The Elevated User-Rights is a special privilege that is granted to employees who are allowed full administrative access to computers assigned to them. This privilege is normally given to users of Windows-based systems after ICT has duly evaluated the technical proficiency of the applicant and the necessity of granting the right due to the nature of work or the circumstances of the staff member.
The principle of least privilege
By default, UA&P staff are not given administrative rights to install software on their computers. A blanket administrative rights restriction is considered an effective means to improve the security of computers and networks. This policy follows a widely recognized design consideration in information security known as the principle of least privilege. If a device is compromised in any way, it should only affect the current user rather than the entire system. The restriction also allows ICT to maintain an accurate baseline of installed systems and cut down on the number of support issues due to unknown or unsupported system configurations.
ICT also recognizes that there are situations where administrative rights are required. This includes installing software, configuring functionalities, and running systems that require administrative access to function. In such cases, ICT will endeavor to follow the principle of least privilege. If a user encounters a situation which necessitates additional security privileges to carry out a task, the user-rights elevation can be applied. As much as possible, the elevated rights should be constrained for the user to carry out the required task. If the task has been completed or if the privilege is no longer necessary, the user rights should continue at normal level.
Terms and Responsibilities
- Elevated User-Rights can only be granted to an account holder of a Windows-based laptop or computer that is assigned to him or her.
- Users of devices running Mac OSX or iOS do not need such privilege due to the fact that these systems have lower security and malware risks compared to their Windows-based counterparts.
- Since the user will be granted the right to install additional software and to change system settings or configuration without ICT Office personnel intervention, the repair of any damage or malfunction (malware infection, loss of files, loss of functionality, etc.) or any other consequences resulting from such action (e.g., installation of unlicensed or “cracked” software, etc.) will solely be the user’s responsibility.
- In case a device or unit breaks, ICT could assist in recovering the data or system configuration with the condition that these requests will be given low priority.
- The Elevated Rights can be revoked from any user who has been granted this privilege. Under serious circumstances, the user could be penalized ranging from suspension of his or her account to outright termination as dictated in the UA&P Code of Discipline.
- Abuse of the Elevated Rights are generally violations against the Acceptable Use Policy, which outlines the proper use of the University's IT resources. This includes, among others:
- installation of pirated software.
- installation of software or tools to bypass network content and application control policies.
- downloading of copyrighted material.
- reformatting of the hard disk with the base operating system.
- illegal access to sensitive or private data of other personnel.
- illegal use of computer accounts of other personnel.
- adding of local users accounts on the device.
- changing the local password or removing the administrative rights of the admin account which is used by ICT to access the computer.
APPLICATION for rights elevation
If you wish to apply for an Elevated User-Rights privilege, you may click on the icon below to fill out the online form. ICT will study the matter and will get back to you with the decision and the corresponding action.