Staff Computer Accounts

1. General Description of Staff Computer Accounts

1.1 Network/Application Services that Require Computer Account Authentication

The University network comprises of a very rich set of facilities and network/application services that allow each individual staff to carry out his/her academic work in a very secure fashion. To provide such an environment, proper authentication measures must be in place to ensure all network and system resources will only be utilized by authorized parties. Computer account, in the form of the username/password pair, is one of such indispensable measures. The following will list some commonly used facilities and services that would require the use of computer accounts.

1.1.1 Types of Staff Computer Accounts

Account Type Systems or Services
Type I: Active Directory (AD) User Account
For establishing network access
  • Accounts automatically created for all regular staff
  • Staff LAN (It can also access Student LAN)
  • Virtual Private Network (VPN) connection to campus through Internet
  • Wireless LAN
  • Email
Type II: LDAP User Account
For accessing application systems & information services
  • Account name & initial password the same as Type I account
  • Accounts automatically created for all regular staff
  • CityU Portal
    • AIMS (Banner)
    • e-Learning platform
    • Various Facilities/Venue Booking & Information System (Venue and classroom, CSC Terminal Room etc.)
  • Express Terminal
Type III: Other Accounts
For other systems
  • Research Accounts on Sun running Solaris (Different account names/passwords may be assigned.)
  • Secondary Accounts etc. (Different account names/passwords will be assigned.)

1.1.2 Computer Account for Network Resources (AD User Account)

This account is set up for accessing the network resources such as the office PCs, the VPN connection, the Email Office 365, the wireless LAN access or virtual disks, etc. This account is managed in the Windows server Active Directory. The following is a list of commonly used network resources:

  • Email communication

    The account allows a staff to communicate electronically with others inside or outside the University campus using the available Email clients or Web mail services.

  • LAN or Desktop access

    The account allows a staff to log on the staff network using his/her desktop PC in the staff office, or to log on to the PCs inside the CSC terminal rooms, the Lecture Theatres and classrooms.

  • VPN connection

    The account allows a staff to make secure connection through Virtual Private Network (VPN). With this connection, the staff can basically enjoy the network services similar to those they use locally in the campus. The network traffic is encrypted throughout the connection.

  • Wireless LAN access

    The account enables a user to make connection to the wireless LAN that is available throughout the campus for mobile users.

1.1.3 Computer Account for Application Services (LDAP User Accounts)

This account is set up for accessing application services such as the University portal, the administrative systems, the Email (JSMS), the e-Portal, etc. This account is managed in the university LDAP servers. The following is a list of commonly used applications services.

  • Portal access

    The account allows a staff to access various applications and services provided on the University network such as the University Portal , the AIMS services, and many of the services provided under the Portal umbrella that requires authentication.

  • Web Teaching Services

    The account enables a staff to access the web teaching system and associated tools for course preparation and delivery.

1.1.4 Other Computer Accounts

Some of these services, at the current stage, still require different authentication steps due to historical or technical reasons. In this case, a separate computer account would have to be used.

  • Teaching and Research Unix account

    This account allows an academic staff to log on the General Purpose Unix server for conducting all sorts of academic activities. At the present stage, this account is the same as the Personal Web account, and so changing the account password will apply to accessing both services.


2. How EID and Computer Accounts is Allocated

The provision of the EID to individual staff is automatic in the sense that there is no need for all staff to apply for the EID. In fact, with the cooperation of the Human Resources Office, all new staff will be allotted this EID well before they report to duty so that they can start communicating with the university and can access some of the important information that are crucial for them before they arrive. Staff will be asked to activate their EIDs.

2.1 EID and Password

After EID activation, a staff member can access any of the three types of computer accounts mentioned above. Initially, the same password is allotted for each of the account type using the same EID name. Password changing facilities have been provided for the staff to make changes for each account type. The staff can have the option of changing the password for all three different account types to the same password or keeping different passwords for various accounts.

2.2 Services That Carry the Same Password

At this stage, the computer account for network services will carry the same EID name and password pair. The same applies to the computer account for application services. They carry another password with the same EID although the initial password is set to be the same as the former. This means that if a staff changes the password of any of these accounts, the new password will apply to accessing all of the services under the same group.


3. Changing Password

These accounts will be created initially with the same username and password pair supplied by the user in the account activation process. Users are advised to change the password on a regular basis . We recommend users to use two different passwords for the two accounts.

Password change utility can be found in the portal under the 'Password Management' box, or in the email homepage (http://email.cityu.edu.hk).

If users have utilities that enable the storing of passwords, they are reminded to change them as well (storing passwords in applications is not recommended due to security reason).

Please reference the Guidelines on setting and using Computer Account Password on the best practice for password protection.


4. Computer Account Application Procedures

There is no need for a normal staff to apply for the EID. The following is a description for a normal staff to apply for additional accounts.

4.1 Applying for Secondary Accounts

Staff may submit a CSC Work Request through their departments in applying for secondary email account for carrying out role based duties and other purposes.

4.2 Account Renewal for Secondary Account

For security reasons and for proper computer account life-cycle management, all secondary accounts require annual renewal. Therefore, secondary accounts will have an expiry date of not more than one year when they are created or renewed. An account expiry notification from the CSC will be sent to the account owners before their expiry dates and the account owners can then renew their secondary accounts accordingly through "Request Staff Computer Account Renewal" in Work Desk menu or by submitting an online CSC Work Request through their departments.

csc@cityu.edu.hk