DOM-IS IT Policies

 

DOM-IS Network Device Policy:

Desktops and Printers in most cases should use static IP addresses assigned either by OIS or the DOM-IS group. Devices that are not properly registered may be blocked from network access until one of the above groups has been contacted and a network device registration created for the device.

Laptops and other mobile devices should in most cases be registered for DHCP network access, which can be done via the ONYEN website or by contacting OIS or DOM-IS with the MAC address and other details about the machine and its owner or user.

 

Local Administrative Privileges Policy

Default Administrative Privilege Assignments

DOM-IS staff

DOM-IS staff members are granted administrative privileges only on those assets necessary for them to accomplish assigned job duties.  Domain Administrator Privileges are permitted, if approved, for all DOM-IS staff to accomplish their assignments.

Local Administrator

Local Administrative privileges are granted within the scope of the staff members’ area of responsibility and use only with prior departmental approval.

All other staff

No administrative privileges are granted.

Exception Criteria

Mobile/traveling user

The user often uses their assigned computer outside of the normal working hours or is not located in an area that the unit can support them.

 User with specialized software

Software the user requires for the normal performance of their job does not allow non-administrative execution or is written in such a way as it requires the user to run as an administrator on the system.

Request Process

Users may request administrative privileges by contacting the DOM-IS (domis@med.unc.edu). The staff will respond to the request within 10 business days. Urgent requests should be noted along with any information DOM-IS staff members may need prior to enabling the user’s administrative access.

Users who do not fit the established roles which allow administrative privileges may request an exception by submitting a DOM Local Admin Request Form available here. Some of the information you will need to fill this out completely is:

    1. What is the name of the computer on which you are requesting administrative privileges?
    2. How will gaining administrative privileges on this computer assist you in performing your assigned job duties?
    3. Immediate Supervisor will need to sign the form.
    4. Date this needs to take effect, if approved.

Requests will be considered within 5 business days of receipt and a ruling will be delivered to the requester within 5 additional business days. You may apply for admin privileges prior to deployment of a new computer but the tech/analyst will not be allowed to grant admin privileges on the fly.

Appeal Process

Users whose request for administrative privileges is denied may appeal the decision to the Department Chief Administrator office or the Division chief appropriate to the users division.

Approval Duration

Due to the evolving nature of technology and the changing roles of users at the university all requests for administrative privileges will be reviewed on an annual basis. This review will verify that the need stated in the request is still valid and/or that the employee still requires the approved access.

Privilege Revocation

User administrative privileges may be revoked for the following reasons:

    • User no longer serves in a role that requires them.
    • User no longer utilizes software that requires administrative privileges
    • User is involved in a data breach (Even if it is not related directly to their having administrative privileges).
    • User demonstrates unsafe practices while using administrative privileges, i.e. showing disregard or lack of compliance with UNC-CH Acceptable Use Policies or HIPAA .
    • The unit determines that the user no longer needs administrative privileges to perform job tasks.
    • User requires excessive support from DOM-IS staff as a result of having administrative privileges.

Decisions to revoke user administrative privileges will be made collaboratively by the Director of DOM-IS and the Division Administrator based on documentation of any of the above conditions. Revocation of privileges by the unit will be communicated in writing to the user upon execution.

Users may request reinstatement of their previously granted administrative privileges using the exception/appeal process. The decision process may consider the documentation and decision that led to the revocation in the restoration decision.

Users whose administrative privileges are revoked may appeal the decision or request reinstatement at a later time with the Division Administrator and Director of DOM-IS. We will respond to appeal requests in writing to the requester within 10 business days.

Document Posting and Review

The approved Local Administrative Privileges document will be posted for staff and faculty on this page. The document has been reviewed and approved by the Office of the Director of Information Services (or his designee) and will be subject to local review and updates on a biannual basis based upon the date of last review.

Forms and Resources

Application form for Administrator Privileges

Acceptable Use Policy