Background
Local administrator accounts are a security vulnerability that impose a risk to the University network.
Local administrator accounts were granted during the COVID pandemic when people were at home. This condition no longer exists. MFCF can work with people when they are in the office or use Beyond Trust remotely. Many people never use the administrator account and engage MFCF instead.
Graduate students in the Faculty are given administrator access so as not to impede their research.
All client machines (laptop or desktop, Mac or Windows, faculty or staff) must have their drives encrypted.
All client machines (laptop or desktop, Mac or Windows, faculty or staff) must have Sentinel1 and Qualys installed.
Policy
MFCF will no longer provide administrator access to staff for their University owned computers. Existing administrator accounts will not be removed.
Faculty will receive a local administrator account on any machine (grant or department funded).
Exception handling (applies to Mac and Windows laptops)
If the client travels a lot and spends much of their time offline, MFCF will decide if a local administrator account is necessary and provide it. This applies to faculty as well as staff. Staff are expected to read and accept the conditions for a local administrator account.