Skip to main content

Admin Permission Violation Policy

Policy on Misuse of Elevated Privileges (Admin by Request / Privileges)

As part of our Endpoint Privilege Management strategy, faculty and staff may be granted the ability to temporarily elevate their device permissions using Admin By Request (Windows) or Privileges (macOS). This access is intended to support productivity and flexibility while maintaining a secure computing environment.

With elevated privileges comes added responsibility. Misuse of admin rights — even if unintentional — can put institutional systems, data, and users at risk. To ensure appropriate use of these tools, violations of this policy will be addressed through a three-strike process as outlined below.

What Constitutes a Violation?

A violation occurs when a user takes action using elevated permissions that violates institutional policies, security standards, or acceptable use expectations. Examples include (but are not limited to):

  • Installing prohibited or unauthorized software (see Prohibited Software documentation)

  • Disabling or circumventing security tools (e.g., antivirus, endpoint detection, device management platforms like InTune or Jamf)

  • Installing software in violation of its license terms (see control CM-11)

  • Making system configuration changes that impact security, networking, or device management

  • Creating unauthorized local accounts or attempts to make admin access persistent beyond the session time provided by Admin By Request or Privileges

  • Using admin privileges to support unauthorized users or activities

  • Using admin privileges to violate the university’s Acceptable Use Policy

Three-Strike Enforcement Process

1. First Strike – Informal Warning & Reversal

  • The user receives a warning from their local IT support team.

  • The specific action taken with elevated permissions will be reversed or remediated as needed.

  • IT may offer education or clarification on proper use of ABR/Privileges to prevent future issues.

2. Second Strike – Formal Warning from Information Security

  • Temporary suspension of admin privileges

  • Access to admin privileges will be reenabled after a formal discussion with the Office of the CISO

    • They will be informed that any further misuse will result in loss of elevated privilege access.

    • An email will be sent to the offending employee (CC: employee’s direct supervisor; ciso@tamu.edu) documenting the conversation and reiterating the expectations to maintain access to admin privileges

  • The specific action taken with elevated permissions will be reversed or remediated as needed.

  • Additional guidance or policy training may be provided.

3. Third Strike – Revocation of Administrative Access

  • The user’s access to Admin by Request or Privileges will be permanently revoked.

  • Any future actions requiring admin privileges will be strictly limited to standard IT support channels.

    • This includes the restriction & removal of local administrative accounts, “-admin” accounts, alternate logins, etc.

Additional Notes

  • Local IT and Information Security will coordinate on detection, documentation, and enforcement of violations.

  • Strikes do not reset over time; they accrue cumulatively throughout a user’s employment. Appeals due to exceptional circumstances can be submitted to the Office of the CISO.

  • This policy is an extension of the existing Endpoint Privilege Management policy and should be read in conjunction with it.

If you have questions about this policy or appropriate use of admin privileges, please contact your local IT team or the Endpoint Security Team.