Re: Windows Local Administrative Privilges

[Daniel R Jones <Dan.Jones () COLORADO EDU>]

An additional bit to consider is the process by which you track and give
admin privileges. Such could include requiring some type of business
justification, supervisor or department head approval and system
administrator agreement. It is also important to have sufficient
tracking so that you know who you have given privileges to (consider the
case of a security incident).

Regards,  

Dan 

> -----Original Message-----
> From: Harold Winshel [mailto:winshel () CAMDEN RUTGERS EDU]
> Sent: Sunday, April 09, 2006 8:37 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Windows Local Administrative Privilges
>
> Sorry if I wasn't clear. You raise a good point.  I'm not suggesting
> that you apply one policy to every single user.
>
> Let me reframe the question:  but, rather, are you better off with a
> general policy where most users either can or cannot have admin
> access.  My experience is that a lot of users, if not most, want the
> admin access.  I would probably lean toward a policy where, by
> default, the user does not have the admin and you then allow it on a
> case basis (hopefully very few cases).
>
> Harold
>
>
>
>
> Well, from my unscientific, very small sample of universities whose
> policies I'm aware of, there seems to be two groups that basically
lock
> At 10:17 AM 4/9/2006, Julian Y. Koh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > At 10:11 -0400 04/09/2006, Harold Winshel wrote:
> > > Just wondering for some viewpoints on the pros and cons of letting
the
> > > end-users in an academic environment have local administrative
access
> on
> > > their windows pc's.
> >
> > I think it totally depends on where those users are and what they
need to
> do
> > with their computers.  It seems totally appropriate that some users
> actually
> > do need Administrator access, and some users really shouldn't have it
at
> all.
> >  Trying to apply a blanket policy in this area to the entire
population
> of an
> > academic institution seems like a suboptimal plan to me.
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP Desktop 9.0.5 (Build 5050)
> > Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
> >
> > iQA/AwUBRDkXaQ5UB5zJHgFjEQI4vwCgjpGKKbKXyqwgBFY2cNoQMTZz9t8AnRKd
> > dPOuBPIpBSoYWKYK5+Q/vQVB
> > =2IKd
> > -----END PGP SIGNATURE-----
> >
> > --
> > Julian Y. Koh
<mailto:kohster () northwestern edu>
> > Network Engineer
<phone:847-467-5780>
> > Telecommunications and Network Services         Northwestern
University
> > PGP Public
Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
> Harold Winshel
> Computing and Instructional Technologies
> Faculty of Arts & Sciences
> Rutgers University, Camden Campus
> 311 N. 5th Street, Room B36 Armitage Hall
> Camden NJ 08102
> (856) 225-6669 (O)