SENS Best Practices for Computer User Accounts on SENS Supported Assets

The University at Buffalo requires that all university owned assets (computers, printers, etc.) follow a specific set of security standards. All assets are required to comply with a minimum security standard and must be configured to meet additional standards based on a data risk pool. SENS follows the moderate risk (Category 2) pool by default and will configure machines for the high risk (Category 1) pool as necessary.

One specific policy, as mentioned in the minimum security standard policy, pertains to the use of administrative rights on a device. In document section 2.7, the policy restricts administrative privileges to “device administrators only”. A device administrator is defined as the IT unit supporting the device and this unit will be granted administrative permissions by default.

We understand that end users need to make changes to their devices but these changes must be performed in accordance with the UB standards. When software installation is necessary, please check to see if the application is available in one of the following tools:

If your software is not listed on the software portal, is not the version you require or requires special permissions, please submit a support ticket with SENS ( and we will try to help. Based on your request, we will either add/update the application on the software portal or schedule a time to remotely assist you with the install.

In certain rare instances, administrative rights may be required on an asset. If you feel that this is the case, we ask that the appropriate faculty or staff member provide us with a detailed explanation of the situation that requires admin. Based on this document and applicable UB policies, we will assess your specific request to determine if the exception is justified. Please note that the installation of software is not considered a valid exception in most cases.