University of California, Davis Acceptable Use of Computers Policy
Default policy: Users do not have administrator rights to university-owned computers, only user-level rights. Changes to the system such as installing new software can be requested through Metro IT.
Exceptions: If you explain your reason for the exception, your PI may approve an exception to this policy for you in a written email to Metro IT
Exception Implementation: You will be given a second account that will have administrator rights on your computer. You must log in with your normal user-level account, but you can respond to administrator prompts (such as when installing software) with the secondary account.
Reasoning: If a virus or malware infects a computer while a user is running as administrator, the only viable solution is to back up the data, wipe, and reinstall the system. If a computer running as a user-level account is infected, only the user profile needs to be cleaned, assuming the user didn't "install" the virus by responding to an adminstrator prompt without know what was happening.
Wired Network vs Wireless Network
Default Policy: University-owned laptops and mobile devices must use the wireless network.
Exceptions: Exceptions to this policy for non-faculty are rare. Personally-owned laptops or mobile devices are not allowed exceptions. If you explain your reasoning, your PI may approve an exception to this policy for you in a written email to Metro IT. If a Windows laptop, the laptop must be on the Campus Active Directory (which may require reinstalling the operating system), must have operating system and all software up to date with security patches, must be locally firewalled, must be running antivirus, must be virus and malware free. If a Mac or Linux laptop, the operating system must be up to date with security patches, unneeded services closed, be running antivirus (Mac only), and be virus and malware free.
Exception Implementation: We will need your ethernet adapter's MAC address to register it on our DHCP server to get an IP address; we will need an extra administrator-level account on the laptop for IT access (for support).
Reasoning: The wired network is inside the departmental firewall and having roaming systems inside the firewall is a security risk.
Remote Desktop Access
Default Policy: Computers are not available for remote access from outside the firewall.
Exceptions: If you explain your reason for the exception, your PI may approve an exception to this policy for you in a written email to Metro IT.
Exception Implementation: We will allow remote access through the firewall to your system and provide instructions for how to access. General remote protocols are RDP, SSH, VNC.
Reasoning: Opening access to systems through the firewall is a security risk.
Default Policy: Metro IT will perform all software installations after proof of purchase (if necessary).
Exceptions: If you have an administrator-level account on your system, you can install your own software.
Exception Implementation: Please adhere to all laws and university policies regarding the purchase, installation, and use of third-party software. (See Acceptable Use of Computers Policy above)
Reasoning: To make sure software is installed correctly and to double-check that the random piece of software you downloaded is what you think it is.
Computer and Software Purchases
Default Policy: All computer and software purchases must be vetted by Metro IT. Email us with your request and we will review and provide quotes.
Exceptions: No exceptions (except when we just don't know about it)
Reasoning: Metro IT is familiar or has access to find almost all university-related discounts and vendors. We are well suited to specifying systems and software to meet your requirements. As we are the people supporting the system, we strive to have standard configurations to keep from being surprised at people's cleverness.