Educause Security Discussion mailing list archives
Re: Windows Local Administrative Privilges
From: Daniel R Jones <Dan.Jones () COLORADO EDU>
Date: Mon, 10 Apr 2006 08:18:40 -0600
An additional bit to consider is the process by which you track and give admin privileges. Such could include requiring some type of business justification, supervisor or department head approval and system administrator agreement. It is also important to have sufficient tracking so that you know who you have given privileges to (consider the case of a security incident). Regards, Dan
-----Original Message----- From: Harold Winshel [mailto:winshel () CAMDEN RUTGERS EDU] Sent: Sunday, April 09, 2006 8:37 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows Local Administrative Privilges Sorry if I wasn't clear. You raise a good point. I'm not suggesting that you apply one policy to every single user. Let me reframe the question: but, rather, are you better off with a general policy where most users either can or cannot have admin access. My experience is that a lot of users, if not most, want the admin access. I would probably lean toward a policy where, by default, the user does not have the admin and you then allow it on a case basis (hopefully very few cases). Harold Well, from my unscientific, very small sample of universities whose policies I'm aware of, there seems to be two groups that basically
lock
At 10:17 AM 4/9/2006, Julian Y. Koh wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:11 -0400 04/09/2006, Harold Winshel wrote:Just wondering for some viewpoints on the pros and cons of letting
the
end-users in an academic environment have local administrative
access
ontheir windows pc's.I think it totally depends on where those users are and what they
need to
dowith their computers. It seems totally appropriate that some usersactuallydo need Administrator access, and some users really shouldn't have it
at
all.Trying to apply a blanket policy in this area to the entire
population
of anacademic institution seems like a suboptimal plan to me. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html> iQA/AwUBRDkXaQ5UB5zJHgFjEQI4vwCgjpGKKbKXyqwgBFY2cNoQMTZz9t8AnRKd dPOuBPIpBSoYWKYK5+Q/vQVB =2IKd -----END PGP SIGNATURE----- -- Julian Y. Koh
<mailto:kohster () northwestern edu>
Network Engineer
<phone:847-467-5780>
Telecommunications and Network Services Northwestern
University
PGP Public
Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B36 Armitage Hall Camden NJ 08102 (856) 225-6669 (O)
Current thread:
- Windows Local Administrative Privilges Harold Winshel (Apr 09)
- <Possible follow-ups>
- Re: Windows Local Administrative Privilges Julian Y. Koh (Apr 09)
- Re: Windows Local Administrative Privilges Harold Winshel (Apr 09)
- Re: Windows Local Administrative Privilges Julian Y. Koh (Apr 09)
- Re: Windows Local Administrative Privilges Harold Winshel (Apr 09)
- Re: Windows Local Administrative Privilges Russell Fulton (Apr 09)
- Re: Windows Local Administrative Privilges Parker, Ron (Apr 10)
- Re: Windows Local Administrative Privilges Daniel R Jones (Apr 10)