Security Basics mailing list archives
RE: Windows local admin in a .edu environment.
From: "Dan Lynch" <DLynch () placer ca gov>
Date: Wed, 30 Jan 2008 08:09:53 -0800
Locally, two high school students gained or were given access to a teacher's laptop. Using the teacher's already logged in local admin credentials, they installed a keystroke logger, captured passwords for the grading system, and changed their semester grades. http://www.theunion.com/article/20050310/NEWS/103100069 If the system can't be physically secured against an environment full of mischievous kids, additional security is justified. Start with appropriate policy, but don't rely on it. Dan Lynch, CISSP Information Technology Analyst County of Placer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Paul Halliday Sent: Tuesday, January 29, 2008 4:31 PM To: Security Basics Forum Subject: Windows local admin in a .edu environment. I am looking for insight (pros and cons) on the issue of granting local admin rights to faculty and staff in a .edu setting. Let's assume that the staff and faculty have direct access to core administrative systems and portals like Sharepoint and Peoplesoft. I have never thought of this argument as subjective (am I just being anal?) but apparently I was wrong. I would love to hear the general consensus on this issue. I am especially interested in what others in .edu are doing. Thanks.
Current thread:
- Windows local admin in a .edu environment. Paul Halliday (Jan 30)
- RE: Windows local admin in a .edu environment. Dan Lynch (Jan 30)