The purpose of this document is to support compliance with the UB Minimum Security Standards for Desktops, Laptops, Mobile, and Other Endpoint Devices, section 2.7 Limit Administrative Account Privileges. The goal of this standard is to protect the overall network and data environment at the university. It is expected that exceptions to these standards will be rare. It is the expectation that the default login for all university computers will be without local administrative access.
Each request for administrative privileges reflects a unique set of circumstances including, but not limited to:
Therefore, this document should be used as a guideline. It does not constitute official university policy.
Probably not. The majority of individuals do not need administrative privileges for day-to-day functions.
However, some individuals require administrative rights in order to complete tasks or to run specialized equipment or programs. In this case, individuals can obtain administrative rights in order to be granted temporarily elevated administrative privileges. These options are designed to meet the needs of individuals, while maintaining an appropriate information security posture.
UB is committed to providing individuals with reliable, secure and user-friendly technology in stable operating condition. In order to address the needs of the faculty and staff, IT nodes provide administrative privileges for individuals who have demonstrated a need, understand the responsibilities associated with this special access, and obtained approval.