Educause Security Discussion mailing list archives
Re: User Privilege Levels.
From: "Stanclift, Michael" <michael.stanclift () ROCKHURST EDU>
Date: Mon, 23 Feb 2009 10:36:53 -0600
Nearly all users, except for IT staff, are given Power User access to "their" machines, and general user access to others. We enforce this through group policy so that our techs cannot give them access and forget to take it away, they have to get approval from our the network staff. There are a handful of users with regular administrative access to their machines, but they must agree that if their machines get boogered up that they're basically on their own in getting stuff backup and reset. We also make them go through our NAC (CCA) where as normal users we do not (since they don't have admin access to fix it.) We only do this after trying all other options and it's mostly a case of a poorly written piece of software they "must" use for their jobs. (Our athletics department has a few stats programs that require this.) We'll reimage it for them but beyond that it's pretty much out of our control. We only have done this for users we know understand basic computer security. I've been trying to convince the powers that be to implement some type of mandatory security training program for all staff users. Michael Stanclift Network Analyst Rockhurst University http://help.rockhurst.edu (816) 501-4231 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Gracie Sent: Monday, February 23, 2009 9:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] User Privilege Levels. We're in the midst of planning a rollout to Active Directory for our end user authentication, and so we'll be joining all college-owned end user computers to the domain. I'm curious about privilege levels. What sort of access are other institutions giving their users to their computers? * Are your users granted Administrative power over their own machines? * Do you have a uniform level for all employees, or does it vary by position? * Can an employee move between schemes, applying for greater access after passing a security training test or some similar mechanism? Thanks for any replies. Feel free to respond off-list, if you like. --Matt -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- User Privilege Levels. Matthew Gracie (Feb 23)
- <Possible follow-ups>
- Re: User Privilege Levels. Karen Stopford (Feb 23)
- Re: User Privilege Levels. Tupker, Mike (Feb 23)
- Re: User Privilege Levels. Stanclift, Michael (Feb 23)
- Re: User Privilege Levels. Karen Stopford (Feb 23)
- Re: User Privilege Levels. Themba Flowers (Feb 23)
- Re: User Privilege Levels. Daly, Douglas (Feb 24)
- Re: User Privilege Levels. Jim Pollard (Feb 24)
- Re: User Privilege Levels. Karen Stopford (Feb 24)
- Re: User Privilege Levels. Basgen, Brian (Feb 24)
- Re: User Privilege Levels. Gary Flynn (Feb 24)
- Re: User Privilege Levels. Spransy, Derek (Feb 24)
- Re: User Privilege Levels. Karen Stopford (Feb 24)
- Re: User Privilege Levels. Stanclift, Michael (Feb 24)
(Thread continues...)