Educause Security Discussion mailing list archives

Re: Need to restrict admin rights in macOS?

From: "King, Ronald A." <raking () NSU EDU>
Date: Wed, 25 Mar 2020 17:39:10 +0000

We use Jamf and Enterprise Connect (now built into macOS) to sync up with AD and manage them. I’m still learning it.

Ronald King
Director of Technical Services and OIT Security

Office of Information Technology
(757) 823-2916 (Office)
raking () nsu edu<mailto:raking () nsu edu>
www.nsu.edu<http://www.nsu.edu/>
@NSUCISO (Twitter)
[NSU_logo_horiz_tag_4c - Smaller]

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ric Getter
Sent: Wednesday, March 25, 2020 12:41 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Need to restrict admin rights in macOS?

CAUTION:  This email originated from OUTSIDE of the organization. Do not click links or open attachments unless you 
recognize the sender and know the content is safe!
Group,
I'd like to get some opinions on the need to restrict Mac users on the college staff (instructors, admin assistants, 
etc.) from having Admin rights, considerign all the current built-in protections in the macOS (System Integrity 
Protection, Gatekeeper, etc.).

Disclaimer:, I am not a security pro, though I have had a fair amount of coursework in the field. My primary unofficial 
role here is as the resident, elder Mac guru (a gray-hair who has been using them since '84). I'm still involved with 
the group here responsible for district Mac management who no longer have hands-on access to endpoint systems. I am 
usually just a lurker here who likes to keep in touch with what's going on in the higher-ed InfoSec world.

Thanks,
Ric

Ric Getter
PCC Media Production/PCC-TV
Portland Community College - Sylvania
971-722-8036

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Need to restrict admin rights in macOS? Ric Getter (Mar 25)
- Re: [BULK] [SECURITY] Need to restrict admin rights in macOS? Curt Kappenman (Mar 25)
- Re: Need to restrict admin rights in macOS? King, Ronald A. (Mar 25)
- Re: Need to restrict admin rights in macOS? Mercy Lopez (Mar 25)
- <Possible follow-ups>
- Re: Need to restrict admin rights in macOS? Ric Getter (Mar 25)
  - Re: Need to restrict admin rights in macOS? Phill Moran (Mar 25)
  - Re: Need to restrict admin rights in macOS? Clark Gaylord (Mar 25)
  - Re: Need to restrict admin rights in macOS? King, Ronald A. (Mar 26)