Topics Map > IT Operations > Customer Support and Policies > Desktop Support
Alternatives to Local Accounts on Windows devices in Engineering IT Environments
More specifically, Operation of Networking Devices and Identity Management Systems (IT-20) requires the following:
"Authentication of access to accounts on computers at UMD will be done exclusively by use of the Division of Information Technology (DIT) operated identity system (e.g. directory ID, Active Directory, multi-factor authentication, and LDAP). No individual or unit may operate an account authentication system of their own (e.g. Active Directory or LDAP)."
The EIT Help Desk is committed to ensuring our customers meet this compliance, but we understand that not all research equipment is capable of following these standards. In order to receive approval for a local standard or administrative account (formerly referred to by the EIT Service Desk as "tier 1"), the appropriate Faculty member must provide written justification via this form, which includes acknowledgment of customer responsibilities and expectations of support.
You may read more information about the policies and standards set by DivIT here:
- UMD DivIT IT-20 Operation of Networking Devices and Identity Management Systems
- UMD DivIT IT Policies, Standards & Guidelines
- USM IT-5 Security of Information Technology Resources Standard
The EIT Help Desk Support Options are listed here in detail: http://ter.ps/supporttiers
Requested Functionalities and Alternatives to Local Accounts
The most common reasons for requesting a local standard or administrative account on a Windows device, and our recommended alternative solutions, are listed below. NOTE: If your device does not require network access at all, then the device may stay offline and be configured however you like.
- Programs require Admin access:
- The Make Me Admin program is usable by each individual user as long as the user is registered as an MMA user. Each individual user in the allowed group is capable of running MMA to install and manage software and drivers.
- The Make Me Admin program is usable by each individual user as long as the user is registered as an MMA user. Each individual user in the allowed group is capable of running MMA to install and manage software and drivers.
- Shared Data Access/Storage:
- The most common and simplest alternative to shared data needs is an internal, or external, secondary data drive that all users have access to. We also recommend Campus-sanctioned Cloud services such as UMD's Google Drive or UMD Box as listed at our Storage Options article. Campus and EIT also offer a number of redundant file servers (non-cloud), either locally with EIT or via Campus' Isilon Networked Storage Services, depending on the amount of data required. All of these options have functionality available for multiple users to access the same datastores.
- The most common and simplest alternative to shared data needs is an internal, or external, secondary data drive that all users have access to. We also recommend Campus-sanctioned Cloud services such as UMD's Google Drive or UMD Box as listed at our Storage Options article. Campus and EIT also offer a number of redundant file servers (non-cloud), either locally with EIT or via Campus' Isilon Networked Storage Services, depending on the amount of data required. All of these options have functionality available for multiple users to access the same datastores.
- Out of support operating system:
- Any devices running Windows 7 or Windows XP have been disallowed at the network level by DivIT for many years. Following the Windows 10 End of Life in October 2025, Windows 10 will eventually also meet this same criteria. These devices may run completely offline with administrative local accounts as needed. (They will be blocked by the wireless networks, however.)
- Any devices running Windows 7 or Windows XP have been disallowed at the network level by DivIT for many years. Following the Windows 10 End of Life in October 2025, Windows 10 will eventually also meet this same criteria. These devices may run completely offline with administrative local accounts as needed. (They will be blocked by the wireless networks, however.)
- Long-running simulations between accounts:
- For high-performance computing experiments, we recommend making a UMD Zaratan Allocation Request, though if you are with the ECE department or Mathematics department and have access to the Math HPC, you may be able to get dedicated HPC access through those. However, for regular experiments wherein the experiment/simulation needs to be accessed by multiple people, this may be a reasonable use-case for a local standard account approval.
- For high-performance computing experiments, we recommend making a UMD Zaratan Allocation Request, though if you are with the ECE department or Mathematics department and have access to the Math HPC, you may be able to get dedicated HPC access through those. However, for regular experiments wherein the experiment/simulation needs to be accessed by multiple people, this may be a reasonable use-case for a local standard account approval.
- Licensing restrictions:
- In rare instances, some research groups may have purchased a single-user license for the lab that is only functional by a single local account. These may be reasonable candidates for local account approval.
Once DivIT provides their process for approval by the CIO/CTO for local account configurations, we will update this information to reflect that approval process.