Admin Access to your Desktop

Local Device Security Levels: Requesting Administrator Privileges

There are two security access levels to a university-owned computer: Standard User and Local Administrator. 

  1. Standard User Security: By default, Cal Poly Humboldt faculty and staff have standard user access rights to their individual workstations and other portable university-owned devices. Using the employee Cal Poly Humboldt login and password, this security level allows one to install software from the ITS Software Center (PC) or Self Service (Mac) and perform normal office computing. For most employees, this level of security is sufficient.

  2. Local Administrator Security: Local administrator access allows the employee to install hardware and software not available from the ITS Software Center (PC) or Self Service (Mac), edit the registry, manage the default access accounts, and change file level permissions. 

Note: Those logged in with “admin” privileges must immediately log out when the higher level functions noted are complete and log back in as a standard user for other computing functions. Web browsing and running programs when logged in as a local administrator can expose the workstation and the network to risks of malware, viruses, and ransomware.

CSU Policies and Standards Governing Local Administrator Privileges

Cal Poly Humboldt ITS is charged with maintaining security across information technology networks and evaluating risk/need considerations in assigning employees to a higher IT security level. Per CSU Information Security Policy and Standards, Cal Poly Humboldt must ensure that changes to the security access for computers pass through a change control process. During the 2016 Information Security Audit, other CSU campuses were cited for permitting unrestricted local administrator rights, which allowed disabling of security controls and the installation of unauthorized software. ITS at Cal Poly Humboldt wants to be responsive to faculty needs, while also protecting the network from unnecessary risk.

Acceptable Reasons for Requesting Local Device Administrator Privileges

Administrator privileges on local devices may be necessary for the management of the  devices for research and teaching.  Below are several common reasons where IT has approved local device admin privileges:  

  1. To run specialized equipment (e.g. iOT sensors, microscopes, and advanced display systems)

  2. To manage computing when in remote sites without access to direct IT support (e.g., Coral Sea, Rural Field Sites)

Note: Convenience and expediency alone are not sufficient rationale.

Requesting Local Device Administrator Privileges

Before an employee requests a change in their local device administrator privileges, they should carefully read the terms and conditions below. Failure to comply may lead to revocation of privileges. Then follow these steps:

  • Open a help desk ticket

  • Include the reason for needing admin access. See above “acceptable reasons…” 

  • The ISO office will evaluate your request. If approved, ITS will demonstrate the “MakeMeAdmin” Microsoft application and install it on your device or make it available for you to install. 

MakeMeAdmin Application – How it Works

  • MakeMeAdmin will be available on your local device on an ongoing basis once installed. It will continue to function even when your device is not connected to the Internet.

  • Each time you click the MakeMeAdmin button, you will have 15 minutes of admin access to your device. You can repeat the request as many times as needed to complete your admin work.  

  • ITS will log all changes you make when logged in as an admin

  • Employees must leave admin access before returning to web browsing and other internet activities that expose systems to malware and other security breaches. 

  • ITS will review annually employee admin activity.

Terms and Conditions for Local Device Administrator Privileges

Employees granted local device administrator privileges must agree to the following terms and conditions:

  • Logout immediately from admin access as soon as you have completed admin work. When logged in with administrator privileges, browsing the web exposures your device and the networks to malware, viruses, and ransomware.

  • Never share any username and password with others

  • Do not interfere or disable patching, software upgrades, malware checking or Level 1 data scanning.

  • Immediately report any system failures and/or security compromises to the ITS Help Desk.

  • Do not modify or eliminate any service accounts, ITS processes, or other standardized functions or features present on the computer. 

  • Prior to purchasing or installing software submit software requests to the ITAR approval process

  • Conform to the End User License Agreement (EULA) associated with any software installed on their end point computer device. The EULA is a legal contract between the manufacturer and/or the software author and the end user of an application; it details how the software can and cannot be used and any restrictions that the manufacturer has. Note: All End User License Agreements must be reviewed by the Cal Poly Humboldt  Procurement Department.

  • Routinely eliminate spyware or similar data gathering and reporting software by regularly checking computers or devices.

  • Read and adhere to the HUM Acceptable use and Information Security policies.

  • Use admin privileges for authorized purposes only. Abusing admin privileges includes but is not limited to the following: 

    • Downloading unlicensed/illegal software 

    • Downloading copyrighted material without permission 

    • Downloading software that is malicious to the network 

    • Downloading malware to your machine that are specifically attributed to the use of administrator rights  

    • Causing a breach of Level 1 or Level 2 data

    • Interfering with patches, upgrades or malware scans

Revocation of Local Device Administrator Privileges
  • Non-compliance with above terms and conditions

  • Changes to job role or responsibilities, such that are privileges are no longer required

Need Help?



 Self-Service Troubleshooting

Call (707) 826-4357

Help Desk

Location:
Library 101

Hours:
Monday - Friday 8AM - 8PM
Saturday 12PM - 4PM
Sunday 11AM - 7PM

After hours emergencies:
Call UPD at 826-5555

System Status

Status System Est. resolution
Available All Systems

Full System Status Information