We recommend limiting local administrator privileges. Limiting this type of access prevents a large variety of security risks. But there are cases where these privileges are necessary. You can request that administrative access on a specific computer be added for a user by filling out this form.
When the form is submitted, it will create a support request and send you an email confirmation. Please refer to the request number in the subject line of the e-mail for any future correspondence.
Please allow one to two days to process your request. If you have questions, you can respond to your confirmation email or call (206) 221-5000.
We strongly encourage that users not modify the local administrators group, for multiple reasons. In the event that a netid is compromised, there is currently no way to remove it in bulk from local administrator groups on managed workstations. There is also currently no easy way to determine which computers a user has local administrator access on.
It is also worthwhile to note that in the near future the way that the managed workstation service handles local administrators will be changing. This change in policy will be communicated to users and will better reflect the policies we intend to enforce with regards to local administrator of managed workstations. This change will include removing the ability for users to modify the local administrator group on managed workstations. Additionally, at that time we will remove any users that have been added to the local administrator group on all managed workstations. For that reason, we encourage you to submit your requests for administrative access as detailed above.
We don’t permit automatically including an account or user group as an administrator on all computers in a single department. As a practice we encourage our users to avoid adding a single account or user group as an admin to every machine. Adding a single account or user group as an administrator on a large breadth of machines is inherently insecure and creates unnecessary risks.
We evaluate requests to add a single netid onto multiple computers on a case-by-case basis. In the event that we approve the request, we will require that the netid to be added is a non-group, wadm account.
To create a wadm account, visit the “Admin UW IDs” section of: Manage UW NetID Resources .
Exceptions require explicit approval from the owner contact.