Policies

University of California, Davis Acceptable Use of Computers Policy

https://ucdavispolicy.ellucid.com/documents/view/359

 

Departmental Policies

Administrator Rights

Default policy: Users do not have administrator rights to university-owned computers, only user-level rights. Changes to the system such as installing new software can be requested through Metro IT.

Exceptions: If you explain your reason for the exception, your PI may approve an exception to this policy for you in a written email to Metro IT

Exception Implementation: You will be given a second account that will have administrator rights on your computer. You must log in with your normal user-level account, but you can respond to administrator prompts (such as when installing software) with the secondary account.

Reasoning: If a virus or malware infects a computer while a user is running as administrator, the only viable solution is to back up the data, wipe, and reinstall the system. If a computer running as a user-level account is infected, only the user profile needs to be cleaned, assuming the user didn't "install" the virus by responding to an adminstrator prompt without know what was happening.


Wired Network vs Wireless Network

Default Policy: University-owned laptops and mobile devices must use the wireless network.

Exceptions: Exceptions to this policy for non-faculty are rare. Personally-owned laptops or mobile devices are not allowed exceptions. If you explain your reasoning, your PI may approve an exception to this policy for you in a written email to Metro IT. If a Windows laptop, the laptop must be on the Campus Active Directory (which may require reinstalling the operating system), must have operating system and all software up to date with security patches, must be locally firewalled, must be running antivirus, must be virus and malware free. If a Mac or Linux laptop, the operating system must be up to date with security patches, unneeded services closed, be running antivirus (Mac only), and be virus and malware free.

Exception Implementation: We will need your ethernet adapter's MAC address to register it on our DHCP server to get an IP address; we will need an extra administrator-level account on the laptop for IT access (for support).

Reasoning: The wired network is inside the departmental firewall and having roaming systems inside the firewall is a security risk.

 

Remote Desktop Access

Default Policy: Computers are not available for remote access from outside the firewall.

Exceptions: If you explain your reason for the exception, your PI may approve an exception to this policy for you in a written email to Metro IT.

Exception Implementation: We will allow remote access through the firewall to your system and provide instructions for how to access. General remote protocols are RDP, SSH, VNC.  Access is then from Campus IP space.  Using the Campus or Library VPN from off-campus will allow you to remote into your system.

Reasoning: Opening access to systems through the firewall is a security risk.

Other Notes: The use of Teamviewer is discouraged as it circumvents all firewalls.  Please discuss with IT before implementing Teamviewer as other options may be more secure and accomplish your goals.  If, after discussion with IT, Teamviewer is the remote desktop application of choice:

  1. Turn off Teamviewer when it is not in use.  Set it to not run at startup and turn it off in the taskbar.
  2. Set it to only accept connections when a user is at the console to press Accept.  No automatic connections from outside.
  3. Keep Teamviewer up to date by upgrading it regularly.  Perhaps when Windows Updates and Bigfix patching rolls out on the third Tuesday of each month.

 

Software Installation

Default Policy: Metro IT will perform all software installations after proof of purchase (if necessary).

Exceptions: If you have an administrator-level account on your system, you can install your own software.

Exception Implementation: Please adhere to all laws and university policies regarding the purchase, installation, and use of third-party software. (See Acceptable Use of Computers Policy above)

Reasoning: To make sure software is installed correctly and to double-check that the random piece of software you downloaded is what you think it is.

 

Computer and Software Purchases

Default Policy: All computer and software purchases must be vetted by Metro IT. Email us with your request and we will review and provide quotes.

Exceptions: No exceptions (except when we just don't know about it)

Reasoning: Metro IT is familiar or has access to find almost all university-related discounts and vendors. We are well suited to specifying systems and software to meet your requirements. As we are the people supporting the system, we strive to have standard configurations to keep from being surprised at people's cleverness.