May I have “admin rights” on my machine?

Direct Link to Article:


Information Technology is no longer issuing new machines or rebuilding existing on-domain machines with “admin rights,” or administrative privileges on user accounts.* This privilege not only presents a security risk for the individual machine but potentially puts the entire campus network at risk.


When it comes to admin rights on university computers, there is a distinction between computers that are “on-domain” or “off-domain.”


An “on-domain” computer requires you to log in to access resources on a network, e.g.,

  • Windows Domain

  • Campus NIS (Linux and Mac OS); or

  • Faculty or staff network with direct access to campus storage systems (Multidrive or NFS)


“Off-domain” machines, which are attached to an isolated network, may have administrative privileges installed, since it is the responsibility of those users to maintain their own machines which are on an isolated network. These machines require a VPN connection to access campus resources like storage, printing, or some library resources.  


IT strongly encourages the use of on-domain machines. Access to resources such as software installs, network storage, monitored and updated virus protection, and the ability to receive remote assistance are important things we can provide for on-domain machines.


As on-domain machines are rebuilt, any user admin rights will be removed. Eventually, this privilege will be removed by attrition from all on-domain machines.


Michigan Tech IT staff are available during business hours to assist faculty and staff with installing any additional hardware or software that requires administrative privileges. We will do our best to work with you to meet your hardware and software needs.


*IT is currently formalizing this policy as of June 2016.