Workstation Management Standard

To help ensure the security of University data, all workstations must be secured according to the standards listed below.

Requirements

1. University-owned Windows workstations must be managed through the University's Active Directory system.
   1. Each computer object must be located in the appropriate AD container.
   2. Each system must be joined to the domain.

2. Basic security settings must be enforced by technical policy.
   

   1. Local firewall must be turned on.
   2. Patching must be enforced.
   3. Local account passwords must meet the University's standards for length and complexity.
3. Antivirus software must be installed and kept current.
4. For University owned systems, the departmental IT professional must keep an inventory including serial number and owner information.
5. Users must authenticate to the device using a centrally managed authentication service. They must use a named account, not a generic resource account, for authentication purposes.
6. Windows workstations must have the “Shared Documents” folder disabled.
7. For Windows workstations, users must rename the Administrator account and disable the guest account.
8. Exceptions to these standards must be approved by the campus ISO and will be reevaluated on a periodic basis.

Reviewed February 27, 2016.