Basics
Use a standard account when operating a computer on a daily basis.
- A standard account is an account that has ONLY the authorizations you need to do your work while protecting you from malware.
Some legacy applications do not work with typical user account privileges and adjustments may be needed.
- In this case, contact the software vendor and/or local IT staff to adjust the application or configuration.
If there is a recurring need for an administrator privileged account, contact your IT staff and they can set up a second account for this purpose.
- Typically a “-la” (local admin) suffixed account (to be used when special authorizations are needed)
Using a standard account is a best practice and is required for systems interacting with Category 1 data (per 5.14 of the UT Minimum Security Standards).
- For computers using an Active Directory domain, all accounts must be based on the domain. Privileged accounts should not be used to create new local accounts or change local account configuration like guest accounts.
What To Do
If you are NOT running as administrator:
- And everything is working then no action required
- And you are experiencing problems with software or hardware – contact your IT Support or the ITG Service Desk
If you ARE running as administrator:
- Ask your IT support to remove your account from the administrators group
- Work with your IT Support to address any problematic software
- If an administrator account is needed, contact the ITG Service Desk and they will create one for you if your computer is on the ENGR domain
FAQs
- Why is it so important that I don’t run as an administrator?
Spyware, keystroke-loggers and other malware on the web and email thrive on taking complete control of systems when the user is running with an administrator account.
Infections can take your computer out of commission for hours and even days while it is formatted and reinstalled. If your system housed Category 1 data, you could be required to provide additional information and explanations to the UT Information Security Office.
A standard user account is a key part of minimizing the impact of these threats.
- How do I know if I am running as an administrator or a standard user?
An administrator account is any account that is in the administrators group on a computer, the account does not have to have administrator in the name.
A standard user account is an account that is not in any other special groups like administrator (or power users). Determining if you are using an administrator privileged account can require going in to more technical areas. An easier way is to go to http://update.microsoft.com to attempt to update your computer. If you are an administrator, it will let you scan for updates. If you are a standard user it will send an error.
- I have been set up with a second account for administrator access. How do I use it correctly?
When you were provided the second account, the ITG Service Desk also provided an information sheet on how to use this. For reference it is also available online.
- My applications don’t work unless I am an administrator?
There are some older applications that were not written correctly and do not work out of the box unless you are an administrator. If you have one of these applications you should see if there is an update from the vendor. If not, contact your IT support and they can make a few adjustments that should allow almost all of these applications to work.
- I have tried this but a special piece of hardware and software won’t work unless I am an administrator!
In this case, you should work with your IT staff to perform a reasonable review of the environment. If there are no reasonable alternatives, the system may be placed in a network that can only access campus resources and not the internet.