Re: Local Administrators

[Matthew Clark <MD-Clark () WIU EDU>]

We use SMS or Group Policy installs which install as the system, or an
elevated user instead of the user themselves.  We give our students power
user privileges in our labs.



Matthew



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dave Hull
Sent: Saturday, March 29, 2008 4:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Local Administrators



On 3/27/08 9:47 AM, "Daniel Bennett" <dbennett () PCT EDU> wrote:

Currently we allow our students to be local administrators on lab
computers.  The reason is that some software needs admin-level access to
run.  How do you all handle software like that.  I would like to get our
students to the power-user level.





We don't allow anyone to run as Administrator on their own machine. We use
ProcessMonitor from Sysinternals to find what files and registry keys need
to have permissions set to make the software run.

--
Dave Hull, CISSP, GCFA, GCIH, GREM, SSP-MPA, CHFI
Director of Technology
KU School of Architecture & Urban Planning
Tel. 785.864.2629
Fax  785.864.5393

SANS Mentor Security 508: Computer Forensics, Investigation and Response
https://www.sans.org/mentor/details.php?nid=11673

"The free world says that software is the embodiment of knowledge about
technology, which needs to be free in the same way that mathematics is
free."
-- Eben Moglen, Software Freedom Law Center