Request Local Administrator Rights

Overview: 

Administrative Rights are elevated access privileges on end-point devices. Local Administrative access to University-owned assets are reviewed and approved on a case by case basis. Users with a documented and justifiable need for administrator access to their computers can request local administrator access to their university-owned computer.  

Administrative rights are limited to comply with the VITA SEC501 and Christopher Newport University's Account Management Standard.

What are local Administrative Rights Used for:

• ITS Staff to troubleshoot systems

• ITS Staff to install software

• Faculty/Staff with specialized computing requirements that cannot be met by ITS Technical Services

• Documented job function is primarily IT related

What local Administrative Rights are NOT used for:

• End-users to perform system updates or configuration changes

• Installing or uninstalling software

• Adding system resources or components

Request Process:

There are currently two options for requesting Privileged Accounts, both of which require that a supervisor submit a request on the user’s behalf. Upon reception of the request, IT Services will begin a digital signature process through Docusign. Users should discuss the viability and need of privileged access with their department head prior to submission.  Access is only approved for experienced computer users with a compelling need.

NOTE: The Privileged Account Request Form has been deprecated and will no longer be accepted.

1. ERS Request

Supervisors can use the Employee Resource System (ERS) to request that Privileged Account resources be provisioned for the user. Information regarding ERS submissions can be found here.

2. Ticket Submission

Supervisors can submit a request through the Helpspot ticketing system, specifying the user that requires Privileged Account access.

Sumbit Ticket

Users must complete the mandatory annual Security Awareness Training prior to receiving a Privileged Account.

Approved Local Administrator Accounts Terms and Conditions:

• This account will only be used when performing actions that absolutely require local administrator rights. All other activities will be performed under a regular user account.

• Only properly licensed software is to be installed on this workstation. Licensing information for any copyrighted software must be forwarded to the ITS Helpdesk, where it will be available to Commonwealth auditors on request. (If you need assistance with this procedure or would like to purchase software, please contact the Helpdesk.)

• No new local‐user‐access accounts will be created nor existing accounts elevated. (In the event such additional accounts are needed, please contact the Helpdesk.)

• Any hardware modifications, deletions or additions to University computer equipment must be conducted by IT Services. Peripheral equipment including printers, USB‐devices. and PDAs are not restricted by this provision.

• Software installed by the University will be neither modified nor removed.

• Network settings will not be modified. (The addition of Wireless Networks is allowed)

Local Administrator Account Enforcement

1. By signing the Privileged Account Request Form, the user acknowledges and agrees that any breach of this Agreement by the user will cause harm to the University and/or its employees or students.  User must agrees that if a breach of this Agreement is committed, Christopher Newport University shall have the right to take disciplinary action against me and to otherwise enforce this Agreement.

2. User also agrees to follow the Christopher Newport University Acceptable Use of Computing Resources (6010) and all Christopher Newport University Information Security Policies and Standards.