RE: Windows local admin in a .edu environment.

["Dan Lynch" <DLynch () placer ca gov>]

Locally, two high school students gained or were given access to a
teacher's laptop. Using the teacher's already logged in local admin
credentials, they installed a keystroke logger, captured passwords for
the grading system, and changed their semester grades.

http://www.theunion.com/article/20050310/NEWS/103100069

If the system can't be physically secured against an environment full of
mischievous kids, additional security is justified. Start with
appropriate policy, but don't rely on it.


Dan Lynch, CISSP
Information Technology Analyst
County of Placer


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Paul Halliday
Sent: Tuesday, January 29, 2008 4:31 PM
To: Security Basics Forum
Subject: Windows local admin in a .edu environment.

I am looking for insight (pros and cons) on the issue of granting
local admin rights to faculty and staff in a .edu setting. Let's
assume that the staff and faculty have direct access to core
administrative systems and portals like Sharepoint and Peoplesoft.

I have never thought of this argument as subjective (am I just being
anal?) but apparently I was wrong. I would love to hear the general
consensus on this issue. I am especially interested in what others in
.edu are doing.

Thanks.