Re: User Privilege Levels, The Sequel.

["Stanclift, Michael" <michael.stanclift () ROCKHURST EDU>]

We use Remote Desktop for times when they must login and Windows Remote Assistance with "Run As" if they can do it for 
the user. It's rare that they must actually go touch a machine to get something installed with this.

We also publish as much as we can with MSIs and group policy, and make them user installable if we need to.

Michael Stanclift
Network Analyst
Rockhurst University

http://help.rockhurst.edu
(816) 501-4231


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew 
Gracie
Sent: Thursday, February 26, 2009 9:05 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] User Privilege Levels, The Sequel.

First of all, thanks very much to the people who have responded to my
initial email about user privileges on their own desktops. We're
currently in an environment where _everyone_ is an admin, and you gave
me a lot of ammunition to justify buttoning that up.

A followup question -- some of the pushback against outfitting users
with User rights instead of Administrator has come from our support
group, who (understandably) don't want to make house calls every time
someone wants to check out a new piece of software.

What sort of methodology are people using to handle one-off software
requests? How is a request made, and what mechanism is used to get the
installation done?

Thanks for your input,

--Matt

-- 
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg