This action might not be possible to undo. Are you sure you want to continue?
Introduction: How to Use This Tool
Administrative rights give users the ability to change system configurations and download software, potentially opening up the network to vulnerability. Holding administrative rights over a desktop, laptop or other end-user device shouldn’t be seen as a “right” – it is a privilege that must be protected from abuse. This policy template should be used to formalize your enterprise’s position on administrative rights. The default position taken in this template is conservative as Info-Tech Research Group believes that administrative rights should not be granted to end users, including “power users.” However, you may be compelled to take a more permissive stance in your particular enterprise. As such, we have included an Administrative Rights Application Form at the end of this policy to aid you in that effort. To use this template, simply fill in the blanks provided. Be sure to delete all introductory and explanatory text in dark grey and convert all remaining text to black prior to distribution.
The granting of administrative rights to an employee of [company name] over an individual desktop, laptop, or other end-user device is a privilege only awarded to individuals who require this level of access and control in order to do their jobs effectively. The goal of this policy is to describe the circumstances under which administrative rights can be granted as well as the terms and conditions upon which this privilege will be granted.
This policy applies to all employees of [company name] and information technology machines owned by [company name].
The granting of administrative rights allows the individual to change the configuration settings of a given machine and install software on that machine. As a result, these rights can expose the [company name] network to malware and other security exploits. In addition, incorrect configuration of machines can lead to performance problems, potentially resulting in machine downtime, lost productivity, and higher support costs. Given the serious consequences of mishandling or abuse of administrative rights, these rights will only be granted under the condition that they are essential for the performance of the grantee’s job. Such conditions could include the following: • • The ability to download and install specific types of software or configure system settings is mandated in the individual’s job description. An administrative rights access level is required for a necessary software title to run on a given machine. Company-owned and supported titles to which this applies include: o [Software title and version] o [Software title and version] o [Software title and version] Sufficient levels of IT support do not exist due to time-of-day, geographical or expertise constraints.
Page 1 Info-Tech Research Group
Typically, the only individuals at [company name] who are granted administrative rights include: Job Title Desktop Support Technician [Job title] [Job title] [Job title] [Job title] [Job title] [Job title] [Job title] Requirement for Administrative Rights Set up desktops and laptops for end users. Provide desk-side and remote support to desktop and laptop users.
Note: Members of the IT Department are not automatically granted administrative rights based on their membership in the IT Department alone. If you do not hold one of the job titles described in the table above, then you will need to apply and gain approval for administrative rights if you believe it is required by your job. To apply for administrative rights, please use the Administrative Rights Application Form located at the end of this policy document. The designated authorities of the IT Department reserve the right to deny the application if it does not represent a clear business need or if the applicant has a documented history of security policy violation.
If you have been granted administrative rights, you must adhere to the following disclaimer: 1. You will comply with all existing technology appropriate use policies of [company name]. 2. You will not make changes to any desktop, laptop or other end-user device not assigned to you personally. 3. IT support employees who are mandated in their job descriptions to make changes to desktops, laptops, or other end-user devices will only make such changes as are authorized and assigned to them personally. 4. You will not install any unauthorized or non-standard software at any time. 5. You will take all reasonable steps to ensure that the desktop, laptop or other end-user device over which you have administrative rights is secured from malware or intrusion. 6. You will have sole responsibility for backing up any data stored to the desktop, laptop or other end-user device over which you have administrative rights. 7. The IT Department will provide complete support and troubleshooting for the standard base image issued with the machine. Support for non-standard software installed by an employee exercising administrative rights is limited to the following: • [Describe the limits of IT support for installed software outside of the standard image. This may include limitations on amount of time spent.] 8. In the event of failure of the machine over which you have administrative rights, you will be responsible for restoring any applications, configurations and associated data beyond what has been approved as a standard base image by the IT Department. 9. Your administrative rights can be terminated at any time by [name of authorizing authority] if the terms of this policy are violated.
Penalties for violation of this policy will vary depending on the nature and severity of the violation. Penalties include:
Page 2 Info-Tech Research Group
Disciplinary action, including, but not limited to, reprimand, suspension and/or termination of employment. Civil or criminal prosecution under applicable law(s).
I have read and understand [company name]’s Administrative Rights. I agree to abide by it as consideration for continued employment by [company name]. I understand that violation of any of the above policies may result in my termination. ___________________________________ Employee Name ___________________________________ Employee Signature _____________________________ Date
Page 3 Info-Tech Research Group
Administrative Rights Application Form
Employee Name Employee Job Title Employee Department Employee Phone/E-mail Supervisor Date of Application Please provide the following information: Identity of machine for which administrative rights are being requested. Reason that administrative rights are required.
I approve the request for administrative rights as outlined above. ___________________________________ Supervisor Name ___________________________________ Supervisor Signature _____________________________ Date
This section is for IT Department administrative purposes only. The request has been: ___ Approved ___ Denied
If the request has been denied, please document the reason for denial.
Page 4 Info-Tech Research Group
If the request has been approved, please document the following information: Planned Activation Date Actual Activation Date Policy Read and Signed ___________________________________ IT Authority Name ___________________________________ IT Authority Signature _____________________________ Date
_____________________________________________________ Info-Tech Research Group tools and template documents are provided for the free and unrestricted use of subscribers to Info-Tech Research Group services. These documents are intended to supply general information only, not specific professional or personal advice, and are not intended to be used as a substitute for any kind of professional advice. Use this document either in whole or in part as a basis and guide for document creation. To customize this document with corporate marks and titles, simply replace the Info-Tech Information in the Header and Footer fields of this document.
Page 5 Info-Tech Research Group
This action might not be possible to undo. Are you sure you want to continue?