ITS Policies

Desktop Administrator Access Policy

December 2023

In keeping with the mission of the University, Information Technology Services (ITS) continues to work to provide secure and stable computing environments to better facilitate teaching, learning, and research. One key factor in achieving that mission is to limit administrative rights on individual workstations. This practice is supported by the University of Missouri System Information Security Policies and University administration. It has been widely proven that limiting access for regular users to install or change software significantly decreases instances of Malware and Ransomware on computers and networks.

By default, all members of the University will have regular "User" access on all campus-owned individual workstation computers. If a user has a valid business case to have elevated access (Administrator Access) on their workstation, an approval/exception process is in place.

To request Administrator Access:

• Log in at help.umsl.edu.
• Click on the "Windows Desktop Administrator Access" or "Mac Desktop Administrator Access" button.
• Complete the form. This form must be completed by the person requesting the access. The information about the workstation, such as the workstation name, must be provided, as well as a detailed reason for the request. These requests will be reviewed on a case-by-case basis.

There are several different scenarios that fit different types of access that may be granted as described below.

Scenario 1:  I need a few applications installed and they may need to be updated occasionally.

• In most cases, the Technology Support Center can add that software to your computer and help you when needed.

Scenario 2:  I need to install a few applications and make some changes to my computer. This is not something I will need all the time, but might from time to time.

• In this case, ITS will give you a one-time admin account, which is the best option.

Scenario 3:  I need to install a few applications and make regular changes to my computer, as the applications require administrative rights to fully function.

• ITS will add an application to your computer that allows you to self-elevate to admin status when needed.

Scenario 4:  I need to install different applications regularly as part of my teaching or research.

• ITS will add an application to your computer that allows you to self-elevate to admin status when needed.

IN ALL CASES ABOVE, YOU CAN ONLY INSTALL SOFTWARE THAT HAS BEEN OFFICIALLY APPROVED THROUGH SECURITY/LEGAL REVIEW FOR USE ON UNIVERSITY COMPUTERS. EVEN IF IT IS FREE SOFTWARE OR YOU HAVE BEEN USING IT FOR A LONG TIME, ALL SOFTWARE NEEDS TO BE APPROVED PER UNIVERSITY POLICY BPM-12004.

Software approvals can be submitted on the following site: IT Procurement webpage.

Additional FAQs about Desktop Admin Rights can be found here.

University of Missouri-St. Louis Information Technology Network Usage Policy

The University of Missouri-St. Louis (UMSL) campus network provides access to the campus computing facilities. All users of the UMSL network must conform to the University of Missouri-St. Louis Acceptable Use Policy. Upon connecting a computer to the UMSL network, there are additional policies that must be followed. Violation of any of the following policies may result in immediate disconnection from the network.

Network Usage:

• All UMSL network traffic to and from the Internet must go through the firewall. Any network traffic going around the firewall must be accounted for and explicitly allowed by the Computer Security Incident Response Team (CSIRT).
  
  
• Computer Security Incidents and Abuses can be reported to the CSIRT at abuse@umsl.edu, or call the Technology Support Center at 314-516-6034.
  
  
• Applications which transmit sensitive information over the network in clear text, such as telnet and ftp, are prohibited and will be blocked. Exceptions must be accounted for and explicitly allowed by the CSIRT. Secure free replacements to telnet and ftp are SSH and SFTP.
  
  
• UMSL has enabled port locking which locks a specific PC to a specific network port. Moving a PC to another port, or plugging a new PC into an old PC's port will result in an automatic disabling of that port. The Technology Support Center will have to reset the port.
  
  
• Users may not go outside UMSL for network connectivity, such as signing up for a connection to an outside Internet Service Provider, without the consent of Information Technology Services (ITS).
  
  
• Activities that inhibit the ability of others to connect to or use the network are prohibited. This includes, but is not limited to: unauthorized file-sharing, initiating denial of service attacks, initiating viruses or worms, and network scanning.
  
  
• ITS will attempt to satisfy all requests for special network topologies that are needed for research or teaching. There may be costs associated with these accommodations.

Workstation Configuration and Network Administration:

• Only UMSL approved and updated Operating Systems will be allowed to access the UMSL network.
  
  
• Windows based Faculty and Staff systems must be joined to the UMSL Domain. Exceptions must be approved by ITS.
  
  
• Faculty and Staff Windows based systems must run the current campus anti-virus software.
  
  
• All systems on the UMSL network must be registered through our Network Access Control System (NAC).Faculty and Staff Windows and Macintosh systems must have the NAC Persistent Agent installed.
  
  
• Faculty and Staff are responsible for the servers they manage and for keeping them in compliance with campus rules.
  
  
• Students may not provide accounts, disk storage, or web pages for other users.
  
  
• Users may not set up servers without first notifying ITS. This includes but is not limited to DHCP, DNS, WINS, FTP, Web, or Mail servers.
  
  
• By default, IP addresses are automatically assigned by Dynamic Host Configuration Protocol (DHCP). The use of a hard-coded or non-approved IP address is prohibited. IP addresses can change without notice unless arrangements are made with ITS to assign a static IP.
  
  
• A computer should not be connected to the network via wired connection and wireless connection at the same time.
  
  
• Network administration tools are not allowed without the consent of ITS. This includes, but is not limited to:
  
  • Network monitors
  • Sniffers
  • Vulnerability scanners
  • Port scanners
  • SNMP tools

Network Hardware:

• University computing equipment must not be tampered with in any way.
  
  
• Wiring may not be split, re-wired, or re-configured.
  
  
• Mini-hubs, routers, switches, bridges, wireless access points, wireless bridges, or other network hardware are not allowed.
  
  
• Only one computer at a time may connect to each in-room jack.
  
  
• A PC with multiple network cards is not allowed to function as a network address translation gateway. For example, Windows Internet Connection Sharing is prohibited. No device other than an ITS device will be permitted to route or bridge packets.
  
  
• A PC with a wireless card may not be configured to act as a wireless access point.
  
  
• Game Systems as well as Video/Audio streaming devices such as Roku, Google Chromecast and AppleTV are not allowed on the wireless network. If the device is able, it can be connected to the wired network after it’s been registered in NAC.

Network Maintenance Window:

Sunday mornings (midnight thru noon), 1st and 3rd Wednesday of the month (4:00a.m. thru 7:00a.m.) and 2nd and 4th Friday of the month (5:30p.m. thru Sat 6:00a.m.) are reserved for network maintenance. Every effort will be made to give prior notice. The network and or servers may be unavailable during this time so updates can be made. Access to the network may be suspended to preserve the integrity of the network.

Temporary Guest Accounts:

Non-UMSL users may be granted a temporary guest account with approval by ITS to help facilitate collaboration with researchers at other Universities and sites. These accounts will be allowed to VPN into UMSL. A faculty member must request the account, fill out a form, and be responsible for the account's usage.

Individual Responsibility for Security on the Student Network:

Users in UMSL student housing are expected to take reasonable steps to ensure that their computer systems do not create a security risk when connected to the network. This includes but is not be limited to the following steps:

• Users must register their computer on the student network using an SSO/ MyGateway username and password.
  
  
• Windows based systems must run a current and updated anti-virus software.
  
  
• Operating systems and software must be kept current with the latest patches and service packs offered by the vendors.
  
  
• Wired Windows and Macintosh student systems must have the NAC Persistent Agent installed.
  
  
• All accounts on student owned machines should have passwords.
  
  
• It is recommended that individual computers be protected by a personal firewall.
  
  
• It is recommended that users perform regular scans for malware using anti- spyware software.

For more information, visit ITS Security.

Standard Equipment included with the UCP

ITS has developed computer standards in order to keep hardware and support costs down. By using standard hardware, operating systems and applications, ITS can reduce the total cost of ownership, the time it takes to deploy a computer to a user, and the time it takes to fix and support issues related to the system. 

A Windows based laptop is the standard computer provided to users allowing workplace flexibility and mobility. Users will have the option to obtain one external monitor, docking station allowing for external monitor support, wireless keyboard/mouse, and carrying case.

Computers and associated peripherals will be refreshed after a minimum of 5 years or when they have reached end-of-life as determined by ITS.  

When ITS determines a system needs to be replaced, ITS will contact the end-user assigned to the computer via email to begin the multi-step replacement process. ITS staff will provide guidance on preparing for setting up the new computer.

ITS is unable to delay replacement or hold equipment. Once the equipment is ready an appointment will be scheduled for replacement. All systems and peripherals that have reached their end of life as determined by ITS must be surrendered to the Technology Support Center to be prepared for surplus. All systems will have their hard drives securely wiped. It is the responsibility of the UCP contact and/or Unit Business Managers to ensure the return of all equipment.

Systems purchased from university surplus are not allowed to be connected to the UMSL network and will not receive support from the Technology Support Center.

Exceptions to the Standard Computer

Exceptions to the standard computer can be reviewed under the following conditions:

1. Documented requirements for the need for a different operating system, special hardware configurations, or other special needs not afforded under the standard option.
2. Unit Business manager approves of the request.
3. College, School or Division lead approves the need.

If the above 3 requirements are fulfilled, then the following must be observed:

1. Technology Purchase Request including the above criteria is submitted, and CFO/CIO or their delegate approves the exception.
2. The end user's unit/department will be financially responsible for any difference in cost above the current provided standard offering.
3. The department acknowledges that support may be limited on the device and may not receive the full extent of support offered by ITS.

Departments shall assume the cost of any computers, upgrades, or additional peripherals beyond the standard workstation that is provided as part of the UCP.

Standard Services Included with the UCP

Support for UCP system shall be provided through the Technology Support Center. These support services include, but may not be limited to:

• Initial installation and setup of system
• Connection to the campus network, phone system, and network printers
• Connection to cloud resource offerings such as OneDrive
• System diagnosis and resolution of reported problems
• Evaluation to determine when components are eligible for replacement

 5/26/2021

Systems Maintenance Policy PDF

Audience

All members of the University of Missouri–St. Louis community including prospective and
current students.

Statement

SMS text messaging is an efficient and effective way of communicating with current and future
members of the university community. The University of Missouri–St. Louis (UMSL) will only
distribute text messages to users that opt-in to receiving our text message while providing the
ability to opt-out at any point by changing their communication options related to SMS text
messaging. Those who opt-out will be marked as such and not receive text messages until they
opt back in.

Background

The University of Missouri–St. Louis recognizes that text messaging can be a highly effective
means of communication, but the university is also aware of the need to protect user’s data
and limit what information may be sent through a text. As a university, UMSL will follow all
guidelines for FERPA, The Privacy Act of 1974 and the Telephone Consumer Protection Act. No
information in violation of these laws may be sent via text. The university will not share any
information via SMS text-messaging apps with any 3rd parties without allowing users to opt-out
before sharing. The university must protect user data to ensure a positive communication
experience.

Guidelines and Procedures

UMSL has developed and implemented an SMS Text-Messaging Management system to
manage the opt-in or opt-out of users for text messaging. Users should visit
MyGateway.umsl.edu and use the SMS text-messaging app to verify their cell phone number is
correct and to opt-in or opt-out of different message categories. All new students applying to
UMSL are automatically opted-in when submitting an application for admission to the
university. (Please note: If a student does not want to receive text messages, they can reply to a
text message with STOP, or visit the MyGateway portal to opt-out. These guidelines and
procedures must be followed by each department / office responsible for sending SMS text
communications).

There are currently five different text-messaging categories.

1. Academic Messages – Users may receive messages about advising, tutoring, class scheduling academic support services, etc.
2. Student Affairs – Users may receive messages about student affairs related resources and programming.
3. Finance – Users may receive messages about payments, student financial aid and scholarships.
4. Information Technology – Users may receive messages about Helpdesk work orders and possible security issues with your accounts.
5. Enrollment Management - Users may receive messages related to admissions information, registration and information related to enrollment.

Students can expect to receive:

• Guidelines for student success and support
• Reminders of important dates and deadlines
• Inquiries for providing assistance

Students can respond with:

• Questions
• Comments
• Responses

User Privacy:

Due to privacy laws, such as FERPA, certain information may not be able to be discussed via text
messages, (such as grades, GPA, etc.). If the conversation evolves to the need to discuss
sensitive information, the student may be asked to check their email account.

Email remains the official form of communication

Text messaging will be utilized to enhance communication. Email to a user’s university email
account is and will remain the official form of university communications. Students should
check their university email account on a regular basis for official and important university
communications.

Frequency of SMS text communications

Participating departments will send an average of one to two text messages per month. During
key times, such as registration, text messages may be sent more often.

Note: UMSL departments interested in utilizing text messaging for student communications should submit a Cherwell ticket.

Original Issue Date: August 2019

Revised Date: December 2020