The university reserves the right to determine the level of user access granted to university-owned desktops and laptops. IUP aligns its practices with industry best practices as articulated in various standards, such as the 20 Critical Security Controls
from the SANS Institute. As per the Controls, it is vital to “Minimize administrative privileges and only use administrative accounts when they are required.”
As such, the university generally limits such access to information technology (IT) staff specifically trained to perform these duties in a manner that helps protect sensitive university assets while supporting vital academic freedom principles (instruction,
research, scholarly activity, etc.) without an undue burden.
However, situations exist in which the user assigned a university-owned desktop or laptop also requires enhanced privileges. The following process is for users to request enhanced privileges. Situations involving shared desktops or laptops, such as computer
labs, are beyond the scope of this process.
The user will be required to acknowledge the following restrictions when they submit their request. This is accomplished by the user using their Single Sign-on (SSO) credentials to log in to iforms to submit their request.
Desktop Services will retain authority to intervene in system and patch management which includes the base software inventory.
The university will not accept responsibility for patching software the user installed locally or for license compliance related to such software. If the request for enhanced privileges is approved, please keep in mind that the user will be responsible
for updating any additional software installed on this PC apart from the base PC install. If vulnerabilities are found with such software, the user will be responsible for bringing the computer into compliance.
Privileges will be revoked if the PC is compromised and investigation leads to any additional software being the cause.
IT Services retains the responsibility and authority for directing security-related and inventory scans (sensitive data, unpatched software, unsecured system configurations, lack of updated/operating antivirus software, etc.) as well as performing event
logging analysis. Desktop or laptop network connectivity can be temporarily suspended until the user can bring the computer into compliance in keeping with past practice.
The respective vice president or their designee can direct Desktop Services to revoke the enhanced privileges, as they deem appropriate. The user will be given a written explanation for the revocation.
By submitting this request, you agree to comply with the policies established on this page. This action will require you to log in to iforms.