Re: Administrative v/s power user Access for Staff and students

["Tupker, Mike" <mtupker () MTMERCY EDU>]

We have made all of our employees power users. Students in the labs get standard user rights assigned to them. Most 
admin right issues that I've seen can be fixed by granting write access to an application directory. Is situations like 
that we have a startup script that will use the cacls.exe command to change directory ACLs.

Mike Tupker
Systems Administrator
Mount Mercy College
Office: (319) 363-1323 x1401
Mobile: (319) 538-1644
If you need assistance with an computer issue please contact the helpdesk at x4357 or http://help.mtmercy.edu.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S 
Malwade
Sent: Friday, March 06, 2009 12:32 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Administrative v/s power user Access for Staff and students

I was wondering what other universities are doing in limiting administrative access on Desktops and laptops for Staff ?
The rationale being as we know that enterprise workstations run as administrator also makes the network vulnerable to 
malware including viruses, Trojan horses, spyware, adware and unintentional user damage. Malware can exploit a local 
administrator account's system-level access to damage files, change system configurations, and even transmit 
confidential data outside of the network. Ensuring that all users run as standard users is the primary way to help 
mitigate the impact.
Has anyone tried giving Power User level access as opposed to full admin rights and if yes what was the overall 
experience ?

Thanks,
Anand


Anand Malwade
Information Security Officer,
Seton Hall University,