School Name

Administration

Department Name

Finance & Administration

Main Content

IT Policies and Procedures

Generic Account Policy

The Generic network accounts doesn’t provide the university with any personal accountability with this type of account and therefore is a violation of best practices IT standards. It is the objective of the Technical Services to assure proper internal controls are in place, to safeguard University of Arkansas at Pine Bluff’s assets.  Therefore, effective immediately the Generic Account Policy is established.

PURPOSE

This policy establishes the process of creating and maintaining generic accounts for network, email and system access, on all of University of Arkansas at Pine Bluff’s systems.

A generic account is any network account that may allow multiple users to use a single account to log on to the network or an account created in order to generate a specific email address. Any network account not created for a specific person using the Faculty, Staff or Student naming convention, is considered to be a generic account. There is no corresponding real user associated with a generic account.

ESTABLISHMENT AND USAGE

However, in some situations to support the functionality of a business process, system, device, or application, a shared account may be justified.

Desktop Computers on Campus / Network Login - Students, faculty, staff, and administrators must use their own network account when logging into computers in the Libraries, computer labs, and classrooms. Generic account use is limited to guests who are not affiliated with University of Arkansas at Pine Bluff. Every active student and current employee has a network account.

As network security depends on personal accountability and generic network accounts do not provide this, generic network accounts are forbidden. Users should submit a TS Job Request when requesting a generic network account for your area.

Local generic accounts are permitted. A local generic account is created on the workstation itself. It will not be able to access network resources, but it will have Internet access and will be able to run the applications installed on that computer.

Generic accounts created to generate an email address will be limited and can only be used to login to the online Outlook Web Mail system or to be added to outlook as an extra mailbox.

Any other generic accounts that do not fit these three scenarios will have to be approved on a case by case basis.

PROCEDURES

1. Generic accounts will be used by UAPB in cases where multiple users must access one workstation or application to perform assigned duties or temporary work.

2. The Technical Services process of submitting a TS Job Request must be followed to request the creation of a generic account. 

3. Each generic account must have a designated owner who is responsible for the management of access to the account.

4. Each generic account must have a short description of the business case requiring the creation of the account.

5. Documentation must be maintained by the owner, which will include a list of individuals who have current access to the account.

6. The account password must be changed promptly whenever individuals accessing the account are terminated for any reason, or are transferred to a role that does not require access.

7. Network generic account access to workstations will occur only in protected areas where public access is supervised and/or restricted and the account may not be used on workstations in any other area.

8. Requests for all generic accounts will be reviewed and approved or disapproved by the Director of Technical Services.

9. Generic accounts will be audited on a regular schedule for appropriateness of access and ongoing need.

 

MAINTENANCE

All generic user accounts must be given the same attention as UAPB accounts and be de-provisioned when no longer needed. These accounts must be validated by the requestor associated with the account at the time of audit. If the audit results in it no longer being needed the account will be deleted by Technical Services.

(Technical Services (WT) – 07.15.2015)

Code of Computing Policy

The University of Arkansas at Pine Bluff is committed to a computing system, which effectively meets the needs of users. The University of Arkansas at Pine Bluff enhances teaching, research, service and activities, which support them, provides computing resources. 

Individuals who are granted computing accounts or use computing resources at the University of Arkansas at Pine Bluff accept responsibility with such access. Each user is expected to use accounts or resources within the University approved educational, research, or administrative purposes for which they are granted. Activities beyond these stated purposes are strictly prohibited.

A code of computing practices for the University is stated below.   Violations of this code will be reviewed through established University judicial and administrative procedures. Actions to restrict computer usage may be challenged through the same procedures.

  • General information about the University will be provided by University Relations and Public Relations.
  • Information should not be contradictory or false.
  • Information should not be duplicated.
  • Users shall use only those computer accounts which have been authorized for their use and must identify computing work with their own names or other approved IDs so that responsibility for the work can be determined and users can be contacted in unusual situations, e.g. misplaced output
  • Users are responsible for the user of their computer accounts. They should take advantage of system provided protection measures such as passwords, frequent change of those passwords, account logoff, and other precautions against other obtaining access to their computer resources.
  • Users shall use accounts for the purposes originally agreed. This policy shall not prevent occasional and informal communication between students and faculty. Accounts shall not be used for private consulting or personal gain.
  • Those users who have access to privileged or sensitive information may not disclose that information for any purpose other than official University business. Please refer to the Faculty/Staff Handbook.
  • Users of computer software owned by the University of Arkansas at Pine Bluff must agree to abide by limitations included in the copyright and license agreements entered into with vendors. Furthermore, it is the user’s responsibility to become familiar with the specific copyright and licensing agreements for each product before using it. It is unlawful to copy most software products. If other arrangements are made with a vendor, users must abide by stated provisions.
  • Users shall not attempt to access, copy, or destroy programs or files that belong to other users or the University without prior authorization. Programs, subroutines, and data provided by the University of Arkansas at Pine Bluff may not be taken to other computer sites without authorization. Also, programs acquired at other computer sites must not be used at University of Arkansas at Pine Bluff unless they are public domain.
  • Users shall not attempt to modify system facilities in any way. Intentional compromise of system integrity by virus or other means is a serious offense.
  • Users shall not sabotage restrictions associated with their accounts.

The above list does not cover every situation that pertains to proper, improper, use of the computing resources at the University of Arkansas at Pine Bluff, but it does suggest some of the responsibilities that you accept if you choose to use the University of Arkansas computing resource or the international network access that the University of Arkansas at Pine Bluff provides. This code is to work for the benefit of all system users by encouraging responsible use of scarce computing resources.

This policy is subject to change at any time. Occasional review is recommended.

(Revised: October, 2009)

Peer-to-Peer File Sharing Policy

The primary purpose of this policy is to inform, educate and set expectations for the members of the university community of their individual and corporate responsibilities towards the use of Peer-to-Peer applications using the University's network. While the definition itself is controversial, generally a peer-to-peer (often referred to as P2P) computer network refers to any network that does not have fixed clients and servers, but a number of peer nodes that function as both clients and servers to the other nodes on the network. This model of network arrangement is contrasted with the client-server model. Any node is able to initiate or complete any supported transaction. Peer nodes may differ in local configuration, processing speed, network bandwidth, and storage quantity. Put simply, peer-to-peer computing is the sharing of computer resources and services by direct exchange between systems.

This policy intends to make it clear that P2P architecture, itself, is not in question. What is a concern, however, is one of the most prevalent uses of this technology, P2P File Sharing applications used for the distribution of copyrighted content. Morpheus, KaZaA, Aimster, Madster, AudioGalaxy and Gnutella, are examples of the kinds of P2P File Sharing software which can be used inappropriately to share copyrighted content. Note, that some of these applications are not pure peer-too-peer architectures, further reinforcing that the issues with File Sharing applications have more to do with risk of abuses, than in the technology itself.  Along with copyright infringement, other concerns of P2P File Sharing applications include network resource utilization, security, and inappropriate content.  For the purposes of this policy, a Peer-to-peer file sharing application is any application that transforms a personal computer into a server that distributes data simultaneously to other computers.

Downloading or distributing copyrighted material, e.g. documents, music, movies,videos, text, etc., without permission from the rightful owner violates the United States Copyright Act and several university policies. While it is true that a number of artists have allowed their creative works to be freely copied, those artists remain very much the exception. It is best to assume that all works are copyright protected except those that explicitly state otherwise. Copyright laws were enacted to protect the original expression of an idea, whether it is expressed in the form of music, art or written material. A number of rights are given copyright owners by Federal law. These rights include the right to control the reproduction, distribution and adaptation of their work, as well as the public performance or display of their work.

Those who obtain or distribute copyrighted material should be aware that if found liable for copyright infringement, the penalties can be severe, depending upon the amount and the willfulness of the infringing activity. In the most serious and widespread cases of copyright infringement, criminal prosecution is possible.  Additionally, students, faculty and staff who may be in violation of copyright law place not only themselves at risk - they may be exposing University of Arkansas at Pine Bluff  to liability as an institution, for contributory or vicarious infringement, e.g., using the University network resources to obtain the material and/or to store the material on University computers and/or servers.

The impact to UAPB’s Network with Peer-to-peer file sharing applications typically allow a user to set up their computer so that other people can access specific files on their computer. This process, in effect, converts the user's computer into a server. While this might seem like a nice service to offer, there are some serious drawbacks. First, running an unauthorized server from a university building is a violation of the University of Arkansas at Pine Bluff Network Use Policy.  Also, when a user's computer is acting as a server, it can place an enormous burden on UAPB’s network. If the computer/server is popular and does excessive, high-volume transfers of files, this single computer/server can severely impact the performance of UAPB's network. Transferring large movie or music files may overload the network and degrade services. Transferring large files can slow the network making it less responsive or even unavailable to users. Excessive network traffic can be generated, adversely affecting performance for other users. In addition, P2P traffic-along with the various worms that infect the Windows OS – consume a huge proportion of network bandwidth. It is the policy of UAPB that the university's network connections may not be used to violate copyright laws. The unauthorized reproduction of copyrighted materials is a serious violation of UAPB's Code of Computing Policy, as well as the U.S. Copyright Laws, as discussed above. UAPB has placed into effect a limit on the inbound and outbound traffic generated by Peer-to-Peer file-sharing applications.  This restriction is necessary to support the primary usage of the network: academic and enterprise computing. The data network must be available for UAPB's students, faculty, and staff to use for academic research and essential daily operations.

UAPB realizes this can result in the delay of downloading files from the internet; however, Peer-to-Peer applications are an incredible consumer of bandwidth and will take as much bandwidth as available, constricting available bandwidth for other applications.

If an artist, author, publisher, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), or a law enforcement agency notifies the University that a Faculty/Staff member or Student is violating copyright laws, Technical Services will provide to the relevant offices within the University information in the form of Internet Protocol (IP) address information and any information from logs to assist in the investigation of the complaint. If appropriate, action will be taken against the violator in accordance with University policy.

UAPB takes a strong stand against unlawful distribution of copyrighted music, movies and software. If a student is found to be distributing copyrighted material using any University computing resources, that person’s network connection will be terminated. If the user* provides or obtains copyrighted files (music, videos, text, etc.) without permission from the copyright owner or their representative, the user is in violation of federal and state copyright laws and the University of Arkansas at Pine Bluff Code of Computing  Policy.

(revised March 2010)