Educause Security Discussion mailing list archives
Re: [BULK] [SECURITY] Need to restrict admin rights in macOS?
From: Curt Kappenman <ckappenman () ANDERSONUNIVERSITY EDU>
Date: Wed, 25 Mar 2020 17:00:08 +0000
Ric, We have taken the path to restrict admin privilege on our Macs as well as our Windows devices. Mostly because the federal auditors don’t seem to know the difference between the two and ask why the Macs have admin rights when the Windows don’t. It was easier to take it away and has not caused us to many issues. We use JAMF to manage our Mac devices so I was able to push some back-end Linux commands to allow standard users to install printers and manage wi-fi devices. I would guess that other items can have their privileges changed to allow for an easier user experience. Curt From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Ric Getter <ric.getter () PCC EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wednesday, March 25, 2020 at 12:41 PM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [BULK] [SECURITY] Need to restrict admin rights in macOS? Group, I'd like to get some opinions on the need to restrict Mac users on the college staff (instructors, admin assistants, etc.) from having Admin rights, considerign all the current built-in protections in the macOS (System Integrity Protection, Gatekeeper, etc.). Disclaimer:, I am not a security pro, though I have had a fair amount of coursework in the field. My primary unofficial role here is as the resident, elder Mac guru (a gray-hair who has been using them since '84). I'm still involved with the group here responsible for district Mac management who no longer have hands-on access to endpoint systems. I am usually just a lurker here who likes to keep in touch with what's going on in the higher-ed InfoSec world. Thanks, Ric Ric Getter PCC Media Production/PCC-TV Portland Community College - Sylvania 971-722-8036 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.educause.edu%2fcommunity&c=E,1,_3d5EvYDUVx31wQomnDxvRSgf6ISSmo7Pmb-h20_VkkSb82P8X03m7_g0fYfUZGtEMBg0latd9QgpQViniV9-BaKk0D9bDB162QJokpuJX2lZI6VPPWhAXarPU0,&typo=1> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Need to restrict admin rights in macOS? Ric Getter (Mar 25)
- Re: [BULK] [SECURITY] Need to restrict admin rights in macOS? Curt Kappenman (Mar 25)
- Re: Need to restrict admin rights in macOS? King, Ronald A. (Mar 25)
- Re: Need to restrict admin rights in macOS? Mercy Lopez (Mar 25)
- <Possible follow-ups>
- Re: Need to restrict admin rights in macOS? Ric Getter (Mar 25)
- Re: Need to restrict admin rights in macOS? Phill Moran (Mar 25)
- Re: Need to restrict admin rights in macOS? Clark Gaylord (Mar 25)
- Re: Need to restrict admin rights in macOS? King, Ronald A. (Mar 26)