Educause Security Discussion mailing list archives

Re: privilege escalation software

From: Scott Stoops <sstoops () ASHLAND EDU>
Date: Fri, 26 Jan 2018 13:38:56 +0000

Chad,

CyberArk also provides this kind of functionality.

On Fri, Jan 26, 2018 at 8:36 AM WALTER KERNER <walter_kerner () fitnyc edu>
wrote:

Hi Chad.  Try looking at a tool called Avecto.  We are just about to roll
it out but it tested well here at FIT.  It works on Macs and PCs and gives
you lots of control over what users can and cannot do.  The user only has
regular user privileges but if you want them to they can change system
time, install printers, software from approved sources, etc.







Walter Kerner

AVP and CISO

[image: blue]

333 7th Avenue, 13th Floor
<https://maps.google.com/?q=333+7th+Avenue,+13th+Floor+New+York,+NY+10001&entry=gmail&source=g>

New York, NY 10001
<https://maps.google.com/?q=333+7th+Avenue,+13th+Floor+New+York,+NY+10001&entry=gmail&source=g>

Voice: 212-217-3415 <(212)%20217-3415>



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Chad Smith
*Sent:* Friday, January 26, 2018 8:23 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] privilege escalation software



Wayne State College is looking for privilege escalation software so that
we can remove our users from the local administrators group on
workstations.    We aren’t looking to remove the control of the PC from our
users, but would like to force them to be aware when they are elevating a
process.   An ideal solution would allow the user to initiate an elevation
and then be prompted to enter their username/password again, or perhaps
enter a code or username/password that would expire after a short time.
WSC does not have a 24/7 helpdesk so the approval and delivery of any codes
or username/password combinations would need to be automated.



Does anyone doing anything like this?  I’m interested to hear what your
approaches are and what tools you use.



Thank you,



-Chad

-- 
Scott Stoops
Security Analyst II
Office of Information Technology | 100 Patterson Technology Center
Ashland, OH 44805
(w) 419-289-5405
sstoops () ashland edu

Current thread:

privilege escalation software Chad Smith (Jan 26)
- Re: privilege escalation software WALTER KERNER (Jan 26)
  - Re: privilege escalation software Scott Stoops (Jan 26)
- Re: privilege escalation software Barnes, William (Jan 26)
- Re: privilege escalation software Adam Maynard (Jan 26)
  - Re: privilege escalation software Judd, Taylor Allen (Jan 26)