An Admin UW NetID is used to provide a more limited context for an ID used for administering a set of workstations, servers, or a domain. An Admin UW NetID is required for some functions, including administration of “Delegated Organizational Units (OUs)” within the central NETID Windows domain service.
Creating an Admin UW NetID
- Be sure to read and be familiar with all the information on this Web page.
- Note that additional “two factor” security will be required to create (and perform some functions with) an Admin UW NetID. To get started, you’ll need to enroll in Duo 2-factor authentication (2FA).
- Create an Admin UW NetID using the manage page.
Purpose of Admin UW NetIDs
Faculty and staff can use Admin UW NetIDs to provide a separate, more limited, and more tightly secured context for performing system administrative functions.
Common situations where Admin UW NetIDs are appropriate:
- A departmental support person has administrative access to a number of workstations
- A person administers one (or more) “servers”
- A person administers a local domain or a “Delegated OU” within the central NETID Windows domain service
Types of Admin UW NetIDs
There are three types of Admin UW NetIDs. At most you are only eligible for one of each type.
- Workstation Admin UW NetIDs: Given to individuals for administering a group of more than 50 workstations
- Server/Domain Admin UW NetIDs: Given to individuals who administrate sensitive machines and/or a “domain” (local or delegated)
- Enterprise Admin UW NetIDs: Mentioned for the sake of completeness, but are effectively limited to a very few central administrative staff
All University of Washington policies regarding the appropriate use of University resources and responsible personal conduct apply to your use of UW Information Technology computing and networking resources including Admin UW NetID accounts. In addition, your use of UW Information Technology resources must comply with the restrictions and acceptable practices established specifically for these resources.
- You should only request an Admin UW NetID if you need one.
- You should only use an Admin UW NetID for the specific purposes intended.
- You must:
- Only use these credentials in a secure computing environment. If you later determine that the credential may have been exposed to an insecure environment, you are required to immediately change your password.
- Lock your session if you are away from the computer.
- Change your password and contact firstname.lastname@example.org immediately if you believe your Admin UW NetID has been compromised.
- You may not:
- Authenticate via your Admin UW NetID from an unmanaged workstation.
- Leave yourself authenticated for more than 12 hours unless needed for a long running process or procedure.
- You should:
- Only use Workstation Admin UW NetIDs to administer workstation resources. These resources should not include ldap directories, databases, applications, or services with an open network port, except where those services are a required part of the base workstation operating system.
- Only use Server/Domain Admin UW NetIDs to administer server or domain resources. These resources can include ldap directories, databases, applications, services on one or more servers, domain (local or delegated) policies and properties.
- Only use Enterprise Admin UW NetIDs to administer enterprise-class server resources, i.e., server resources accessible to more than 100,000 user accounts.
- You should not:
- Authenticate with either a Server/Domain Admin UW NetID or an Enterprise Admin UW NetID from a workstation that has been outside your administrative control. If you must do so, you must change the password associated with this Admin UW NetID as soon as possible from a fully trusted location.
- You must:
- Change your password at least every 120 days, or more often if compliance requirements for a specific application require it.
- Use a minimum password length of 14 characters.
- You may not:
- Share your Admin UW NetID password under any circumstances.
- Use your Admin UW NetID password for any other account. This includes your personal UW NetID, other Admin UW NetIDs, local accounts, web sites, Hotmail, departmental domains, Gmail, etc.
- Store a written or digital copy of your password in an insecure location.
The UW NetID Manage page can be used to update the name associated with an Admin UW NetID.
Services for Admin UW NetID Accounts
Admin UW NetID accounts provide the following computing services:
- An email address
- Only “Server/Domain” Admin UW NetIDs can be used to administer Delegated OUs within the central NETID Windows domain service
Admin UW NetID Account Expiration
Admin UW NetID accounts can expire or be removed if the owner:
- Specifically requests that the account expire
- Ceases to be a UW employee
About 1 week after the employee is separated in Workday or their access via a UW NetID support organization is removed an expiration notice is sent. UW NetID services including user object in AD and the kerberos principle (password) are deactivated 14 days and email forwarding is deactivated 90 days after the eligibility change notice.