Many forms of malicious software (malware) count on using the rights and privileges of the logged in user to cause problems. If the user has administrative or root privileges, that user has full control over the operations of the computer, including installing and running software. If the computer becomes compromised, the malware is able to do everything the user can do.
The average amount of time required to clean up a malware infection is two hours. That’s two hours the computer is unavailable for use. Two hours it takes a technician to remediate the problem. Two hours the user may be unable to perform work. The cleanup time increases dramatically if the infection is widespread. All of this leads to hundreds of hours of lost productivity and thousands of dollars in costs per year.
In an effort to reduce the impact of this type of malware infection, the University is scaling back the privileges of users to just those needed to do their jobs. Instead of full administrative privileges on systems, users will have standard user privileges. If applications need to be installed on systems, a member of End User Support (EUS) can install the software as part of a service agreement or by service request.
In cases where users need to retain their administrative privileges, an exemption must be requested. Exemptions are granted on validated business cases, with explanations why EUS support cannot fulfill the need.
The overall exemption process is as follows:
- Requester gathers and provides documentation justifying the exemption (see list below)
- Requester submits request for exemption using the online exemption request form.
- The Director of Infrastructure and Security Engineering makes the decision
- The Director of Infrastructure and Security Engineering communicates the decision
- Denial – notify the requester with an explanation for denial
- Approval – notify requester, assign expiration date
Supporting documentation for the exemption request includes, but isn’t limited to:
- Information for user needing administrative privileges
- Long-term or short-term requirement
- For a single system or for departmental support
- Individual identifier for the device if single system
- Owning department, along with responsible personnel (dean/director/chair, requester, etc.)
Note: If you are not able to access the online form, download the form to your computer by right-clicking on this link: Exemption Request Form
- Internet Explorer – “Save Target As …”
- Firefox – “Save Link As …”
- Chrome – “Save link as …”
1. Download the form to your computer (requires Microsoft Excel 2007 or later)
2. Read tab “1-Instructions Page”
3. Fill out tab “2-General Form”
4. Fill out tab “Admin Privileges”
5. Begin collecting the necessary signatures
For more information regarding user privileges and the exemption process, please contact Information Security at grc@uthscsa.edu, or the Information Security Hotline at 210-567-0707.