1.1 Network/Application Services that Require Computer Account Authentication
The University network comprises of a very rich set of facilities and network/application services that allow each individual staff to carry out his/her academic work in a very secure fashion. To provide such an environment, proper authentication measures must be in place to ensure all network and system resources will only be utilized by authorized parties. Computer account, in the form of the username/password pair, is one of such indispensable measures. The following will list some commonly used facilities and services that would require the use of computer accounts.
1.1.1 Types of Staff Computer Accounts
|Account Type||Systems or Services|
|Type I: Active Directory (AD) User Account|
|For establishing network access
|Type II: LDAP User Account|
|For accessing application systems & information services
|Type III: Other Accounts|
|For other systems||
1.1.2 Computer Account for Network Resources (AD User Account)
This account is set up for accessing the network resources such as the office PCs, the VPN connection, the Email Office 365, the wireless LAN access or virtual disks, etc. This account is managed in the Windows server Active Directory. The following is a list of commonly used network resources:
The account allows a staff to communicate electronically with others inside or outside the University campus using the available Email clients or Web mail services.
The account allows a staff to log on the staff network using his/her desktop PC in the staff office, or to log on to the PCs inside the CSC terminal rooms, the Lecture Theatres and classrooms.
The account allows a staff to make secure connection through Virtual Private Network (VPN). With this connection, the staff can basically enjoy the network services similar to those they use locally in the campus. The network traffic is encrypted throughout the connection.
The account enables a user to make connection to the wireless LAN that is available throughout the campus for mobile users.
The account enables a staff to access the web teaching system and associated tools for course preparation and delivery.
1.1.3 Computer Account for Application Services (LDAP User Accounts)
This account is set up for accessing application services such as the University Portal, the administrative systems, etc. This account is managed in the university LDAP servers. The following is a list of commonly used applications services.
The account allows a staff to access various applications and services provided on the University network such as the University Portal , the AIMS services, and many of the services provided under the Portal umbrella that requires authentication.
1.1.4 Other Computer Accounts
Some of these services, at the current stage, still require different authentication steps due to historical or technical reasons. In this case, a separate computer account would have to be used.
This account allows an academic staff to log on the General Purpose Unix server for conducting all sorts of academic activities. At the present stage, this account is the same as the Personal Web account, and so changing the account password will apply to accessing both services.
The provision of the EID to individual staff is automatic in the sense that there is no need for all staff to apply for the EID. In fact, with the cooperation of the Human Resources Office, all new staff will be allotted this EID well before they report to duty so that they can start communicating with the university and can access some of the important information that are crucial for them before they arrive. Staff will be asked to activate their EIDs.
2.1 EID and Password
After EID activation, a staff member can access any of the three types of computer accounts mentioned above. Initially, the same password is allotted for each of the account type using the same EID name. Password changing facilities have been provided for the staff to make changes for each account type. The staff can have the option of changing the password for all three different account types to the same password or keeping different passwords for various accounts.
2.2 Services That Carry the Same Password
At this stage, the computer account for network services will carry the same EID name and password pair. The same applies to the computer account for application services. They carry another password with the same EID although the initial password is set to be the same as the former. This means that if a staff changes the password of any of these accounts, the new password will apply to accessing all of the services under the same group.
These accounts will be created initially with the same username and password pair supplied by the user in the account activation process. Users are advised to change the password on a regular basis . We recommend users to use two different passwords for the two accounts.
If users have utilities that enable the storing of passwords, they are reminded to change them as well (storing passwords in applications is not recommended due to security reason).
Please reference the Guidelines on setting and using Computer Account Password on the best practice for password protection.
There is no need for a normal staff to apply for the EID. The following is a description for a normal staff to apply for additional accounts.
4.1 Applying for Secondary Accounts
Staff may submit a CSC Work Request through their departments in applying for secondary email account for carrying out role based duties and other purposes.
4.2 Account Renewal for Secondary Account
For security reasons and for proper computer account life-cycle management, all secondary accounts require annual renewal. Therefore, secondary accounts will have an expiry date of not more than one year when they are created or renewed. An account expiry notification from the CSC will be sent to the account owners before their expiry dates and the account owners can then renew their secondary accounts accordingly through "Request Staff Computer Account Renewal" in Work Desk menu or by submitting an online CSC Work Request through their firstname.lastname@example.org