Local Admin Rights

[Brian Fetcie <fetcieb () CANTON EDU>]

Good morning...

On our campus, when a computer is configured for a faculty or staff
member the user's account is setup as a local admin.  Needless to say
that this has caused a great deal of grief in the fight against viruses
and spyware. We have a number of users who feel that the computer is
their's to do with as they wish, irrelevant of what the asset tag may
say. In the previous semester, our campus was hit with a major IRCbot
infection. Our lab PCs, which we tightly control, came though
essentially unscathed. Our faculty and staff PCs were clobbered.
We are preparing a policy to remove local admin privs from the faculty
and staff members. The primary justification being an attempt to lessen
our vulnerability. I'm curious as to what other campuses are doing in
regards to this issue.
How did you handle the politics (i.e. the power user, or even average
user, who are convinced they must have admin privs)?
I'm interested in any experiences, the good, the bad and the ugly.
Thank you in advance.

Brian

--
------------------------------
Brian Fetcie
Systems/Security Administrator
 --------------------------
SUNY Canton
34 Cornell Drive
Canton, NY 13617
 --------------------------
fetcieb () canton edu
------------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.