All computer and computing device purchases must be processed through the Biology IT Office.
All computing devices must be asset-tagged and renamed according to departmental naming conventions prior to deployment.
The IT Office must be notified before any stationary computer is relocated.
A completed Home Use Form is required for all non-stationary University-owned computers.
All University-owned equipment must be processed through Surplus Property for disposal. Personal disposal is prohibited.
Computer User Accounts
Administrative access requires a separate administrative account. Shared user accounts may not have admin privileges.
To receive local administrative privileges, a user must submit a 4Help request acknowledging associated risks and responsibilities.
Virginia Tech Active Directory domain
All network-connected Windows devices must be joined to the Virginia Tech Active Directory domain, and HOKIES credentials should be used by everyone to sign in
macOS and Linux systems are not required to be domain joined, but may be joined to take advantage of SSO
Local user accounts on macOS/Linux systems should be managed by the lab’s PI if domain accounts are not used.
Computers permanently isolated from the internet are not required to be domain joined
Shared local accounts are permitted only on offline systems and may not have administrative privileges.
Software and Updates
Security patches must be installed within 30 days of release
The following management and security software is required:
BigFix (Windows, Mac, and Linux)
Spirion (Windows and Mac only)
Jamf Client (Mac only)
Only software found on VT’s approved software list may be installed
Software not on approved list needs to be reviewed by the Biology IT office before it can be used.
All software should be purchased with HokieMart purchase orders whenever possible.
PCards can only be used if a program or website qualifies for the Low-Risk, Low-Cost Software Approval form.
University-licensed software is available via the VT Software Service Center.
Security and Data Protection
Backup local user data at least weekly (responsibility of the end user)
Whole disk encryption must be enabled for all medium and high-risk devices.
Suspected exposure or compromise of high-risk data must be reported to the IT Office immediately.
Password-protected screen savers should be enabled with a recommended 15-minute timeout, or screen should always be locked before leaving a computer unattended.
Data must be handled in accordance with Virginia Tech’s Risk Classification standards (Low, Moderate, High).
High-risk data (e.g., SSNs, financial data, HIPAA/FERPA data, export-controlled research, identifiable human subjects data) should not be stored locally unless operationally required.
Approved cloud storage (Google Drive, Microsoft OneDrive, Teams/SharePoint) must be used for high-risk data whenever possible.
If high-risk data must reside on a departmental endpoint, it must be disclosed during the Biology IT Office’s annual risk-level survey.
Networking and Internet Connectivity
Faculty, staff, and postdocs may request a Virginia Tech phone number at no charge.
Wired network ports may be activated for faculty at no charge (1 Gbps standard).
Employees are provided WiFi and VPN access automatically.
Lab computers used by multiple individuals and connected via WiFi must use the “VT Open WiFi” network or be provisioned for eduroam access through the IT Office. Personal eduroam credentials may not be entered on shared computers.
Personal routers, wireless access points, or networked printers may not be connected without IT Office coordination and approval.