IT Management and Software Installation:
Information Technology (IT) is responsible for managing all University-owned systems including software installation. If support is needed, users should contact the IT Help Desk. On occasion, with an appropriate business case justifies the significant risk, individuals may be granted administrator privileges to install complex software or perform other administrator tasks. Granting administrator privileges poses a significant security risk, not only to an individual system, but also to the entire University network. Elevated access increases the chance of malware infections—such as viruses, ransomware, and other malicious software—which can compromise sensitive data, disrupt operations, and cause financial and reputational harm.
Increased Risk Associated with Administrator Privileges:
Beyond malware threats, administrator privileges can make it more difficult for IT to effectively manage and secure systems. Users with administrator access can:
- Make unauthorized system changes
- Disable security controls
- Introduce misconfigurations that create vulnerabilities
These actions can potentially lead to data loss, unauthorized access to sensitive information, and compliance violations.
Another major concern is the installation of unapproved or pirated software. This not only introduces security threats but also creates legal and financial liability for both the user and the University. Violating software licensing agreements can result in fines, legal action, and damage to the University’s reputation. Additionally, unauthorized software may contain hidden malware or backdoors that attackers can exploit.
Requesting Administrator Privileges:
Due to these risks, administrator privileges are only granted when absolutely necessary and with strict oversight. Users must understand that with increased access comes greater responsibility, and any misuse—whether intentional or accidental—can have serious consequences.
Eligibility:
- Full-time faculty and staff may request administrator privileges for a system registered to them.
- If the system is not registered to the requester, the request must be sponsored by the computer’s registered owner.
- People who have violated the UMSystem Acceptable Usage Policy, or who have attempted to circumvent IT security are not eligible.
To help expedite the request have the following:
- A Confidentiality Agreement completed within the last year. If you are unsure if you have completed one, Confidentiality Agreements can be submitted using this form HERE.
- The computer name. The computer must be a campus managed computer.
- The name of your supervisor. Do not falsify your manager or you request and all further requests will be rejected.
- A detailed business case for why you need administrator privileges to perform your duties.
Request Process:
- Requests are submitted via a form in DocFlow.
- The request is sent to the requestor’s supervisor for approval.
- Additionally, If the requestor is not full-time faculty or staff, the request will be sent to the sponsor who must be registered owner and must be a full-time faculty or staff member.
- Then IT will review the request and either approve or deny the request.
- If approved, an access is granted and added in LAPS. The user is notified via email of the approved access.
- If not approved, the user is notified via email.
Using Administrator Access:
Administrator privileges are granted by access to the ccadmin password. This access is managed via LAPS. For full instructions on how to use LAPS visit the “Using Laps” page HERE.
The recommended use of the ccadmin password is to use the Windows “Run As” feature when admin access is needed to perform an elevated action. Additionally, the user can login to the computer as the ccadmin user but using the recommended “Run As” feature is a better security practice.