Policies

Policy # :  06-02

 

Effective: September 1, 2006

 

Revised:  June 2, 2011

 

Section: Operations and Services

 

Subject: HHD Computer Accounts

 

PURPOSE

 

To describe the procedure in place for resetting passwords and unlocking accounts.

 

To describe the procedure for accepting new account forms.

 

To define the minimum password standards for accounts.

 

To define rules and expectations surrounding Administrator Access Accounts.

 

POLICY APPLIES TO

All faculty, staff and students of HHD and other authorized users who have or are requesting an HHD computer account.

 

POLICY

 

Resetting Passwords

 

If a user forgets their password ISS can reset it to a temporary one-time password.  This password may only be given to the user account holder, not to a third party.  To help ensure this, a user must request their temporary one-time password in one of the following ways:

 

1.    In Person

A user may stop into 203 South Henderson and show photo ID to receive their temporary one-time password.  An ISS staff member may also take a request from a user to reset their password while on a service call.  Photo ID is required in all cases.

 

2.    Email

A user may email hhd-iss@psu.edu to request that their password be reset. However, the new password will only be given in person or over the phone.

 

3.    Phone

A user may call ISS to have their password reset. If the ISS staff member is able to verify the identity of the person on the phone, then the password may be given to the user over the phone.

 

*There are a few methods that may be used to verify the person's identity over the phone.  One of course is to recognize the user's voice.  The 2nd is if the user is able to get their department's computer deputy on the phone with them to verify their identity.  Future methods may include using a field from the user's account application form to verify their identification.

 

Unlocking Accounts

 

A user's account may become locked out if 6 or more incorrect passwords are attempted within a 30 minute window of time.

 

If a user's account does become locked out they may request to have their account unlocked in person, by email or by phone.  If, after having their account unlocked, they are still unable to remember their password and the account becomes locked again, they will have to request that their password be reset as described above.

 

 

Accepting New Account Forms

 

Users seeking HHD computer accounts must fill out the account application form and present it to an ISS staff member either in 203 South Henderson or out in the field.  In both cases the account form must be completely filled out with all of the appropriate signatures. Photo ID must be shown.

 

Exceptions to this are for our remote users located outside of the University Park, PA area.  In those cases, the account application should be faxed or mailed to ISS along with a photocopy of the user's photo ID.  If the authorizing signature is to be received from someone not local to the user's location, the materials should be sent to that person first.

 

 

Minimum password Standards

 

Passwords must meet a minimum criterion and must follow these rules:

 

Must be at least eight (8) characters.

 

Can not use any part of your name or your user ID.

 

Must be changed every six months                         .

 

Can not be changed more often than once every fourteen days.

 

Must be different than the last four passwords used.

 

Must contain at least three of the following elements:

 

Description                                                        Example

 

 Upper Case Letters                                              A,B,C,...

 

 Lower Case Letters                                               a,b,c,...

 

 Numbers                                                              1,2,3...

 

 "Special" Characters                                           {}[],.<>;:'"?/|\`~!@#$%^&*()_-+=

 

             

Administrative Access Accounts

 

To assist users who need temporary or frequent access to their computer as an administrator, ISS has created a process by which a user can obtain a local administrator account for their computer.

 

Administrative access may be granted to users meeting any of the following criteria:

 

a. The user has demonstrated thorough knowledge of the workstation and its software, including but not limited to appropriate use of file management, placement of drivers and system files, and intermediate knowledge of frequently used applications. The user rarely asks for help, and never seeks help for easily solvable items.

b. The nature of the work requires frequent installation of demo software, 3rd party software or other tasks requiring administrative privileges.

 

c. The location of the work is off-campus or removed from easy access to ISS support AND the previous two criteria are reasonably satisfied.

 

Please Note: ISS retains an administrative account on the machine that must not be disabled.

 

Administrative Access Responsibilities

 

A user with administrator privileges must be aware s/he will have access to control panels, registry settings and other components that could irreparably harm their system. The user may access only those functions necessary to complete his/her task.

On PCs, users should only log in with the administrative account to perform system functions. Hackers can use administrative-level access to gain control of the workstation. Therefore, administrative accounts should only be used when performing system functions such as installing software, checking logs or performing maintenance. You should then log off as administrator and log back in with your normal user account.

On Macs, users must continue using their regular user accounts and supply the administrative password when it is requested.

The user must agree and adhere to all of the responsibilities listed in HHD policy 04-02 and University policies AD11, AD19, AD20, AD22, AD35 and ADG02.

The user must not modify or circumvent the login configuration.

The user agrees to accept responsibility for any lost data if running disk repair or other utilities, reinstalling the system or performing any other system-altering function.

The user agrees to not enable file sharing, web services or any other service on the workstation that will turn it into a server without consulting with ISS (Servers require our HHD Server Registration Form be completed). Doing so incorrectly could open up the network and others on the network to outside attack. The user understands that ISS or the University has the discretion to take the machine off the network if a threat to security is found.

If you have determined that you would still like administrative access to your PC please obtain our Local Workstation Administrative Access Request Form which is available in the Forms area of our Help Spot web page.