1.1 Network/Application Services that Require Computer Account Authentication
The University network comprises of a very rich set of facilities and network/application services that allow each individual student to carry out his/her academic work in a very secure fashion. To provide such an environment, proper authentication measures must be in place to ensure all network and system resources will only be utilized by authorized parties. Computer account, in the form of the username/password pair, is one of such indispensable measures. The following will list some commonly used facilities and services that would require the use of computer accounts.
1.1.1 Types of Student Computer Accounts
|Account Type||Systems or Services|
|Type I: Active Directory (AD) User Account|
|For establishing network access
|Type II: LDAP User Account|
|For accessing application systems & information services
|Type III: Office 365 User Account|
|For accessing email
|Type IV: Other Accounts|
|For other systems||
1.1.2 Computer Account for Network Resources (AD User Account)
This EID-based computer account (in the form of a username/password pair) is managed by the Active Directory (AD) Server on behalf of the computers or network security devices hosting the following services or network resources (or in some cases for granting access to the campus network) such as the CSC student LAN access, the VPN connection, the dial up access or the wireless LAN access, etc. A brief explanation on each of these services or resources is also provided below:
The account allows a student to log on the student LAN through the PCs inside the CSC terminal rooms, the Lecture Theatres and classrooms.
The account allows a student to make secure connection through Virtual Private Network (VPN). With this connection, a student home PC in many ways is treated as one locally on the campus network. The network traffic is encrypted throughout the connection.
The account enables a user with a mobile device to make connection to the campus wireless LAN.
The account enables a student to access the e-Learning and associated tools.
1.1.3 Computer Account for Application Services (LDAP User Account)
This EID-based computer account is managed by the LDAP Server on behalf of those computers hosting the following application service(s) such as the University Portal, etc. A brief explanation on each of these services is also provided below:
The account allows a student to access various applications and services provided on the University network such as the University Portal, the AIMS services, and many of the services provided under the Portal umbrella that requires authentication.
1.1.4 Office 365 User Account
This account allows a student to communicate electronically with others inside or outside the University campus using the available Email clients or Web mail services.
1.1.5 Other Computer Accounts
The following services are not yet to be managed by any identity servers due to historical or technical reasons, thus a separate EID-based computer account (username/password pair) is still required to access these services.
This account allows a student to log on the General Purpose Unix server for conducting all project activities.
The provisions of the four types of abovementioned EID based computer accounts (except the Unix Project Account) to individual student are automatic. There is no need for a student to apply for them. The passwords are initially set to the same by the student through the EID activation.
All four types of abovementioned computer accounts are created initially with the same username (except the Office 365 User Account) and password pair supplied by the user in the account activation process. Users are advised to change these passwords on a regular basis. For better security, we recommend users to use three different passwords, one for each type of the three EID-based computer accounts.
If users have utilities that enable the storing of passwords, they are reminded to change them as well (storing passwords in application is not recommended due to security reason).
Please reference the Guidelines on setting and using Computer Account Password on the best practice for password email@example.com