Re: Restricting PC Admin Rights

["Seymour, Patrick" <Patrick.Seymour () SINCLAIR EDU>]

Here is the article that Eric and Bryan did for EDUCAUSE Review about six months ago. They include some stats from a 
survey of the IT Support Services list.

https://er.educause.edu/articles/2018/2/reclaiming-the-keys-to-the-kingdom-examining-end-user-administrator-rights-in-higher-education

Full Disclosure: I am the Patrick Seymour mentioned in the article, so I'm obviously biased toward the way we did 
things at Sinclair. The short version is that no one has administrator rights by default, but employees can elevate 
themselves temporarily to do admin things.

--ps



Patrick S. Seymour | Manager, Application Delivery
Sinclair Community College | 444 West Third Street | Room 13-023Q | Dayton, OH 45402
937.512.2118 | patrick.seymour () sinclair edu<mailto:patrick.seymour () sinclair edu>


From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () listserv educause edu> On Behalf Of Pardonek, Jim
Sent: Monday, August 13, 2018 11:06 AM
To: SECURITY () listserv educause edu
Subject: [SECURITY] Restricting PC Admin Rights

Not sure if there is somewhere else I can get this info, I'm sure it's been asked before, but I am checking to see how 
many of your institutions restrict admin rights.  We are putting a proposal together to leadership to do exactly that 
as we have had a number of folks fall for scams that involve the installation of software on their PCs.

Thanks,


James Pardonek, MS, CISSP, CEH, GSNA
Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

*: (773) 508-6086

Loyola University Chicago will never ask you for your username or password.
For the lastest information security news at Loyola, please follow us online,
Twitter: @LUCUISO
Facebook: https://www.facebook.com/lucuiso/
Our Blog http://blogs.luc.edu/uiso/