QUT IT account usage

yompmulligrubsInternet and Web Development

Oct 31, 2013 (3 years and 7 months ago)


QUT IT account usage

QUT requires different types of user accounts for different purposes. These purposes
include accessing different systems, different types and classifications of information,
and different user roles. In the past IT technical support
has had difficulty in maintaining
life cycles of some accounts due to the informal nature of their usage, which leaves
these accounts open to potential security threats. This standard documents the valid
usage of these accounts to aid in controlling the li
fe cycles of their use.

Implementation of this standard will result in improved account life cycle management,
and combined with usage guidelines will improve clarity around which accounts should
be selected in which situations, and what the purpose of a
n account is.

User Accounts

A user account is associated with an identity (a person, or a persons role). User accounts
include: staff accounts, student accounts and visitor accounts. Staff and student
accounts are automatically created and cannot be requ

Examples of visitor account usage include: vendors, mentors, external supervisors and
any other sponsored affiliates of QUT that require access to IT resources.

Please visit

for more
information on requesting a visitor account. Alternatively, you can contact
the IT
helpdesk or email

for more inf

Managed Accounts

Managed accounts may be used when an account requires central management via QUT
Access, but has no association with a user’s identity. Managed accounts have

password expiry policy of

days and

a maximum lifecycle of 1 year
. A
fter 1 year, the
owner of the account has to renew the access in order to keep using it

The following IT
service are currently available for managed accounts:

Internet Access

allows the account to access the internet via QUT’s Internet
Accounting Se

QUT Login

Allows the account to login to QUT online IT resources and Desktop


Allows the account to send and receive email with the designated email

Please Note: If email distribution is required without the need for a
central mailbox,
please use a distribution list instead of a managed account.

Examples of valid managed account

include: Lab training accounts, shared mailbox
accounts and web site test accounts.

Managed accounts should not be used for running

or services
. See Service
accounts below.

Current staff members can

managed account creation


rvice Accounts

Service accounts are those used by applications or vendor products. A service account
has a different password policy to other accounts, and has no association to a user’s
identity (other than contact information for support)
. Any applicati
on that requi res the
use of centrally managed Directories for integration, authentication or other query
mechanisms must use a service account.

Service accounts are granted least privileged
access based on service requirements.

A service account can also

be used to access
centrally provisioned hosts, such as Windows or Unix hosts

Examples of valid service accounts include: A vendor product that uses LDAP for
authentication. An in house application that queries LDAP for identity data. An account
requi re
d to run on a ba
tch of Unix hosts
or an application server farm.
Windows service

To request a service account, please log an ITSM

with ESS.

Privileged Accounts

Accounts that require elevated privilege to any IT system
. For example: d
omain a
server admins or any non standard user privileges required to perform

work duties.
Privileged accounts have a more restrictive password policy than normal user accounts.

To request a
privileged account
, please log an ITSM incident with ESS


for individual
account policies.