Information Technology Policies

X-99.02(A)

UMB IT Administrative Rights Policy

Information Technology


Responsible VP/AVP

Peter J. Murray, PhD


Applies to Faculty, Staff, Students


Policy Statement

Recent advances in networking technology, such as permanent connectivity to the Internet, have brought numerous opportunities to organizations.  Unfortunately, a connection between a computer and any network, especially the Internet, increases the level of risk from malicious software and external attackers.

A significant factor that increases the risks from malicious software is the tendency to give users administrative rights on their computers.  When a user or administrator logs on with administrative rights, any programs that they run, such as browsers, e-mail clients, and instant messaging programs, also have administrative rights.  If these programs activate malicious software, that software can install itself, manipulate services such as antivirus programs and even hide from the operating system.  Users can run malicious software unintentionally and unknowingly, for example, by visiting a compromised web site or by clicking a link in an email message.

Purpose

This document defines the University of Maryland Baltimore’s (UMB) policy regarding local administrator privileges to UMB owned workstations. The University is committed to providing reliable technology in stable operating condition while appropriately addressing the University needs and maintaining University system integrity and data security.

Scope

The Administrative Rights Policy applies to all faculty/staff of the University of Maryland Baltimore and is in compliance with the USM Security Standards.  It also follows industry best practices, such as those defined by TechNet. 

Definitions

Administrator:  allows users complete and unrestricted access to the computer.

General User:  provides standard access and prevents the user from making accidental or intentional system-wide changes and can run most applications. 

Policy

By default, all UMB faculty and staff members with non-IT related job descriptions are assigned General User privileges on their individual workstations.  Exceptions may be granted in specialized cases.  In such cases, a deviation request must be filed with the Center for Information Technology Services (CITS).  See the Administrative Rights Guideline for detailed information.

Fill out my online form.