policy

By default, all UMB faculty and staff members with non-IT related job descriptions are assigned General User privileges on their individual workstations.  Exceptions may be granted in specialized cases.  In such cases, a deviation request must be filed with the Center for Information Technology Services (CITS).  See the Administrative Rights Guidelines for detailed information.

 

 

Fill out my online form.