Requests for Full-Time Administrative Privileges—Sans Make Me Admin
We realize that faculty and staff may have a legitimate need for full-time administrative privilege on their computers, as they may be required to install software and updates, perform computer management tasks, or run some software packages. University employees may request an exemption to the Make Me Admin requirement.
Requests for administrative privileges (The Exception, or how to get MakeMeAdmin not enabled by default) that are likely to be approved:
- Managed devices are eligible for administrative access. Managed machines are defined as computers incorporated into the support model of the respective IT node. This may include using Active Directory/Shibboleth accounts, incorporating the system into the patching and malware/antivirus systems of the node, and system management of nodes (JAMF Pro for Macs, Active Directory/SCCM for PCs).
- Old software that requires administrative privileges, especially found in programs that interface with an external device. In such cases, we recommend running with a local admin account and/or with the computer off the network, if possible.
- Administrative privileges for interactive software development where researchers or companies they are working with are developing and installing new versions of software in system directories as part of their work. In these cases, the software code development should be completed with the device off the university network or it on the network without local administrative privileges. Utilities for administrative access should be used for the times when both local administrative access and university network connectivity is required.
- Administrative privileges for systems used for teaching students in how to install operating systems, install software, or system administration tasks. In these cases, the software code development should be completed with the device off the university network, or, if on the university network, without local administrative access. Utilities for administrative access should be used for the times when both local administrative access and university network connectivity is required.
- Software such as real-time virus scanning might need to be disabled on systems doing real-time data acquisition due to interfering with timing.
- Automated patch management may need to be deferred to a manual process on systems where long-running tasks should not be interrupted by unexpected reboots after patching.
- A piece of hardware attached to a computer where the software/hardware needs full administrative privileges to work properly. These devices should normally be off the university network or used without local administrative access. Utilities for administrative access should be used for the times when both local administrative access and university network connectivity is required.
- Traveling to do research/fieldwork. Temporary administrative privileges are given for the duration of the travel and then removed upon return to the University.
- Some custom programming and testing of programs may need administrative rights. These devices should normally be off the university network or used without local administrative access. Utilities for administrative access should be used for the times when both local administrative access and university network connectivity are required.
- The end user(s) utilizes a program that will only function under an account with administrative privileges.
- The end user(s) regularly operates the computer in an area that does not offer IT professional support, such as a location outside university property.