Virginia Tech® home

Administrative access for Endpoints process

STEPS for Administrative Access for Endpoints and Servers

  1. Go To: https://4help.vt.edu/sp?id=kb_article&sys_id=92e13a831bf27890a6396571604bcba5
  2. Scroll down to the heading Administrative Rights FAQ, click on the link in 1a. https://4help.vt.edu/sp?id=sc_cat_item&sys_id=0eb4f1271b73a810ec30ebde6e4bcb36
  3. On the next page Click on the Maroon bar that says “Login to Request this Service”
  4. It will look like you have been directed to the same page as above but it is different, Click on the Maroon bar that now says “Request this Service”
  5. This will bring up a page with your Requester Details at the top. Please use the next steps to follow through the remaining questions:
    • Review the following explanations for the choices and select either A, B, or C
    • If you selected A or B
      • Please select your departmental IT technical contact for review
        • TYPE in “kmbishop” and select Kevin Bishop
      • Please select your department head or authorized approver for approval
      • Please provide your business use case for this request 
        • NOTE: You cannot use “Convenience” or “Because I need it”
        • Select machine you require administrative access to (If you check email on your computer or deal with any sort of VT data you have to select End point: Moderate – risk data)
          • NOTE: The remaining questions and answers are following the options that populate if you selected End point: Moderate – risk data
          • List the hostname(s) of the system(s) for which you will have admin rights access
            • This is your computer name, you can use windows search and type "About your PC" and this will give you the computer name.
            • NOTE: List ALL of your VT computer, laptops, etc here, you can also upload a csv spreadsheet
          • List VT asset tag, as comma separated values
            • This is an 11 digit # starting with VT000______ on a little white sticker that says Property of Virginia Tech
            • If you have more than one, list all with a comma between each
          • Systems for which I have Admin Rights will be patched within 30 days of the patch being published
            • SELECT: My Department handles timely patching
          • Briefly describe the patching process
            • TYPE: Bigfix/Intune
            • Whole-Disk encryption has been configured for the system
              • SELECT: My department has enabled whole-disk encryption and manages its keys
            • Describe the whole-disk encryption solution used and who has custodianship of the keys and manages failsafe access
              • FOR PC (Dell/Microsoft device, Windows 10 and newer) TYPE: Bitlocker. Pamplin IT has custodianship of the keys and manages failsafe access (Bigfix/Intune)
              • FOR MAC TYPE: Filevault. Pamplin IT has custodianship of the keys and manages failsafe access (Bigfix/Intune)
            • Anti-malware and antivirus protections are installed and scheduled to run full scans every week
              • SELECT: My department affirms that these protections are in place and scan weekly
            • List the name of the antivirus/anti-malware software used
              • FOR PC: Defender (OS integrated)
              • FOR MAC: XProtect (OS integrated)
            • Backups of local user data are made weekly
              • SELECT: I have implemented regular backups of user data
            • Briefly describe the backup process and software used
              • FOR PC: Pamplin IT helps users setup Onedrive for Business which makes a copy of any file on the desktop and my documents to the cloud
              • FOR MAC: Many MAC users use their own iCloud account to make a copy of their data in the cloud. If they do not use iCloud, they are encouraged to use Microsoft OneDrive app or Google Drive for syncing to the cloud.
            • System(s) are registered with the departmental inventory system
              • SELECT: My department handles departmental inventory and confirms system is registered
            • A host-based firewall has been properly configured in default-deny mode and permits only necessary services
              • SELECT: My department manages the firewall configuration
            • At the end of the equipment’s functional life, it will be disposed through Surplus Property
              • SELECT: My department will coordinate with Surplus to dispose of retired equipment
            • No anonymous system access is allowed. Passwords with age, length and complexity requirements are set and meet VA Tech requirements. A 15-minute inactivity screen-lock is in place
              • SELECT: My department has followed the above guidelines to meet Virginia Tech guidelines
            • BigFix or equivalent patch management service has been installed and is actively managed
              • SELECT: My department uses BigFix (or equivalent service) to maintain system patching
            • List the patch management service in use
              • TYPE: BigFix/Intune
            • CLICK the Maroon SUBMIT button on the right-hand navigation bar
              • A CONFIRM ORDER box will Pop-up. CLICK on the maroon Checkout Button
              • A light green box will appear at the top of your screen saying: “Thank You Your Order has been submitted”
    •  If you selected C
      • Please list organization codes you are responsible for
      • Please select your department head or authorized approver for approval
        • TYPE in “kmbishop” and select Kevin Bishop
      • Please provide your business use case for this request
        • NOTE: You cannot use “Convenience” or “Because I need it”
      • CLICK the Maroon SUBMIT button on the right-hand navigation bar
        • A CONFIRM ORDER box will Pop-up. CLICK on the maroon Checkout Button
        • A light green box will appear at the top of your screen saying: “Thank You Your Order has been submitted”