Local Administrator Access Statement of Understanding

Submission of this request form, pending all approvals, will result in creation of an .admin account which will provide local administrator access to the machines listed in this document. If the applicant has an existing .admin account, that account will be given access to the local administrator group. This access is provided solely for the purpose of providing administrative support for the application(s) listed on this form. This account is to only be used for administering an application and not to be used for logging into University assigned computers for individual use.

NOTE: Passwords for .admin accounts must contain 16 (sixteen) characters, including at least one upper case, one lower case, one number and one special character.

Local administrator access allows the employee to have complete and unrestricted access to the computer. This includes the ability to install any hardware or software, edit the registry, manage the default access accounts and change file level permissions. Misuse of Local administrator access can make the server vulnerable to malware, viruses and/or security breaches.

Additionally, by signing the Request for Local Administrator Access form, the applicant acknowledges the following:

  1. Individuals will only install the software listed on this request application. If additional software is needed, an email will need to be sent to winmac-admins@umd.edu before installing the software. The email must include the name of the application and an explanation for why it is needed.
  2. Individuals will not install applications that may establish network share protocols which result in an increase in bandwidth utilization. This prevents network congestion and the degradation of performance across wide areas of the campus network.
  3. Individuals will not download applications (software) that are illegal or not licensed for use on University owned equipment.
  4. Under no circumstances will the user remove or disable any software that has been installed and\or configured by DIT Server & Desktop Administration (SDA) staff (e.g., Local Firewall, Anti-virus, Monitoring). Individuals will refrain from altering, removing, or reconfiguring any standard software that was installed by EWS.
  5. SDA shall not troubleshoot, repair or install non-standard applications. Non-standard software will be removed as part of a normal repair process if it is necessary to do so to restore system functionality.
  6. Installed applications will not be configured to run with your .admin credentials. If a "run as" account is required, you will must request a service account from SDA.
  7. If a firewall port must be opened to allow your application to communicate with another server and\or application, that request must be sent to winmac-request@umd.edu.
  8. Do not create local machine account(s) or add users to any local groups without prior approval from SDA. These accounts may be deleted without prior notice.
  9. Admin accounts will be locked after 90 days of inactivity, and users will need to contact SDA to unlock them. If not used in 120 days, the account will be disabled, and will be removed for Active Directory after 180 days.
  10. Individuals must not share their .admin credentials with anyone.
  11. If a change in status occurs (applicant resigns, change in duties, etc.), it is the responsibility of the application and/or supervisor to notify SDA via email (winmac-request@umd.edu) for the purpose of modifying access rights

Individuals MUST NOT configure an application to use Active Directory and the data contained within the Campus Active Directory for the following purposes. Failure to submit requests as indicated below will result in the removal of my administrator privileges and/or disciplinary action.

  1. For authentication of any other application(s) without prior approval from DivIT's SDA staff and the Campus Data Stewards. Requests for authorization to use Active Directory for authentication for any other application(s), MUST be submitted to https://umd.service-now.com/itsupport?id=kb_article_view&sysparm_article=KB0012415
  2. To create or send mass electronic mailings to the Active Directory population, generate lists, download data and/or distribute data for any purpose. All requests to download data MUST be reviewed and approved by unit heads and the Campus Data Stewards using the Data Access Request form available at Data Warehouse and Reporting.

I have read the University of Maryland Policy for the Acceptable Use of Information Technology Resources available at http://www.it.umd.edu/aup. I have had the opportunity to have my questions regarding these Guidelines, or my access to and use of the Information answered.

I understand providing Information for unauthorized uses or otherwise violating University confidentiality policies relating to the information may result in disciplinary action, including my dismissal and prosecution under applicable federal or state laws.

By signing this form/checking the box below, I verify I have read and understand the information provided above, and agree to comply with its contents. I understand that local administrator access granted to me at the request of the sponsor listed below is a privilege and is to be used only in connection with my assigned duties, and may be revoked without notice. I agree to safeguard and not reveal my password nor allow anyone to use the account assigned to me, and understand that I am responsible for all actions, changes, and activity made with this account. I am aware that any violation of University policy may lead to the immediate suspension of my computer privileges and revocation of administrator access.