Desktop Computer Privileged Access Policy
The security and integrity of the college’s computer systems and data network is our collective responsibility. As we increasingly rely on electronic communication and access to information, we must ensure its security and protect our network against ever more sophisticated threats. A single weak machine that is not adequately patched and maintained can wreak havoc with the college’s network, interfering with administrative operations, and disrupting access for thousands of people on campus.
Desktop Computer Access: The PCs in offices and computer labs throughout the campus are purchased and owned by the college. The college’s standard operating systems, Windows 7 and Windows 10, and Apple OSX, contains security features that require you to log on before you can use the computer. All software running on college-owned machines must be legally purchased and approved before installation.
All college employees receive “user” accounts that allow them to run all software on the machines. User-level accounts do not allow you to modify system settings or install software. Secure administrative access to XP and OSX workstations is restricted to CTS staff and selected divisional technology support personnel.
The college is using Windows and domain-wide Group Policy settings to centrally manage security patches and settings for Windows machines and for anti-virus software. For Windows machines and for anti-virus software, the college runs a local Windows update server; Apple OSX machines are set to retrieve updates directly from Apple. It is imperative that the college ensures that security patches are applied and that anti-virus profiles are up to date.
Restricting changes to desktop computers also greatly simplifies college-wide management of its technology infrastructure and support services. CTS support personnel make use of Remote Desktop or VNC to connect to your computer in real time when you call for support, and are on duty Monday through Thursday 8am-7:45pm, and Fridays 8am-4:45pm.
Laptop Computer Access
All college employees receive “user” access to their College laptop. Administrative rights are restricted by NYS and SUNY cyber security policies, and by industry best practices. All audits ask about administrative access, and it influences our skyrocketing cyber insurance premiums. Any programs or software will be installed by CTS via remote assistance or prior to pickup of a new machine. CTS cannot install illegal copies of software, nor adjust settings for security patches and remote access. Refrain from adjusting any settings that you do not fully understand, and you are expected to refrain from allowing anyone other than yourself access to your credentials or to use your laptop while you are logged on.
Please call the CTS Helpdesk at (914) 251-6465 if you have questions or need assistance.