Educause Security Discussion mailing list archives

Re: User Privilege Levels.

From: "Stanclift, Michael" <michael.stanclift () ROCKHURST EDU>
Date: Mon, 23 Feb 2009 10:36:53 -0600

Nearly all users, except for IT staff, are given Power User access to "their" machines, and general user access to 
others. We enforce this through group policy so that our techs cannot give them access and forget to take it away, they 
have to get approval from our the network staff. 

There are a handful of users with regular administrative access to their machines, but they must agree that if their 
machines get boogered up that they're basically on their own in getting stuff backup and reset. We also make them go 
through our NAC (CCA) where as normal users we do not (since they don't have admin access to fix it.) 

We only do this after trying all other options and it's mostly a case of a poorly written piece of software they "must" 
use for their jobs. (Our athletics department has a few stats programs that require this.) We'll reimage it for them 
but beyond that it's pretty much out of our control. We only have done this for users we know understand basic computer 
security.

I've been trying to convince the powers that be to implement some type of mandatory security training program for all 
staff users. 

Michael Stanclift
Network Analyst
Rockhurst University

http://help.rockhurst.edu
(816) 501-4231

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew 
Gracie
Sent: Monday, February 23, 2009 9:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] User Privilege Levels.

We're in the midst of planning a rollout to Active Directory for our end
user authentication, and so we'll be joining all college-owned end user
computers to the domain. I'm curious about privilege levels. What sort
of access are other institutions giving their users to their computers?

* Are your users granted Administrative power over their own machines?

* Do you have a uniform level for all employees, or does it vary by
position?

* Can an employee move between schemes, applying for greater access
after passing a security training test or some similar mechanism?

Thanks for any replies. Feel free to respond off-list, if you like.

--Matt

-- 
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

Current thread:

User Privilege Levels. Matthew Gracie (Feb 23)
- <Possible follow-ups>
- Re: User Privilege Levels. Karen Stopford (Feb 23)
- Re: User Privilege Levels. Tupker, Mike (Feb 23)
- Re: User Privilege Levels. Stanclift, Michael (Feb 23)
- Re: User Privilege Levels. Karen Stopford (Feb 23)
- Re: User Privilege Levels. Themba Flowers (Feb 23)
- Re: User Privilege Levels. Daly, Douglas (Feb 24)
- Re: User Privilege Levels. Jim Pollard (Feb 24)
- Re: User Privilege Levels. Karen Stopford (Feb 24)
- Re: User Privilege Levels. Basgen, Brian (Feb 24)
- Re: User Privilege Levels. Gary Flynn (Feb 24)
- Re: User Privilege Levels. Spransy, Derek (Feb 24)
- Re: User Privilege Levels. Karen Stopford (Feb 24)
- Re: User Privilege Levels. Stanclift, Michael (Feb 24)

(Thread continues...)