Procedure: Information technology local administrator privileges
The purpose of this procedure is to:
- describe how ANU manages the provision of local administrator privileges on Information Technology Services (ITS) supported workstations, laptops and mobile devices; and
- define the standards, expectations and responsibilities of ANU employees who are granted these privileges.
Definitions of additional terms used in this document are provided in the overarching Information technology security policy.
Local administrator privileges: the provision of unrestricted access to the operating system. This allows the user to install any hardware or software, edit the registry, manage the default access accounts and change file level permissions.
- This document applies to ITS supported workstations, laptops and mobile devices and encompasses all devices in areas of the University where information technology (IT) services are delivered centrally by ITS.
- ITS supported devices are managed under a controlled Standard Operating Environment (SOE). The SOE has restrictions in place to prevent users making system changes or installing software on their device with the aim of ensuring the highest level of stability and security.
- Users who require access to their device beyond that granted under the SOE may apply for local administrator privileges.
- Users may submit requests for local administrator privileges to the ANU Service Desk using the Request for administrator privileges form. The requests are authorised by a School Director, School Manager, Associate Director or equivalent. The user must include an explanation for the request.
- Applications are assessed by the Team Lead, Standard Operating Environment.
- A user who does not have administrator privileges and who requires system changes or software installed will require the assistance of the ANU Service Desk. A Service Desk Officer performs these tasks via remote access.
- Any software or applications downloaded or installed by the user are for University purposes only.
- Software and applications are downloaded from official vendor sites. Users adhere to the relevant license agreement.
- Users ensure that any software they have installed is kept patched to the current version.
- Users do not download or install:
- illegal or unlicensed applications and software;
- software which adversely impacts the operation of the network or any other system. Users employ caution when downloading and installing software so as to also avoid downloading malicious software.
- In the event a device becomes compromised, the user:
- informs the ITS Cyber and Digital Security Team by emailing firstname.lastname@example.org;
- re-installs all self-installed software if re-imaging is required; and
- backs up any data stored on their device prior to re-imaging, if required.
- Sophos anti-virus updates are pushed to devices by group policy. Users must not:
- alter, upgrade or remove any software installed by ITS;
- install any other anti-virus software that might interfere with Sophos;
- override, disable or remove the Universities anti-virus solution from their device;and
- disable any security mechanisms put in place by IT Services, including antivirus protection, firewalls, software/patching deployment mechanisms (e.g. System Center Configuration Manager) or other services.
- All ITS workstations, including laptops and Surface Pros (excluding Macs) are configured with LogMeIn Remote Support Software. This software allows authorised ITS support staff to remotely control the workstation if necessary to perform troubleshooting, and is not altered, removed or uninstalled.
|Printable version (PDF)|
|Title||Information technology administrator privileges|
|Purpose||The purpose of this procedure is to: describe how ANU manages the provision of local administrator privileges on Information Technology Services (ITS) supported workstations, laptops and mobile devices; and define the standards, expectations and responsibilities of ANU employees who are granted these privileges.|
|Audience||Staff, Students, Alumni, Affiliates|
|Topic/ SubTopic||Information Technology - Access|
|Effective Date||2 Apr 2019|
|Next Review Date||5 Apr 2024|
|Responsible Officer:||Director, Information Technology Services|
|Contact Area||Information Technology Services|
Information Infrastructure and Services Rule 2020
AS ISO/IEC 27002:2015
Australian National University Act 1991
Australian Government Protective Security Policy Framework
Public Governance, Performance and Accountability Act 2013
Public Governance, Performance and Accountability Rule 2014
Crimes Act 1914 (Cth)
Privacy Act 1988
Telecommunications Act 1997
Telecommunications Regulations 2021
Information generated and received by ANU staff in the course of conducting business on behalf of ANU is a record and should be captured by an authorised recordkeeping system. To learn more about University records and recordkeeping practice at ANU, see ANU recordkeeping and Policy: Records and archives management.