May I have “admin rights” on my machine?

Direct Link to Article:

 

 

Information Technology no longer issues "on-domain" machines with admin rights (administrative privileges.)* Admin rights are a significant security risk for the individual machine as well as the entire campus network. Specifically, admin rights allow users to install and run unauthorized (and potentially malicious) software, access and modify key security and system functionality, and run authorized software with elevated privileges, all of which make our systems more vulnerable to attack.
 
There is a distinction between “on-domain” and “off-domain” machines.
 
On-domain machines can't have admin rights because they have direct access to campus resources and require you to log in through a controlled network such as an IT managed:
- Windows Domain
- Campus NIS (Linux and Mac OS)
- Faculty or staff network with direct access to campus storage systems (Multidrive or NFS)
 
Off-domain machines can have admin rights because they are attached to an isolated network which restricts their access to certain campus resources in order to reduce the risk to IT managed systems. Due to their isolated nature, these machines require a VPN connection to access campus resources such as storage, printing, and some library resources.
 
IT strongly encourages the use of on-domain machines. Access to resources such as software installs, network storage, monitored and updated virus protection, and the ability to receive remote assistance are important things we can provide for on-domain machines.
 
As on-domain machines are rebuilt, any existing admin rights will be removed.
 
Michigan Tech IT staff are available during business hours to assist faculty and staff with installing any additional hardware or software that requires administrative privileges. We will do our best to work with you to meet your hardware and software needs.
 
*IT has formalized this policy as of June 2016.