Re: User Privilege Levels.

[Jim Pollard <jim.pollard () MAIL UTEXAS EDU>]

I can only speak from the department level but what we do is give everyone
general user access and temporarily grant administrator access if necessary
using group policy.  If administrator access is absolutely insisted upon we
may permit it with the caveat that the user is responsible for ensuring
security and receives limited support.

~Jim

Jim Pollard
Computer Systems Development Specialist
Department of Biomedical Engineering
University of Texas at Austin
it () bme utexas edu
512.789.4345

"The intelligent man is capable of overcoming problems and difficulties the
wise man would have avoided in the first place."

Rabbi Yusef Becher


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Gracie
Sent: Monday, February 23, 2009 9:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] User Privilege Levels.

We're in the midst of planning a rollout to Active Directory for our end
user authentication, and so we'll be joining all college-owned end user
computers to the domain. I'm curious about privilege levels. What sort
of access are other institutions giving their users to their computers?

* Are your users granted Administrative power over their own machines?

* Do you have a uniform level for all employees, or does it vary by
position?

* Can an employee move between schemes, applying for greater access
after passing a security training test or some similar mechanism?

Thanks for any replies. Feel free to respond off-list, if you like.

--Matt

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

Attachment: smime.p7s
Description: