Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Restricting PC Admin Rights

From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Mon, 13 Aug 2018 15:15:07 +0000
Just a couple of things to think about.

-        When we received an outside review, local admin rights for all logins was a "failing score".  If audited for 
PCI, we would fail.

-        If you adhere to a policy of least privilege, this would be a break from that policy.

-        Here is an article about it, 
https://searchenterprisedesktop.techtarget.com/opinion/Why-you-should-remove-local-administrator-rights-once-and-for-all

Robert W. Barton
Director of Information Security
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Andrew Chiarello
Sent: Monday, August 13, 2018 10:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Restricting PC Admin Rights


We do not restrict admin rights (and all proposals to do so have been squelched before getting very far).



Andrew J. Chiarello

Lead Engineer, Infrastructure & Systems

Bryn Mawr College

achiarello () brynmawr edu<mailto:achiarello () brynmawr edu>

(610) 526-7966

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Pardonek, Jim <jpardonek () LUC EDU<mailto:jpardonek () LUC EDU>>
Sent: Monday, August 13, 2018 11:06:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Restricting PC Admin Rights


Not sure if there is somewhere else I can get this info, I'm sure it's been asked before, but I am checking to see how 
many of your institutions restrict admin rights.  We are putting a proposal together to leadership to do exactly that 
as we have had a number of folks fall for scams that involve the installation of software on their PCs.



Thanks,





James Pardonek, MS, CISSP, CEH, GSNA

Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

*: (773) 508-6086



Loyola University Chicago will never ask you for your username or password.

For the lastest information security news at Loyola, please follow us online,

Twitter: @LUCUISO

Facebook: 
https://www.facebook.com/lucuiso/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=02%7C01%7Cachiarello%40BRYNMAWR.EDU%7Cef0cbdd0f85d44cb4e1a08d6012e5abc%7Cc94b117b616347fd93f8b8001804ae6f%7C1%7C0%7C636697695941570735&sdata=A4U3nk5sxP60uRjtUhmEFdmakqIHHwMgvRWg0yr22IM%3D&reserved=0>

Our Blog http://blogs.luc.edu/uiso/



This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone at (815)-836-5950 and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.
Previous By Date Next
Previous By Thread Next

Current thread: