Educause Security Discussion mailing list archives

Re: Restricting PC Admin Rights

From: Andrew Chiarello <achiarello () BRYNMAWR EDU>
Date: Mon, 13 Aug 2018 15:33:37 +0000

Thanks, Robert - I'll include that in my next proposal to make this change. It's not that I disagree in principle, but 
I've not had a lot of success convincing my administration it's a necessary change.


Andrew J. Chiarello

Lead Engineer, Infrastructure & Systems

Bryn Mawr College

achiarello () brynmawr edu

(610) 526-7966

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Barton, Robert 
W. <bartonrt () LEWISU EDU>
Sent: Monday, August 13, 2018 11:15:07 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Restricting PC Admin Rights


Just a couple of things to think about.

-        When we received an outside review, local admin rights for all logins was a “failing score”.  If audited for 
PCI, we would fail.

-        If you adhere to a policy of least privilege, this would be a break from that policy.

-        Here is an article about it, 
https://searchenterprisedesktop.techtarget.com/opinion/Why-you-should-remove-local-administrator-rights-once-and-for-all



Robert W. Barton

Director of Information Security

Lewis University

One University Parkway

Romeoville, IL  60446-2200

815-836-5663



From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Andrew Chiarello
Sent: Monday, August 13, 2018 10:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Restricting PC Admin Rights



We do not restrict admin rights (and all proposals to do so have been squelched before getting very far).



Andrew J. Chiarello

Lead Engineer, Infrastructure & Systems

Bryn Mawr College

achiarello () brynmawr edu<mailto:achiarello () brynmawr edu>

(610) 526-7966

________________________________

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Pardonek, Jim <jpardonek () LUC EDU<mailto:jpardonek () LUC EDU>>
Sent: Monday, August 13, 2018 11:06:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Restricting PC Admin Rights



Not sure if there is somewhere else I can get this info, I’m sure it’s been asked before, but I am checking to see how 
many of your institutions restrict admin rights.  We are putting a proposal together to leadership to do exactly that 
as we have had a number of folks fall for scams that involve the installation of software on their PCs.



Thanks,





James Pardonek, MS, CISSP, CEH, GSNA

Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

•: (773) 508-6086



Loyola University Chicago will never ask you for your username or password.

For the lastest information security news at Loyola, please follow us online,

Twitter: @LUCUISO

Facebook: 
https://www.facebook.com/lucuiso/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=02%7C01%7Cachiarello%40BRYNMAWR.EDU%7C3b5210fa95714693d96908d6012f8ff1%7Cc94b117b616347fd93f8b8001804ae6f%7C1%7C0%7C636697701127661892&sdata=sx4J5pO%2F91JDNwxABxkv1W9qlyusKmoljk85yDUOe1I%3D&reserved=0>

Our Blog 
http://blogs.luc.edu/uiso/<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.luc.edu%2Fuiso%2F&data=02%7C01%7Cachiarello%40BRYNMAWR.EDU%7C3b5210fa95714693d96908d6012f8ff1%7Cc94b117b616347fd93f8b8001804ae6f%7C1%7C0%7C636697701127661892&sdata=mep%2B8HxaWJX4P3PdJz1beDlvIO4tuzf5qNwJuXcJ3fY%3D&reserved=0>



This message (including any attachments) is intended only for the use of the individual or entity to which it is 
addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you 
are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. 
If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy 
this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.

Current thread:

Restricting PC Admin Rights Pardonek, Jim (Aug 13)
- Re: Restricting PC Admin Rights Andrew Chiarello (Aug 13)
  - Re: Restricting PC Admin Rights Barton, Robert W. (Aug 13)
    - Re: Restricting PC Admin Rights Andrew Chiarello (Aug 13)
    - Re: Restricting PC Admin Rights Gregory Keane (Aug 13)
  - Re: Restricting PC Admin Rights McHugh, Susan (Aug 13)
    - Re: Restricting PC Admin Rights Jack Barrett (Aug 13)
    - Re: Restricting PC Admin Rights Kevin Ledbetter (Aug 13)
    - Re: Restricting PC Admin Rights Gregg, Christopher S. (Aug 14)
    - Re: Restricting PC Admin Rights Alex Lindstrom (Aug 14)
    - Re: Restricting PC Admin Rights Ronald King (Aug 20)
- Re: Restricting PC Admin Rights WALTER KERNER (Aug 13)
- Re: Restricting PC Admin Rights Simanovich, Roman (Aug 13)
- Re: Restricting PC Admin Rights Joanna Grama (Aug 13)

(Thread continues...)