Desktop Computer Privileged Access Policy
The security and integrity of the college’s computer systems and data network is our collective responsibility. As we increasingly rely on electronic communication and access to information, we must ensure its security and protect our network against ever more sophisticated threats. A single weak machine that is not adequately patched and maintained can wreak havoc with the college’s network, interfering with administrative operations, and disrupting access for thousands of people on campus.
Desktop Computer Access: The PCs in offices and computer labs throughout the campus are purchased and owned by the college. The college’s standard operating systems, Windows XP, and Apple OSX, contains security features that require you to log on before you can use the computer. All software running on college-owned machines must be legally purchased and approved before installation.
All college employees receive “user” accounts that allow them to run all software on the machines. User-level accounts do not allow you to modify system settings or install software. Secure administrative access to XP and OSX workstations is restricted to CTS staff and selected divisional technology support personnel.
The college is using Windows and domain-wide Group Policy settings to centrally manage security patches and settings for Windows machines and for anti-virus software. For Windows machines and for anti-virus software, the college runs a local Windows update server; Apple OSX machines are set to retrieve updates directly from Apple. It is imperative that the college ensures that security patches are applied and that anti-virus profiles are up to date.
Restricting changes to desktop computers also greatly simplifies college-wide management of its technology infrastructure and support services. CTS support personnel make use of Remote Desktop or VNC to connect to your computer in real time when you call for support, and are on duty Monday through Thursday 8am-10pm, and Fridays 8am-7pm.
If you believe that you have a legitimate need for elevated privileges to your desktop operating system, you can submit a Request for Administrator Level Desktop Access.
Laptop Computer Access
All college employees receive “local administrator” access to their laptop computer. This level of access is required for machines that need to be used away from the campus (home, travel). Local administrator access allows you to run all software on the machines, and allows you to modify system settings or install software. However, you are expected to refrain from installing illegal copies of software, from adjusting settings for security patches and remote access, from adjusting any settings that you do not fully understand, and you are expected to refrain from allowing anyone other than yourself access to your credentials or to use your laptop while you are logged on.
Please call the CTS Helpdesk at (914) 251-6465 if you have questions or need assistance.