Educause Security Discussion mailing list archives
Re: Windows Local Administrative Privilges
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Mon, 10 Apr 2006 08:54:05 +1200
Harold Winshel wrote:
At 10:49 AM 4/9/2006, you wrote: At 10:37 -0400 04/09/2006, Harold Winshel wrote:Let me reframe the question: but, rather, are you better off with a general policy where most users either can or cannot have admin access.I think most places are better off with not allowing Admin by default.My experience is that a lot of users, if not most, want the admin access.That's partly a legacy of the fact that many Windows apps still require Admin access even to run.Agreed.I would probably lean toward a policy where, by default, the user does not have the admin and you then allow it on a case basis (hopefully very few cases).I think just about all of us would agree that's a good place to start from a security perspective. Being able to actually implement it depends a lot on the environment. For example, how decentralized is your support infrastructure? Do some departments/schools not even have local support available? Who's going to be in charge of handling the actual Administrator accounts and passwords? Do you need to set up actual domain controllers and force everyone to log into the domain? etc etc etcAgain, good point. Let me be more specific. I'm my scenario, it's an environment where there is a facility for tech support (regardiess of whether it is centralized or not) infrastructure, but we still would not want to automatically give out the admin account. The fallout is that that users need to wait for us to respond when they want an application installed. The benefit is that we better control what is running on the machines.
-- Julian Y. Koh <mailto:kohster () northwestern edu> Network Engineer <phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B36 Armitage Hall Camden NJ 08102 (856) 225-6669 (O)
Current thread:
- Windows Local Administrative Privilges Harold Winshel (Apr 09)
- <Possible follow-ups>
- Re: Windows Local Administrative Privilges Julian Y. Koh (Apr 09)
- Re: Windows Local Administrative Privilges Harold Winshel (Apr 09)
- Re: Windows Local Administrative Privilges Julian Y. Koh (Apr 09)
- Re: Windows Local Administrative Privilges Harold Winshel (Apr 09)
- Re: Windows Local Administrative Privilges Russell Fulton (Apr 09)
- Re: Windows Local Administrative Privilges Parker, Ron (Apr 10)
- Re: Windows Local Administrative Privilges Daniel R Jones (Apr 10)