APPENDIX TO POLICY
User Administrative Privilege Standard
To manage access to and to protect University data from inadvertent or malicious loss or damage, users of IT resources should follow the practice of least-privilege. The administrative privilege account should only be used to install software or for other operations that require this level of privilege.
Single-user systems (e.g., desktop, laptop, mobile phones)
The following table identifies where user administrative privilege is allowed and the baseline security controls for administrative privilege.
|UAP.A.01||User Administrative Privileges||Not Allowed||Allowed 1||Allowed 1|
|UAP.A.02||Document use of administrative privileges||Required||Recommended||Optional|
|UAP.A.03||Prompt user when administrative level privileges are needed (e.g., UAC 2 )||Required||Required||Recommended|
|UAP.A.04||Educate user of administrative responsibilities||Required||Required||Recommended|
1 Users should perform routine operations using user-level privileges, but may have administrative privileges.
2 Microsoft Windows operating system use the UAC default setting. In other operating systems use the equivalent or similar setting.
This applies to IT resources owned or contracted by the University. This also applies to personally owned devices accessing, or authorized to store, University data designated as private-highly restricted or private-restricted .
This applies to University community members who use or manage University IT resources.
More information on User Administrative Privilege
- November 2014