Re: Removal of Admin Access on PCs

["Stanclift, Michael" <michael.stanclift () ROCKHURST EDU>]

Board up the windows to your offices, lift up the draw bridge, make sure the moat is sufficiently stocked with 
alligators and then blast out a campus wide email.

In all seriousness, we removed local administrator access about three years ago and while it was difficult at first, it 
gets easier over time. We have a process of approving software installs now that the faculty is pretty familiar with 
and we try and give them a quick turn around on submission-approval-install. Our view tends to be that if they have a 
obvious or compelling academic need for something there is little we can do to stop it, unless there is an obvious or 
compelling security or legal reason for us to deny it.

Michael Stanclift
Network Analyst
Rockhurst University

http://help.rockhurst.edu<http://help.rockhurst.edu/>
(816) 501-4231

PThink before you print!

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James R. 
Pardonek
Sent: Thursday, October 08, 2009 11:47 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Removal of Admin Access on PCs

If this has been discussed before, I apologize.

We have been instructed by our internal auditors to remove administrator rights from all PCs on campus.  We have chosen 
a product, Desktop Authority, to do this.  The discussion we had was regarding the potential push back from faculty if 
the "approved" list of applications does not align with what an individual faculty member needs to teach or do research.

I would like some feedback on what others have done to comply with the auditors, yet keep peace with their faculty.

Thank you!

James R. Pardonek, CISSP
Senior Network Administrator
Purdue University Calumet Data Network
Information Services
Purdue University Calumet
Hammond, Indiana