Procedure: Information Technology administrator privileges
The purpose of this procedure is to:
- describe how ANU manages the provision of local administrator privileges on Information Technology Services (ITS) supported workstations, laptops and mobile devices; and
- define the standards, expectations and responsibilities of ANU employees who are granted these privileges.
Definitions of additional terms used in this document are provided in the overarching policy, Information Technology security.
Administrator privileges: the provision of unrestricted access to the operating system. This allows the user to install any hardware or software, edit the registry, manage the default access accounts and change file level permissions.
- This document applies to ITS supported workstations, laptops and mobile devices. This encompasses all devices in areas of the University where Information Technology (IT) services are delivered centrally by ITS.
- ITS supported devices are managed under a controlled Standard Operating Environment (SOE). The SOE has restrictions in place to prevent users making system changes or installing software on their device with the aim of ensuring the highest level of stability and security.
- Users who require access beyond that granted under the SOE may apply for administrator privileges.
- Users may submit requests for administrator privileges to the ANU Service Desk using the Request for administrator privileges. The requests must be authorised by a School Director, School Manager, Associate Director or equivalent. The user must include a justification for the request.
- Applications will be assessed by the Team Lead, Managed Operating Environments.
- A user who does not have administrator privileges and who requires system changes or software installed will require the assistance of the ANU Service Desk. A Service Desk Officer will be able to perform these tasks via remote access.
- Any software or applications downloaded or installed by the user must be for University purposes only.
- Software and applications must be downloaded from official vendor sites. Users must adhere to the relevant license agreement and are responsible for ensuring this software is patched and up to date.
- Users must not download or install:
- illegal or unlicensed applications and software
- software which adversely impacts the operation of the network or any other system. An example of this is peer to peer software such as BitTorrent.
- Users must employ caution when downloading and installing software so as to also avoid downloading malicious software. In the event a device becomes compromised, users must inform the ITS Cyber and Digital Security Team by emailing email@example.com. This may result in the device needing to be re-imaged.
- If a device needs to be re-imaged, data, settings, software, applications and customisations may be lost. The user is responsible for:
- re-installing all self-installed software. It is recommended the user keep a record of any self-installed software for this purpose
- backing up any data stored on their device. It is recommended that University data is backed up and primarily stored on University provided storage infrastructure.
- Users will not alter, upgrade or remove any software that was installed by ITS. Doing so may breach licensing agreements, damage files, expose University data to attacks or malicious codes, or result in system degradation.
- Sophos anti-virus updates will be pushed to devices by group policy. Users must not install any other anti-virus software that might interfere with Sophos, override, disable or remove Sophos from their device. Users must not disable any security mechanisms put in place by IT Services, including antivirus protection, firewalls, software/patching deployment mechanisms (e.g. System Center Configuration Manager) or other services without approval. All ITS workstations, including laptops and Surface Pros (excluding Macs) are configured with LogMeIn Remote Support Software. This software allows authorised ITS support staff to remotely control the workstation if necessary to perform troubleshooting, and is not to be altered, removed or uninstalled.
|Printable version (PDF)|
|Title||Information technology administrator privileges|
|Purpose||The purpose of this procedure is to: describe how ANU manages the provision of local administrator privileges on Information Technology Services (ITS) supported workstations, laptops and mobile devices; and define the standards, expectations and responsibilities of ANU employees who are granted these privileges.|
|Audience||Staff, Students, Alumni, Affiliates|
|Topic/ SubTopic||Information Technology - Access|
|Effective Date||1 Nov 2017|
|Review Date||1 Nov 2018|
|Responsible Officer||Director, Information Technology Services|
|Contact Area||Information Technology Services|
Information Infrastructure and Services Statute 2012
Information Infrastructure and Services Rule 2015
AS ISO/IEC 27002:2015
Australian National University Act 1991
Australian Government Protective Security Policy Framework
Public Governance, Performance and Accountability Act 2013
Public Governance, Performance and Accountability Rule 2014
Australian Government Department of Finance and Deregulation Finance Circular No. 2009/08
Crimes Act 1914 (Cth)
Privacy Act 1998
Telecommunications Act 1997
Telecommunications Regulations 2001