Computer Account Disabling Policy

All Engineering computer account holders must abide by the Acceptable Use Policy as well as other pertinent policies and guidelines. When ECS is notified of the following sorts of violations, the computer account may be disabled.

Disabling an Account without Prior Notice

A user’s computer account can be disabled by changing the password without notifying the user for the following reasons:

  • There is evidence of activity that violates federal, state, or local law as enumerated in UI Acceptable Use Policy (AUP) Section 19.4.J.
  • The account shows activity that critically affects other's use of the system (e.g.,  security risk, network performance degradation, account break-in). See UI Acceptable Use Policy Section 19.4.

Process

  1. Make a determination that immediate disabling of the account is necessary according to the reasons listed above.
  2. Get authorization from ECS director. If approved, change account password. If it is not possible to get authorization, make a determination based on the seriousness of violation.
  3. Notify all ECS staff. If appropriate, notify external personnel (e.g., ITS security, campus security).
  4. Unless the situation warrants secrecy or has been turned over to external personnel, a designated ECS staff person will contact the user, explain the situation, and schedule a face-to-face meeting.
  5. Following the face-to-face meeting with the user and receiving reasonable assurance that the user understands the situation and will modify account usage, re-enable account.
  6. Repeated or serious violations of the UI AUP or Engineering Acceptable Use Policy can be referred to the appropriate disciplinary body for faculty, staff, or students as defined in the UI AUP Section 19.5.

Notifying User of Inappropriate Computer Activity

In the following situations, the designated ECS staff person will notify a computer account holder who is in jeopardy of his/her account being disabled.

  • The user has violated the UI AUP, Engineering AUP, or any other relevant AUP.
  • The use of the account poses some security risk.
  • The account activity has contributed significantly to some threshold of network performance degradation.

Process

  1. Notify the user of situation (by email and/or phone).  Explain how to modify the offending activity, or ask the user to come into the office for an explanation. Set a cutoff date after which time ECS will inactivate the account.
  2. Depending on the seriousness of the offense, attempt to contact the user more than once and using multiple avenues (e.g., email, phone, letter) before disabling the account for non-responsiveness or failure to modify usage.  If the user does not respond , disable the account on the cutoff date.
  3. Following a face-to-face meeting with the user and with reasonable assurance that the user understands the situation and will modify account usage, re-enable the account.
  4. Repeated or serious violations of the UI AUP or Engineering AUP can be referred to the appropriate disciplinary body for faculty, staff, or students as defined in the UI AUP Section 19.5.