Educause Security Discussion mailing list archives
Re: Windows Local Administrative Privilges
From: "Julian Y. Koh" <kohster () NORTHWESTERN EDU>
Date: Sun, 9 Apr 2006 09:49:12 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:37 -0400 04/09/2006, Harold Winshel wrote:
Let me reframe the question: but, rather, are you better off with a general policy where most users either can or cannot have admin access.
I think most places are better off with not allowing Admin by default.
My experience is that a lot of users, if not most, want the admin access.
That's partly a legacy of the fact that many Windows apps still require Admin access even to run.
I would probably lean toward a policy where, by default, the user does not have the admin and you then allow it on a case basis (hopefully very few cases).
I think just about all of us would agree that's a good place to start from a security perspective. Being able to actually implement it depends a lot on the environment. For example, how decentralized is your support infrastructure? Do some departments/schools not even have local support available? Who's going to be in charge of handling the actual Administrator accounts and passwords? Do you need to set up actual domain controllers and force everyone to log into the domain? etc etc etc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html> iQA/AwUBRDke5g5UB5zJHgFjEQKAbQCgqp+fvoEYPW9ossgQQ0g4yjRqqHcAni18 nH4+boRgJ7T3Ruo8vEqbWK31 =JUET -----END PGP SIGNATURE----- -- Julian Y. Koh <mailto:kohster () northwestern edu> Network Engineer <phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
Current thread:
- Windows Local Administrative Privilges Harold Winshel (Apr 09)
- <Possible follow-ups>
- Re: Windows Local Administrative Privilges Julian Y. Koh (Apr 09)
- Re: Windows Local Administrative Privilges Harold Winshel (Apr 09)
- Re: Windows Local Administrative Privilges Julian Y. Koh (Apr 09)
- Re: Windows Local Administrative Privilges Harold Winshel (Apr 09)
- Re: Windows Local Administrative Privilges Russell Fulton (Apr 09)
- Re: Windows Local Administrative Privilges Parker, Ron (Apr 10)
- Re: Windows Local Administrative Privilges Daniel R Jones (Apr 10)