Educause Security Discussion mailing list archives
Re: Restricting PC Admin Rights
From: Gregory Keane <gkeane () UDEL EDU>
Date: Mon, 13 Aug 2018 11:44:07 -0400
Jim, Here's a shot at gathering some stats from last year. https://er.educause.edu/articles/2018/2/reclaiming-the-keys-to-the-kingdom-examining-end-user-administrator-rights-in-higher-education On Mon, Aug 13, 2018 at 11:33 AM Andrew Chiarello <achiarello () brynmawr edu> wrote:
Thanks, Robert - I'll include that in my next proposal to make this change. It's not that I disagree in principle, but I've not had a lot of success convincing my administration it's a necessary change. Andrew J. Chiarello Lead Engineer, Infrastructure & Systems Bryn Mawr College achiarello () brynmawr edu (610) 526-7966 ------------------------------ *From:* The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Barton, Robert W. < bartonrt () LEWISU EDU> *Sent:* Monday, August 13, 2018 11:15:07 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Restricting PC Admin Rights Just a couple of things to think about. - When we received an outside review, local admin rights for all logins was a “failing score”. If audited for PCI, we would fail. - If you adhere to a policy of least privilege, this would be a break from that policy. - Here is an article about it, https://searchenterprisedesktop.techtarget.com/opinion/Why-you-should-remove-local-administrator-rights-once-and-for-all Robert W. Barton Director of Information Security Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 *From:* The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Andrew Chiarello *Sent:* Monday, August 13, 2018 10:08 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Restricting PC Admin Rights We do not restrict admin rights (and all proposals to do so have been squelched before getting very far). Andrew J. Chiarello Lead Engineer, Infrastructure & Systems Bryn Mawr College achiarello () brynmawr edu (610) 526-7966 ------------------------------ *From:* The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Pardonek, Jim < jpardonek () LUC EDU> *Sent:* Monday, August 13, 2018 11:06:29 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Restricting PC Admin Rights Not sure if there is somewhere else I can get this info, I’m sure it’s been asked before, but I am checking to see how many of your institutions restrict admin rights. We are putting a proposal together to leadership to do exactly that as we have had a number of folks fall for scams that involve the installation of software on their PCs. Thanks, *James Pardonek, MS, CISSP, CEH, GSNA* *Information Security Officer* * Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 * * (**: (773) 508-6086* *Loyola University Chicago will never ask you for your username or password.* *For the lastest information security news at Loyola, please follow us online,* *Twitter: @LUCUISO* *Facebook: https://www.facebook.com/lucuiso/ <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=02%7C01%7Cachiarello%40BRYNMAWR.EDU%7C3b5210fa95714693d96908d6012f8ff1%7Cc94b117b616347fd93f8b8001804ae6f%7C1%7C0%7C636697701127661892&sdata=sx4J5pO%2F91JDNwxABxkv1W9qlyusKmoljk85yDUOe1I%3D&reserved=0>* *Our Blog http://blogs.luc.edu/uiso/ <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.luc.edu%2Fuiso%2F&data=02%7C01%7Cachiarello%40BRYNMAWR.EDU%7C3b5210fa95714693d96908d6012f8ff1%7Cc94b117b616347fd93f8b8001804ae6f%7C1%7C0%7C636697701127661892&sdata=mep%2B8HxaWJX4P3PdJz1beDlvIO4tuzf5qNwJuXcJ3fY%3D&reserved=0>* This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
-- Greg Keane, CISSP College of Agriculture and Natural Resources (302)831-0867 canr.udel.edu
Current thread:
- Restricting PC Admin Rights Pardonek, Jim (Aug 13)
- Re: Restricting PC Admin Rights Andrew Chiarello (Aug 13)
- Re: Restricting PC Admin Rights Barton, Robert W. (Aug 13)
- Re: Restricting PC Admin Rights Andrew Chiarello (Aug 13)
- Re: Restricting PC Admin Rights Gregory Keane (Aug 13)
- Re: Restricting PC Admin Rights Barton, Robert W. (Aug 13)
- Re: Restricting PC Admin Rights McHugh, Susan (Aug 13)
- Re: Restricting PC Admin Rights Jack Barrett (Aug 13)
- Re: Restricting PC Admin Rights Kevin Ledbetter (Aug 13)
- Re: Restricting PC Admin Rights Gregg, Christopher S. (Aug 14)
- Re: Restricting PC Admin Rights Alex Lindstrom (Aug 14)
- Re: Restricting PC Admin Rights Ronald King (Aug 20)
- Re: Restricting PC Admin Rights Andrew Chiarello (Aug 13)