Re: privilege escalation software

["Barnes, William" <wbarnes () BLOOMU EDU>]

We just started using Beyond Trust's Powerbroker here on our Windows 10 machines in the fall to all them to run 
programs elevated when needed.
I have it configured for full unattended mode, the user just need to right click and pick "run elevated."



Thanks!
--Bill
*************************************************************************
* Bill Barnes, RHCE, CISSP
* Manager of Technology Support Services
* and Library Network Administrator
* Technology Support Services
* Bloomsburg University
* ph: 570-389-2813
* e-mail: wbarnes () bloomu edu<mailto:wbarnes () bloomu edu>
*************************************************************************

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chad 
Smith
Sent: Friday, January 26, 2018 8:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] privilege escalation software

Wayne State College is looking for privilege escalation software so that we can remove our users from the local 
administrators group on workstations.    We aren't looking to remove the control of the PC from our users, but would 
like to force them to be aware when they are elevating a process.   An ideal solution would allow the user to initiate 
an elevation and then be prompted to enter their username/password again, or perhaps enter a code or username/password 
that would expire after a short time.   WSC does not have a 24/7 helpdesk so the approval and delivery of any codes or 
username/password combinations would need to be automated.

Does anyone doing anything like this?  I'm interested to hear what your approaches are and what tools you use.

Thank you,

-Chad