Workstation Security Policy


  • In order to maintain and administer staff computers on campus, Information Technology requires that staff desktop workstations be both available for twenty-four hour maintenance, and secure from unauthorized users. This policy applies to all desktop computers managed IT, which includes both staff and work study machines as well as classroom and lab computers. In most cases and at most times, staff desktop computers should be available for remote management and secured from unauthorized access.

End of Day:

To facilitate after-hours maintenance, staff should leave their computers turned on but logged off when leaving at the end of their day. Users should not:
  • leave their computer unattended and logged in;
  • power their computer down completely (all campus computers have built-in power management systems to conserve power when not in use);
  • perform a ‘hard’ shut-down or unplug their computer.
If desktop computers are not left on and available for after-hours maintenance, IT may need to perform regular maintenance during business hours, causing downtime and lost productivity. Similarly, if a machine is not available for after-hours maintenance, we cannot guarantee that it is equipped with the most current security and software updates, possibly providing a security vulnerability to sensitive university data.

Breaks, Lunches, and Other Unattended Periods:

To prevent unauthorized access to machines during periods where staff are away from their desks, computers should be locked with a private secure password. Users should not:
  • leave their computer unattended and unlocked;
  • turn off their monitor but leave their computer unattended and unlocked;
  • log off or shut down for short periods of leave (a meeting or lunch break, for example).
To help maintain information security, IT may implement forced logouts or locks after a period of inactivity on any staff machine.


Laptops should be brought to campus regularly to receive updates, patches, and virus protection. Devices that stay at home cannot be maintained properly. Any device that has not checked in for 90 days will be removed from the domain. If this happens, you will require the assistance of IT to resume using the device on campus.