Educause Security Discussion mailing list archives
Re: Local Admin Rights
From: Michelle Mueller <muellerm () MTMARY EDU>
Date: Tue, 15 Mar 2005 09:24:14 -0600
We do this same thing. By default, no one has local Admin rights. The only ones who are given Admin rights are the ones who are running programs that will not work without them, and faculty who need to frequently install software that comes with their texts. This is something we've done since switching to Windows 2000 from Windows 95 & Novell. We've really never had a problem with this and it seems that most of our faculty do not abuse this privilege. I think as long as you have the support of the your university administrators, it shouldn't be too difficult a transition. If you have your President and VPs saying that this change will take place, then your department is just following orders and you can avoid the power struggle between your department and the rest of the campus. As a side note, when we switched to Windows 2000 three years ago, we also switched to Symantec Corporate Edition. We have never had a virus outbreak since that time. In fact, I've never needed to run any virus removal tools on any of our computers since that time. Michelle Mueller Network Specialist Mount Mary College Milwaukee, Wisconsin Jacobson, James wrote:
At our campus, we have already implemented what you seek to do as part of our 98 to XP conversion. As computer administrators, we already had a pretty good idea of those who truly use the computer as a tool to further the University's academic goals vs. those who want to download webshots, screensavers, etc.. By default, all new XP installs are rolling out with standard user policies. The individuals who truly need administrative access (software program they use require it, we trust how they use the machine) are given admin rights to the local machine with the understanding that it may be revoked should problems arise. For the most part, we have not had any problems with this policy. We have always centrally administered our computer resources, and we have made it known that the PC's belong to the University and that the safety and security of the University's network and computer resources come before personal conveniences. James Jacobson Asst. Director, Computer Services Midwestern University -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brian Fetcie Sent: Tuesday, March 15, 2005 7:05 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Local Admin Rights Good Morning... ~ We are preparing a policy to remove local admin privs from the faculty and staff members. The primary justification being an attempt to lessen our vulnerability. I'm curious as to what other campuses are doing in regards to this issue. How did you handle the politics (i.e. the power user, or even average user, who are convinced they must have admin privs)? I'm interested in any experiences, the good, the bad and the ugly. Thank you in advance. Brian -- ------------------------------ Brian Fetcie Systems/Security Administrator -------------------------- SUNY Canton 34 Cornell Drive Canton, NY 13617 -------------------------- fetcieb () canton edu ------------------------------ ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Local Admin Rights Brian Fetcie (Mar 15)
- <Possible follow-ups>
- Re: Local Admin Rights Jacobson, James (Mar 15)
- Re: Local Admin Rights Michelle Mueller (Mar 15)
- Re: Local Admin Rights Gary Flynn (Mar 15)
- Re: Local Admin Rights Matt Kirchhoff (Mar 15)
- Re: Local Admin Rights Brian Fetcie (Mar 15)
- Re: Local Admin Rights Jeff Giacobbe (Mar 15)
- Re: Local Admin Rights Krulewitch, Sean (Mar 28)