You are here

Expanded Admin Rights for Windows AD Computers

September 29, 2016

A change in UMD's Active Directory (AD) policy.

The User Access Control (UAC) update was pushed out in a soft rollout last spring, and many users across campus have been enjoying the increased ease of use. A change in UMD's Active Directory (AD) policy allows users to install software, add printers, and complete other tasks without calling the Help Desk for elevated rights.

Since AD was rolled out to the campus in 2011, the University security policies have been significantly updated, which allowed us to make this change for any computer that isn't on the "highly-restricted private data" list. When UAC is enabled, if you’re doing tasks that can be done as a standard user, such as reading e-mail, listening to music, or creating documents, you have the permissions of a standard user. When changes are going to be made to your computer that require administrator-level permission (installing software, updating printer drivers), you will receive a UAC prompt to sign in with your regular University Internet credentials (username and password) and you're able to continue.

This change allows users to maintain the advantages of AD (security updates, file sharing, printing) and still maintain control over updating and installing software, etc. We see it as the best of both worlds, and are very excited to be able to offer this to the campus.

If you are interested in making this change on your Windows AD computer, please contact the ITSS TechCenter Help Desk and request permanent admin rights. An ITSS staff member will need to make a quick configuration change to your computer to complete the process.

If you have more questions, please contact Sally Bradt, 726-8856, sbradt@d.umn.edu.

Related to this article