Educause Security Discussion mailing list archives

Re: Local Admin Rights

From: "Krulewitch, Sean" <krulewit () IU EDU>
Date: Mon, 28 Mar 2005 13:54:49 -0500

On Tuesday, March 15, 2005 8:05 AM, Brian Fetcie  wrote:

I'm curious as to what other campuses are
doing in regards to this issue.
How did you handle the politics (i.e. the power user, or even average
user, who are convinced they must have admin privs)?
I'm interested in any experiences, the good, the bad and the ugly.
Thank you in advance.


While we leave this decision up to the individual departments, we strongly
encourage them to have their users run day-to-day as a normal user accounts.
I think it's important to note that having users run day-to-day as a User is
not necessarily the same thing as not giving the access to the local
administrator password.  We do not recommend Power User as its trivial to
become an Admin with Power User rights.

Running as a User instead of Power User/Admin is often the difference
between a complete rebuild of the OS as opposed to a simple "clean" when a
user gets compromised with a piece of malware.

-Sean
--
Sean Krulewitch, Chief Security Engineer
IT Security Office, Office of the VP for Information Technology
Indiana University
For PGP Key or S/MIME cert:  https://www.itso.iu.edu/staff/krulewit/

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Attachment: smime.p7s
Description:

Current thread:

Local Admin Rights Brian Fetcie (Mar 15)
- <Possible follow-ups>
- Re: Local Admin Rights Jacobson, James (Mar 15)
- Re: Local Admin Rights Michelle Mueller (Mar 15)
- Re: Local Admin Rights Gary Flynn (Mar 15)
- Re: Local Admin Rights Matt Kirchhoff (Mar 15)
- Re: Local Admin Rights Brian Fetcie (Mar 15)
- Re: Local Admin Rights Jeff Giacobbe (Mar 15)
- Re: Local Admin Rights Krulewitch, Sean (Mar 28)