Administrative Computer Rights Policy

Purpose

The purpose of the Macalester College Administrative Computer Rights Policy is to protect end user’s computers from malicious software by outlining how administrative rights are managed and used on Faculty and Staff computers.

Scope

This policy governs appropriate use of administrative computer rights on Macalester provided or managed computers for Faculty and Staff.

Policy

• Faculty and Staff computers deployed on or after January 1, 2021 will not have full-time administrative rights enabled by default.
• A user may temporarily elevate to administrative rights by using the designated application for a given operating system.
• A user may only use temporary administrative rights when needed; otherwise they will conduct all activity with standard user rights.
• Users will not modify, alter, or circumvent escalation software or process for temporarily granting or removing administrative rights.

Enforcement

Implementation and enforcement of this policy is ultimately the responsibility of all employees at Macalester College. ITS may conduct random assessments to ensure compliance with policy without notice. Any user found to have violated this policy will be subject to revocation of certain privileges or services, including but not limited to loss of computer access.

Exceptions

Exceptions to the administrative computer rights policy requires formal documented approval from the Information Security Officer. Requests will be evaluated for risks not only impacting the individual computer/user, but also the college network as a whole. Any user that does not comply with policy must have an approved exception on file. Approved exceptions will be reviewed on an annual basis.