Re: Local Admin Rights

[Michelle Mueller <muellerm () MTMARY EDU>]

We do this same thing.  By default, no one has local Admin rights.  The
only ones who are given Admin rights are the ones who are running
programs that will not work without them, and faculty who need to
frequently install software that comes with their texts.   This is
something we've done since switching to Windows 2000 from Windows 95 &
Novell.   We've really never had a problem with this and it seems that
most of our faculty do not abuse this privilege.

I think as long as you have the support of the your university
administrators, it shouldn't be too difficult a transition.  If you have
your President and VPs saying that this change will take place, then
your department is just following orders and you can avoid the power
struggle between your department and the rest of the campus.

As a side note, when we switched to Windows 2000 three years ago, we
also switched to Symantec Corporate Edition.  We have never had a virus
outbreak since that time.  In fact, I've never needed to run any virus
removal tools on any of our computers since that time.

Michelle Mueller
Network Specialist
Mount Mary College
Milwaukee, Wisconsin


Jacobson, James wrote:

> At our campus, we have already implemented what you seek to do as part
> of our 98 to XP conversion.  As computer administrators, we already had
> a pretty good idea of those who truly use the computer as a tool to
> further the University's academic goals vs. those who want to download
> webshots, screensavers, etc..  By default, all new XP installs are
> rolling out with standard user policies.  The individuals who truly need
> administrative access (software program they use require it, we trust
> how they use the machine) are given admin rights to the local machine
> with the understanding that it may be revoked should problems arise.
>  For the most part, we have not had any problems with this policy.  We
> have always centrally administered our computer resources, and we have
> made it known that the PC's belong to the University and that the safety
> and security of the University's network and computer resources come
> before personal conveniences.
>
> James Jacobson
> Asst. Director, Computer Services
> Midwestern University
>
> -----Original Message-----
> From: The EDUCAUSE Security Discussion Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brian Fetcie
> Sent: Tuesday, March 15, 2005 7:05 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Local Admin Rights
>
> Good Morning...
> ~
> We are preparing a policy to remove local admin privs from the faculty
> and staff members. The primary justification being an attempt to lessen
> our vulnerability. I'm curious as to what other campuses are doing in
> regards to this issue.
> How did you handle the politics (i.e. the power user, or even average
> user, who are convinced they must have admin privs)?
> I'm interested in any experiences, the good, the bad and the ugly.
> Thank you in advance.
>
> Brian
>
> --
> ------------------------------
> Brian Fetcie
> Systems/Security Administrator
>  --------------------------
> SUNY Canton
> 34 Cornell Drive
> Canton, NY 13617
>  --------------------------
> fetcieb () canton edu
> ------------------------------
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.