In accordance with SUNY policies and industry best practices, faculty and staff are granted standard user privileges on university-issued computers. Administrator rights on campus devices are reserved for IT personnel.
Standard User Access vs Administrator Access
Standard User Access: This allows users to perform daily tasks like using installed apps, managing files, printing, and changing personalization settings under their profile. It prevent changes to the operating system, installation of unauthorized software, or changing device security settings. University-issued computers are configured assuming users are working under standard user privileges.
Administrator Access: This level of access allows users to make changes to the operating system, install software, and make modifications to security settings. On university-issued computers, this access is reserved for IT staff.
Purpose of Limiting Access
Protecting Against Security Threats: Limiting administrator rights helps reduce the risk of malware, ransomware and other cyber threats. Many security breaches occur when malicious software installs itself through accounts with admin privileges, without an obvious sign to the user that a change was made. Restricting these rights strengthens our overall cybersecurity posture.
Ensuring System Stability and Performance: Administrator-level changes, such as installing unapproved software, altering configurations, or disabling security settings can unintentionally cause system errors or conflicts. Centralizing control helps maintain consistent performance across all devices and provides a more useful environment for compatibility testing.
Compliance with Institutional and Regulatory Standards: Part of SUNY Buffalo State University’s compliance obligations require the campus to follow industry best-practices and security frameworks, including a "bedrock" recommendation to restrict local admin access to safeguard institutional data and protect sensitive information.
Improved Support and Faster Issue Resolution: By standardizing configurations and limiting unauthorized changes, IT can diagnose and resolve technical issues more quickly, ensuring less downtime and a smoother experience for everyone.
What This Means for You
Completing Everyday Tasks: standard user privileges are sufficient for performing most daily tasks (e.g., using installed applications, saving documents, printing).
Installing Approved Applications: select approved applications can be installed (without administrator rights) through Software Center on PCs and Self-Service on Macs.
Requesting Other Applications: to request the installation of other software applications, you can submit a Software Request through the IT portal.
We understand that limiting access can lead to some frustrations, but it’s an important step toward protecting both our systems and the sensitive information we manage every day. Thank you for your understanding and cooperation as we continue to strengthen our cybersecurity and improve IT services. If you have any questions or concerns, please don’t hesitate to contact the IT Help Desk at 716-878-4357.