WINDOWS CLIENT ADMINISTRATION
Georgia College & State University (GCSU) and The Division of Information Technology (IT)
recognize that some faculty and staff have a demonstrated need to perform what would otherwise
be considered administrative functions on computer equipment assigned to them by GCSU. It is
also recognized that additional administrative functions may pose a risk to both the individual and
the University. Risks that could face the University may be in the form of mis-configuration, errors,
omissions, lack of diligence, poor understanding, or malicious intent. Whatever the cause of the
risks, they are real and may severely impact the University or the student body.
The following definitions are germane to the understanding of this procedure:
Local computer – As far as this procedure is concerned, a local computer refers to the
computer, laptop, or workstation that is assigned to an individual or department.
Local Administrator – A local administrator is an individual who has been assigned certain
computer privileges that allow for the execution of special administrative processes on a local
Domain – A domain is a group of computers that receives information from a primary
computer known as a domain controller. This information allows for the efficient and
centralized management and coordination of a large number of local computers. The
primary GCSU domain provides the basic file and network access and privileges to every local
computer in the domain.
The University implemented an infrastructure known as an Active Directory or Domain as a means
to more effectively manage computer labs at a time when the number of lab computers was
growing rapidly. In this area, the domain continues to function well allowing a relatively small
number of staff to manage a large number of lab computers. During that period a change was
made to our mission and faculty were being hired at a rapid pace. The support staff was unable to
keep pace with the increasing demand for services and looked for ways to work more efficiently.
The domain model in the computer labs had been very effective and was used initially as a stop
gap measure to be able to manage local computers for new faculty. Time passed and the demands
increased, so a computer management system known as Altiris was moved into production in
addition to the existing domain. Altiris allowed remote administration to any domain affiliated
computer anywhere on campus. Advances in Altiris continue to improve efficiencies for what is now
Technology Support Services and benefit the campus as a whole.
Local administration is a responsibility to be considered seriously by both the individual and the
University. Information technology and the Internet have placed each individual by way of the
computers on the global forefront of communications. Though physically located in rural Georgia,
in the world of technology each of us are now in Tokyo, New York, or Brussels via the Internet.
Individuals must consider information security from this perspective rather than from the view of
rural Georgia. The reality is that computing network power and ability expose us directly to
individuals that would destroy, damage, or sell the University’s information. Any risk normally
associated with being connected to the internet becomes multiplied greatly when local computer
administration does not assure proper configurations. Risks directly associated with local
- Loss of data by error or omission;
- Accidental or intentional publication of private individual data;
- Viral infection;
- Hardware damage due to mis-configuration;
- Hardware damage due to virus or worm;
- Unwitting participation in viral propagation;
- Unwitting participation in a Denial of Service attack (DoS), or intrusion;
- Disruption of University services;
- Publication of proprietary University data.
- Corruption of proprietary University data.
- Capturing proprietary information by recording activity through key computers.
The following responsibilities shall lie with the individual who undertakes the role of local
administrator and the unit or college administrator approving the waiver. The local administrator
- Only perform installation or maintenance on the local computer(s) assigned to them;
- Update all software patches including but not limited to MS Windows, and MS Office;
- Update antivirus definitions weekly or set to automatically update weekly or more often if
- Install software that is not listed on the “Approved Software” list in emergency or time
sensitive situations only. All other software installations shall be coordinated through Serve
unless the software to be installed is “Approved Software”. In the event of an emergency
installation, the faculty or staff member shall notify Serve no later than the next business
day via email or telephone.
- Provide IT with original media and software licenses regardless of funding source. Software
purchased by grant or non-state funds shall be kept by the party awarded the funding along
with accurate records of licensing. IT shall be provided with a working copy of the installation
media in addition to a photocopy of the software license.
- Only install software essential to the local administrator’s business function.
- Local administrators may install software listed on a published “Approved Software” list
providing that appropriate licensing has been purchased by or on behalf of the installing
party. Local administrators may request that IT review software for addition to the
“Approved Software” list.
- Faculty may install test packs from known and reputable publishers.
- Local administrators may not install software from a published “Refused Software” list.
Software on this list has been proven to be of detriment to the local computer or the overall
infrastructure of the University.
- Screensavers may be native Windows screensavers or the local administrator may request
approval of an alternative commercial screensaver.
- All non-commercial software including items developed by other faculty or other Universities
shall be approved by IT prior to installation.
- If comparable software products are available, the approved software shall take precedence
over unapproved software. Local administrators may install unapproved software if that
software directly supports an academic course or scholarly research. No support shall be
provided by IT for unapproved software.
- Local administrators shall not disable or alter any operational settings on a local computer
put in place by IT.
- Updates published by IT are considered critical and shall receive precedence over updates or
- patches from other sources.
- Local administrators shall not alter or disable hardware without prior approval of IT.
Removable media and external peripherals are exempt from this point.
- Local administrators shall not attempt to circumvent any security established on the local
- Local administrators will not attempt to capture login information, network traffic, or any
other data that may be considered sensitive.
Local administrators must be renewed and re-registered annually with IT by October 1 or the next
business day if October 1 falls upon a weekend or holiday.
NOTE: This procedure does not supersede other GCSU policies or procedures. The local
administrator must agree to abide by all GCSU policies and procedures as well as local, state, and
RESPONSIBILITIES FOLLOWING AN INFORMATION SECURITY INCIDENT
It is the responsibility of the local administrator to follow best practice guidelines in securing
workstations and servers and the administrator’s supervisor to ensure that expectations in this
area are clearly understood and in writing, and that the local administrator is adequately trained
In the event that problems arise as a result of local administration of a faculty member’s
computing equipment, the local administrator and their supervisor, will work with the IT to correct
any problems that result from the event. The local administrator and the administrator’s
supervisor, in cooperation with the Division of Information Technology, will review administrative
practices or procedures in place that may have contributed to the security event and take
immediate corrective actions to avoid future re-occurrences.
PROCEDURE FOR REQUESTING LOCAL ADMINISTRATION
1. Interested parties shall complete, sign, and submit the form, “Application for Local
Administration” (Appendix A) to the designated administrators by the Dean of the College or
the University Librarian.
2. The designated administrators will forward the Application for Local
Administration to the CIO.
3. The CIO will review the application and associated justification.
4. The CIO will approve or deny the request and notify the designated
5. Upon approval the local administrators will read and agree to comply with the Information
6. The local administrators will complete the appropriate WebCT security course and pass the
7. IT will register the computer assigned to the local administrators for routine scans for
8. The application process will be renewed annually in October of each year.
Application for Local Administration