The following policy applies to research desktops and servers. Administrative access to enterprise desktops will be handled on a case-by-case basis. For more information, please contact the TSO HelpDesk at email@example.com.
The CoC Computing and Networking Services Group (TSO) is responsible for ensuring that appropriate maintenance occurs for all workstations, servers and other information technology used within CoC. In keeping with section 2.2.1 of the CoC Computing & Networking Security Procedures, every GIT-owned networked device must have a designated system administrator, which at CoC is TSO for all TSO-managed devices. Granting local system administrator privileges to a user of a TSO-managed system is equivalent to the user becoming part of the TSO support team with regard to practicing GIT and CoC policy and procedures.
Local System administrator privileges (e.g. sudo shell and Windows/Macintosh local administrator access) may be granted for users who have specific research needs that cannot be supported by TSO baseline services. Local system administrators share responsibility for their systems, which should not be taken lightly due to the complexity and integrity of the CoC network. TSO provides these general guidelines to local administrators of CoC systems, but exact privileges and responsibilities are determined on a case by case basis. Any deviation or exception must have explicit approval from TSO Management.
- Local System Administrator access requires a faculty sponsor. Non-faculty may request, but faculty must sponsor. This provides continuity in the responsibility of maintaining the device.
- Local System Administrator sponsorship must be renewed annually. The user granted local system administrator rights will receive a warning one month before expiration (with weekly reminders) with instructions on how to renew the access. If not renewed by the expiration date, the access will be removed.
- Local System Administrators must comply with all Georgia Tech computing and networking policies and, in particular, the GIT Computing & Networking Usage and Security Policy (CNUSP) and the CoC Computing & Networking Security Procedures
- In keeping with section 2.2.2 of the CoC Computing & Networking Security Procedures, local system administrators systems should not provide any unapproved network services. Examples of services include: FTP, Telnet, IRC, VNC, Active Directory, SQL server, SMTP, DNS, web servers (ie. IIS, and Apache). This also applies to peer-to-peer (P2P) software such as winmx, napster, kazaa, and morpheus. Procedures for requesting new or extended network service can be found in section 2.2.8 and 2.2.9 of the CoC Computing & Networking Security Procedures.
- Local System Administrators should not circumvent or disable security, such as disabling anti-virus or firewall software, changing any passwords on the system other than their own, creating new local users, or transferring privileges to other users.
- Local System Administrators are not allowed to reinstall the OS, modify the system BIOS, or modify the disk partition structure unless authorized by TSO.
- Local System Administrators are strongly advised against updating the OS on their own computers unless authorized by TSO. Often a Hotfix or Service Pack can prevent a computer from booting and can be irrecoverable.
- In keeping with section 3.1.2 of the GIT CNUSP, Local system administrators should also not unlawfully install, use, copy, store, or distribute copyright-protected material (e.g. computer programs, movies, television, music).
- Do not store user data on the local hard drive (if possible). A users network home directory (or research project directory) is the best place for user data. If there is trouble with the workstation, TSO personnel may need to erase and reload the entire workstation to get the system back into operation quickly. You may lose data if you store it locally.
- Local System Administrators have data backup responsibility. For users who require local user data on the systems hard drives, it is important to be aware that the data is not backed up by default by TSO. If you did not request TSO backups they are probably not being performed. If TSO is not backing up your system, then you must safeguard any local data by periodically backing up your system (i.e., copying all user files to some alternate media so that you can restore files that have been lost due to software problems, hardware malfunctions, etc.), or by making provisions to have it done. It is also important to monitor the success of backups, and in cases of failure (e.g. by lack of backup log files or warning notices) you must inform firstname.lastname@example.org
- Devices with sponsored local system administrator(s) may result in a condition of lower priority and best-effort support with regard to TSO baseline services.