Anonymous Guest and Vendor Accounts

About Anonymous Guest and Vendor Accounts

  • Available to: Faculty and Staff
  • Where to use: computers
  • Cost: Free

 

Anonymous Guest Accounts

General Requirements

  • Must have sufficient justification for why anonymous Guest Account is needed 

  • ISO Authorization 

  • Network Operations Microsoft Team Lead Authorization 

  • Written acceptance of the Customer Acceptance terms 

Customer Acceptance

  1. Account will be locked to only log on to specific machines (if possible).

  2. Account password will need to be reset every 8 days.

    1. Sponsors should be encouraged to change it after every use.

    2. Sponsors should be told it changes every 7 days, the 8th day is to allow for passwords set one Monday won't expire in the middle of the day the following one.

  3. Account will be deleted after 60 days of inactivity. 

  4. Account cannot self-change password, password can only be set by account sponsor(s).

Request

  1. Upon receipt of request, ensure approvals are met:

    1. ISO must authorize.

    2. Customer must agree to the restrictions in the Customer Acceptance area via email.

    3. Team lead must authorize.

  2. Request must be logged through Cherwell.

  3. Proceed to account creation. 

 

Vendors

Requirements

Vendor accounts can be created with the following requirements. 

  1. When WebEx or other remote help options are not feasible 

    • This should be emphasized as the preferred option. 

  2. The following requirements should be communicated to the requestor 

  3. Each account must have a sponsor who is responsible for the account 

  1. The sponsor and the account will be able to change the password 

  1. The password will expire every 30 days 

  1. The password must be a minimum of 15 characters in length 

  1. The password must meet complexity requirements 

  1. The account will be deleted 180 days after the last password change (continuing to reset the password will keep the account alive indefinitely) 

    • Notices will be sent to the sponsor at 30 days and 15 days prior to the 180 days 

  2. Account will be locked to specific machines 

    • Log onto workstations will be used

    • RDP groups will be used for local administrator rights 

  3. VPN use of the accounts will be permitted to specific machines 

  1. All requests must be reviewed and approved by Information Security 

  1. If the requester still requests a vendor account, the request should be forwarded to the Info Security Team 

    • The Info Security Team will communicate with the requestor 

    • The Info Security Team will send the approval/denial to the Windows Team 

    • The Windows Team will send the request to Windows Support to get it into a Cherwell ticket 

  2. If approved, the Windows Team will setup the account and communicate the information to the requester 

  3. Close out the Cherwell ticket 

Initial

When someone requests a vendor account, faculty and staff can email them these requirements. Please make sure to tell vendors they should reply stating that they agree with these requirements.  

  1. Each account must have a sponsor who is responsible for the account 

  1. The sponsor and the account will be able to change the password 

    • Sponsor group will be called VA-Sponsor-VendorName 

  1. The password will expire every 30 days 

  1. The password must be a minimum of 15 characters in length 

  1. The password must meet complexity requirements 

  1. The account will be deleted 180 days after the last password change 

    • Notices will be sent to the sponsor at 30 days and 15 days prior to the 180 days 

  2. Account will be locked to specific machines 

    • Log onto workstations will be used 

    • RDP groups will be used for local administrator rights 

  3. VPN use of the accounts will be permitted to specific machines 

  1. All requests must be reviewed and approved by Info Security 

When the reply is received, forward it to IT Security. Let them know that a vendor account is being requested and they sponsor has agree with the requirements. Ask them to let us know when they approve/deny the request.

Renewal

If a vendor account is requested to be reactivated, they must go through the vetting process again and must get approval from Information Security.