Educause Security Discussion mailing list archives
Re: User Privilege Levels.
From: Karen Stopford <stopfordk () CT EDU>
Date: Mon, 23 Feb 2009 11:09:31 -0500
We are a University system, so mileage varies by institution. One of the Universities unreservedly gave all employees administrator privileges on their machines and now regrets it, primarily because of unauthorized software installations and configuration changes that either interfere with maintenance activities, or cause an uptick in Help Desk calls. Other sites have restricted these rights to certain individuals that may have a legitimate need to install software (mostly IT and Academic Computing) and have not reported so many of these issues. Special training in IT policy is required for these people. However, there is constant debate over what the faculty needs to be effective, and the "academic freedom" argument is frequently raised. One of the creative approaches we are looking at is to allow faculty to have this access on restricted networks attached to different services levels to reduce potential impact on other network users, to simplify asset management, and to provide priority service to users of production applications. Karen C. Karen Stopford, CISSP Associate Executive Officer for I.T. Security CT State University System 39 Woodland Street Hartford, CT 06105 (860) 493-0116 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Gracie Sent: Monday, February 23, 2009 10:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] User Privilege Levels. We're in the midst of planning a rollout to Active Directory for our end user authentication, and so we'll be joining all college-owned end user computers to the domain. I'm curious about privilege levels. What sort of access are other institutions giving their users to their computers? * Are your users granted Administrative power over their own machines? * Do you have a uniform level for all employees, or does it vary by position? * Can an employee move between schemes, applying for greater access after passing a security training test or some similar mechanism? Thanks for any replies. Feel free to respond off-list, if you like. --Matt -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- User Privilege Levels. Matthew Gracie (Feb 23)
- <Possible follow-ups>
- Re: User Privilege Levels. Karen Stopford (Feb 23)
- Re: User Privilege Levels. Tupker, Mike (Feb 23)
- Re: User Privilege Levels. Stanclift, Michael (Feb 23)
- Re: User Privilege Levels. Karen Stopford (Feb 23)
- Re: User Privilege Levels. Themba Flowers (Feb 23)
- Re: User Privilege Levels. Daly, Douglas (Feb 24)
- Re: User Privilege Levels. Jim Pollard (Feb 24)
- Re: User Privilege Levels. Karen Stopford (Feb 24)
- Re: User Privilege Levels. Basgen, Brian (Feb 24)
- Re: User Privilege Levels. Gary Flynn (Feb 24)
- Re: User Privilege Levels. Spransy, Derek (Feb 24)
(Thread continues...)