On a user basis, the Managed Workstation service provides:
- Managed Workstation Home directory (H:\)
- Managed Workstation VPN access
- Managed Workstation File Service access (I:\groups)
Users get enabled for these Managed Workstation services via their department. To use the Managed Workstation service your department must first have an MWS customer account. Once you have an MWS customer account, then users can be added to that customer account’s eligibility group to provision these services.
Note: if after you add a new user to your eligibility group you do nothing further, then the default user budget will be used for that new user’s Managed Workstation home directory. If that isn’t the desired outcome, you can use MyIT to explicitly assign a different budget.
Access to folders in the Managed Workstation file service (i:\groups)
In addition to needing to a member of an eligibility group to access the Managed Workstation File Services, any given user must also be granted access to the specific folder they need access to. Changes at the folder level are also managed via the UW Groups Service. However, it may not be clear which group controls access to a given folder. We can help with that–email us for assistance. You can also ask us to change which group controls access to a given folder.
Exchange mailboxes and support
Exchange Online, Microsoft’s cloud-based email and calendar service, is available to all current UW students, faculty and staff. More information and instructions are available at https://itconnect.uw.edu/tools-services-support/software-computers/productivity-platforms/microsoft-productivity-platform/exchange-online/.
Managed Workstation does not provide any Exchange support services under the monthly Managed Workstation rate, but on a consulting cost-recovery basis we can assist Managed workstation customers with some Exchange capabilities.
Adding Administrators to a Managed Workstation
We recommend limiting local administrator privileges. Limiting this type of access prevents a large variety of security risks. But there are cases where these privileges are necessary. You can request that administrative access on a specific computer be added for a user by filling out this form.
When the form is submitted, it will create a support request and send you an email confirmation. Please refer to the request number in the subject line of the e-mail for any future correspondence.
Please allow one to two days to process your request. If you have questions, you can respond to your confirmation email or call (206) 221-5000.
We strongly encourage that users not modify the local administrators group, for multiple reasons. In the event that a netid is compromised, there is currently no way to remove it in bulk from local administrator groups on managed workstations. There is also currently no easy way to determine which computers a user has local administrator access on.
It is also worthwhile to note that in the near future the way that the managed workstation service handles local administrators will be changing. This change in policy will be communicated to users and will better reflect the policies we intend to enforce with regards to local administrator of managed workstations. This change will include removing the ability for users to modify the local administrator group on managed workstations. Additionally, at that time we will remove any users that have been added to the local administrator group on all managed workstations. For that reason, we encourage you to submit your requests for administrative access as detailed above.
We don’t permit automatically including an account or user group as an administrator on all computers in a single department. As a practice we encourage our users to avoid adding a single account or user group as an admin to every machine. Adding a single account or user group as an administrator on a large breadth of machines is inherently insecure and creates unnecessary risks.
We evaluate requests to add a single netid onto multiple computers on a case-by-case basis. In the event that we approve the request, we will require that the netid to be added is a non-group, wadm account.
To create a wadm account, visit the “Admin UW IDs” section of: https://uwnetid.washington.edu/.
Exceptions require explicit approval from the owner contact.