Local Administrator Account Procedure
Rationale
All users have an important role in keeping information systems and data secure. Industry best practices include implementing the principle of least privilege when using IT systems. One implication of this is that users should be assigned the minimum privileges they need to accomplish their work and data access. Furthermore, it can be broken down into tasks, in that some tasks require a higher level of privilege than others, and only those tasks that require higher privilege should be accomplished with those privileges, while other tasks performed even by the same user, should be done with a non-privileged account. Additionally, regular IT audits strongly encourage us to adhere to this principle because it is effective in minimizing some types of system and data abuse, whether by malicious intent or accident. This Local Administrator Account Procedure addresses computer security and the subsequent security of data that could be impacted by an inappropriately privileged user.
Account types
All computer users are assigned a user account that won’t grant privileged (administrator) access. This is a standard account and is the account all users should use for their day-to-day activities on their computers.
Some users need to occasionally perform tasks that require privileged access, such as when installing programs, making configuration changes, or troubleshooting issues–to name a few. Those users who have been identified to need such privileges are assigned a privileged account that would be their username followed by dot admin (user.admin).
Expectations and requirements
It is expected that all users who have a privileged .admin account only use that account when necessary work cannot be accomplished using the standard account. All other uses of the .admin account are not acceptable use and increase the risk that systems or data could be maliciously or accidentally compromised. Abuse of a privileged account may necessitate removal of those privileges or other actions to keep systems and data secure. Privileged accounts are not to be used as general logon accounts.
IT evaluation of the use of privileged accounts
IT will run reports at its discretion, but at least every 6 months to evaluate the usage patterns of privileged access accounts. This information will be used to identify the necessity of these accounts as well as where they may be used inappropriately. As a part of the review process some accounts will likely be determined to have low utilization. Low utilization means that the account exists and therefore the risk of the existence is there, but the benefit is low leading to a high risk/benefit ratio. Such accounts that expose us to risk that isn’t offset by the benefit will be expired. IT recognizes that this will create inconvenience for some users. It is hoped that users understand the necessity of balancing this inconvenience against the security that is gained by implementing this best practice.
Obtaining privileged access or a privileged access account
Should you need privileged access or a privileged access account, or you previously had such an account but can no longer access it then you need to submit a helpdesk request. Such requests will be assigned to an IT director, usually Director of Enterprise Application Systems, but depending on availability it could be a different director. Departmental decision makers may request new privileged accounts for departmental members, and may also be consulted as needed when evaluating how to address user-submitted requests to activate existing accounts. When submitting requests, please include details about the need and the duration for the requested access. Depending on the need, solutions could include IT performing the requested work, enabling a .admin account for a fixed-length duration to allow you to complete the task, or the creation of a privileged access account. Should your request not be settled in the manner you had desired, you can ask to have the CIO evaluate it for a potential different outcome. Should that be necessary, IT will continue to address the issue you raised needing immediate attention until a final decision is made.
Initial implementation of this procedure
This procedure will be implemented immediately with the review of current privileged accounts. Those with low use will be set to expired status. An expired account continues to exist in a dormant state and can be re-enabled for the duration deemed appropriate, following a request.