26 October 2004

Admin rights on staff desktop computers

One of the issues to come out of the discussions currently underway on the development of a Common Operating Environment (COE) on staff desktop computers is administrative rights to the computer.

In the Division of Communication and Education our practice has been to give staff administrative access to their computers. While the computers are all installed with the same basic image, giving the user administrative access means they can change settings, install software, manage updates and a number of other functions to adapt their computing environments to better suit their needs.

With a broad range of IT skills and experience in the Division, and the differing requirements between staff, this means there are over 300 machines that can all be configured differently around the Division: complicating maintenance and support.

In other organizations, and elsewhere in the University, IT units control the desktop much more tightly so that users must contact their support staff in order to install software, change settings or install updates. While this reduces the opportunity for end users to render their machines inoperable, and therefore reduces the needs for IT support, it also means end users are restricted by the IT staff in what they can and cannot do on their computers.

One option currently under discussion is to tie the level and type of support an end user gets to an agreement with the user about administrative access to their computer: a higher level of support would be available to users who forgo administrative access to their computers than would be available to users who want to retain their administrative rights.

In order to manage which end users have administrative rights and which don't, each end user would be required to declare their preference when they apply for access to the University network. A draft agreement might look something like the following:

DRAFT Client Agreement: desktop computing facilities

I understand that the University will supply me with a computer of standard hardware and software configuration as determined from time to time by the University.

I accept that, as a condition of using the computer, I will abide by the University's Network Access and Use - Responsibilities and Obligations statement.

I can elect to have either:

  • Administrative access to the computer: I can install software, drivers, applications; alter settings and other configurations of the computer, within the limits set by the University's Network Access and Use - Responsibilities and Obligations statement. I understand that if I choose to have administrative access to the computer, I will not expect the support of the University to look after the computer. If support is required, I understand the University has, at its discretion, the option of returning the computer to its standard configuration before providing support. Support for my computer will receive no priority over support for users who have elected not to have Administrative access to their computers. I acknowledge that the University has the right to keep the computer's virus protection and operating system patches up to date as it sees fit, and will in no way prevent the University’s ability to access the computer through its own administrative account.


  • User access only to the computer: I do not have administrative access to the computer and will rely on [technical staff] to keep my computer up to date and operating under the standard hardware and software configuration. The only files I expect to retain are those saved on my University-supported network drive.

By signing this form I agree to abide by the University's Network Access and Use - Responsibilities and Obligations statement. I acknowledge that my use of the University's facilities is a privilege, not a right, and that if I break the terms of this agreement the University may issue me with a warning, deny me access to computing resources, refer for prosecution, or administer other penalties, depending on the nature of the infringement.