Workstation Management Standard

To help ensure the security of University data, all workstations must be secured according to the standards listed below.

Requirements

1. University-owned workstations must be managed by a centrally supported workstation management tool.
2. For workstations running a Windows operating system.
   
   1. Workstations must be managed through the University's Active Directory system. 
   2. Each computer object must be joined to the domain and be in the appropriate AD container and tier.
   3. Workstation must have the "Shared Documents" folder disabled.
   4. The local Administrator account must be renamed, and the guest account must be disabled. 
3. Basic security settings must be enforced by technical policy.
   
   1. Local firewall must be turned on.
   2. Patching must be enforced.
   3. Local account passwords must meet the University's standards for length and complexity.
   4. Security standards should be based on an industry accepted best practice. (NIST, CIS, Microsoft Security Baseline, etc...)
   5. A University approved antivirus software must be installed and managed by a centrally supported workstation management tool. 
4. For University owned systems, the department or central IT must keep an inventory including serial number and owner information.
5. Users must authenticate to the device using a centrally managed authentication service. They must use a named account, not a generic resource account, for authentication purposes.
6. Administrative access to the workstation requires the use of a dedicated administrative account.
7. Exceptions to these standards must be approved by the campus ISO and will be reevaluated on a periodic basis.