UMB IT Administrative Rights Policy
X-99.02(A) | Information Technology | Approved April 13, 2015 | Last Reviewed April 30, 2024
Responsible VP/AVP: Peter J. Murray, PhD, CAS, MS
Applies to: Faculty, Staff, Students
Revision History
Approved April 13, 2015. Last reviewed May 01, 2019.
Policy Statement
Recent advances in networking technology, such as permanent connectivity to the Internet, have brought numerous opportunities to organizations. Unfortunately, a connection between a computer and any network, especially the Internet, increases the level of risk from malicious software and external attackers.
A significant factor that increases the risks from malicious software is the tendency to give users administrative rights on their computers. When a user or administrator logs on with administrative rights, any programs that they run, such as browsers, e-mail clients, and instant messaging programs, also have administrative rights. If these programs activate malicious software, that software can install itself, manipulate services such as anti-virus programs and even hide from the operating system. Users can run malicious software unintentionally and unknowingly, for example, by visiting a compromised web site or by clicking a link in an email message.
Purpose
This document defines the University of Maryland Baltimore’s (UMB) policy regarding administrative privileges to UMB owned workstations. The University is committed to providing reliable technology in stable operating condition while appropriately addressing the University needs and maintaining University system integrity and data security.
Scope
The Administrative Rights Policy applies to all faculty/staff of the University of Maryland Baltimore and is in compliance with the latest version of the USM IT Security Standards. It also follows industry best practices, such as those defined by TechNet.
Definitions
Administrator: these privileges provide users complete and unrestricted access to the computer.
General User: these privileges provide standard access and prevents the user from making accidental or intentional system-wide changes and can run most applications.
Policy
By default, all UMB faculty and staff members with non-IT related job descriptions are assigned General User privileges on their individual workstations. Exceptions may be granted in specialized cases. In such cases, a deviation request must be filed with the Center for Information Technology Services (CITS). See the Administrative Rights Guidelines for detailed information.