1.1 Network/Application Services that Require Computer Account Authentication
The University network comprises a very rich set of facilities and network/application services that allow each individual staff to carry out his/her academic work in a very secure fashion. To provide such an environment, proper authentication measures must be in place to ensure all network and system resources will only be utilized by authorized parties. Computer account, in the form of the username/password pair, is one of such indispensable measures. The following will list some commonly used facilities and services that would require the use of computer accounts.
1.1.1 Types of Staff Computer Accounts
|Account Type||Systems or Services|
|Type I: Active Directory (AD) User Account|
|For establishing network access
|Type II: Other Accounts|
|For other systems||
1.1.2 Computer Account for Network Resources and Application Services (AD User Account)
This account is set up for accessing the network resources such as the office PCs, the VPN connection, the Email Microsoft 365, the wireless LAN access or virtual disks as well as application services such as the University Portal and the administrative systems. This account is managed in the Windows server Active Directory. The following is a list of commonly used services:
The account allows a staff to communicate electronically with others inside or outside the University campus using the available Email clients or Web mail services.
The account allows a staff to log on the staff network using his/her desktop PC in the staff office, or to log on to the PCs inside the CSC terminal rooms, the Lecture Theatres and classrooms.
The account allows a staff to make secure connection through Virtual Private Network (VPN). With this connection, the staff can basically enjoy the network services similar to those they use locally in the campus. The network traffic is encrypted throughout the connection.
The account enables a user to make connection to the wireless LAN that is available throughout the campus for mobile users.
The account enables a staff to access the web teaching system and associated tools for course preparation and delivery
The account allows a staff to access various applications and services provided on the University network such as the University Portal , the AIMS services, and many of the services provided under the Portal umbrella that requires authentication.
The provision of the EID to individual staff is automatic in the sense that there is no need for all staff to apply for the EID. In fact, with the cooperation of the Human Resources Office, all new staff will be allotted this EID well before they report to duty so that they can start communicating with the university and can access some of the important information that are crucial for them before they arrive. Staff will be asked to activate their EIDs.
2.1 EID and Password
After EID activation, a staff member can access any of the two types of computer accounts mentioned above. Initially, the same password is allotted for each of the account type using the same EID name. Password changing facilities have been provided for the staff to make changes for each account type. The staff can have the option of changing the password for the different account types to the same password or keeping different passwords for various accounts.
2.2 Services That Carry the Same Password
At this stage, the computer account for network and application services will carry the same EID name and password pair. This means that if a staff changes the password of any of these accounts, the new password will apply to accessing all of the services under the same group.
The AD account will be created initially with the same username and password pair supplied by the user in the account activation process. Users are advised to change the password on a regular basis .
If users have utilities that enable the storing of passwords, they are reminded to change them as well (storing passwords in applications is not recommended due to security reason).
Please refer to the Guidelines on setting and using Computer Account Password on the best practice for password protection.
There is no need for a normal staff to apply for the EID. The following is a description for a normal staff to apply for additional accounts.
4.1 Applying for Secondary Accounts
Staff may submit a CSC Work Request through their departments in applying for secondary email account for carrying out role based duties and other purposes.
4.2 Account Renewal for Secondary Account
For security reasons and for proper computer account life-cycle management, all secondary accounts require annual renewal. Therefore, secondary accounts will have an expiry date of not more than one year when they are created or renewed. An account expiry notification from the CSC will be sent to the account owners before their expiry dates and the account owners can then renew their secondary accounts accordingly through "Request Staff Computer Account Renewal" in Work Desk menu or by submitting an online CSC Work Request through their departments.IT.ServiceDesk@cityu.edu.hk