Educause Security Discussion mailing list archives

Re: Restricting PC Admin Rights

From: Kevin Ledbetter <kevin.ledbetter () VALPO EDU>
Date: Mon, 13 Aug 2018 10:57:54 -0500

We have removed local admin privileges for most of our Non-IT users
accounts.  Where the department has specified a legitimate business need
for local admin rights, we have created a secondary admin account for
specific users.  We use the naming convention username.admin.  The only
time the user uses this account is to provide local admin credentials when
prompted by Windows. when they are installing/updating software.

Kevin

On Mon, Aug 13, 2018 at 10:40 AM, Jack Barrett <jwbarrett () massasoit mass edu

wrote:

We restrict admin rights. We allow admin rights if they sign a “Admin
Access Request” form. This needs to be signed by the employee’s supervisor
and approved by IT



Jack Barrett

Deputy CIO

Massasoit Community College

508-588-9100 Ext 1146



*Beware of “phishing” attempts for your username, and password,  Massasoit
Community College will NEVER ask for your username and password in an
email. *

*Think before you click!*





*From:* The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *McHugh, Susan
*Sent:* Monday, August 13, 2018 11:09 AM

*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Restricting PC Admin Rights



We restrict admin rights.  We had the backing of the EVP when an
instructor downloaded the wrong software.  Employees were upset when they
lost their ability to change their desktop.



____________________
Susan McHugh
Chief Information Officer
Mount Wachusett Community College
s_mchugh () mwcc mass edu
978-630-9174





*From:* The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Andrew Chiarello
*Sent:* Monday, August 13, 2018 11:08 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Restricting PC Admin Rights



We do not restrict admin rights (and all proposals to do so have been
squelched before getting very far).



Andrew J. Chiarello

Lead Engineer, Infrastructure & Systems

Bryn Mawr College

achiarello () brynmawr edu

(610) 526-7966
------------------------------

*From:* The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Pardonek, Jim <
jpardonek () LUC EDU>
*Sent:* Monday, August 13, 2018 11:06:29 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Restricting PC Admin Rights



Not sure if there is somewhere else I can get this info, I’m sure it’s
been asked before, but I am checking to see how many of your institutions
restrict admin rights.  We are putting a proposal together to leadership to
do exactly that as we have had a number of folks fall for scams that
involve the installation of software on their PCs.



Thanks,





*James Pardonek, MS, CISSP, CEH, GSNA*

*Information Security Officer*


* Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL
<https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660&entry=gmail&source=g>  60660
<https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660&entry=gmail&source=g>
*
* (**: (773) 508-6086*



*Loyola University Chicago will never ask you for your username or
password.*

*For the lastest information security news at Loyola, please follow us
online,*

*Twitter: @LUCUISO*

*Facebook: https://www.facebook.com/lucuiso/
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=02%7C01%7Cachiarello%40BRYNMAWR.EDU%7Cef0cbdd0f85d44cb4e1a08d6012e5abc%7Cc94b117b616347fd93f8b8001804ae6f%7C1%7C0%7C636697695941570735&sdata=A4U3nk5sxP60uRjtUhmEFdmakqIHHwMgvRWg0yr22IM%3D&reserved=0>*

*Our Blog http://blogs.luc.edu/uiso/ <http://blogs.luc.edu/uiso/>*




-- 
Kevin Ledbetter
Systems Security Administrator
Office of Information Technology
Valparaiso University
1700 Chapel Drive
Valparaiso, IN 46383
219.464.6191
Staff Employee Advocacy Council
University Council
Kevin.Ledbetter () valpo edu

Current thread:

Restricting PC Admin Rights Pardonek, Jim (Aug 13)
- Re: Restricting PC Admin Rights Andrew Chiarello (Aug 13)
  - Re: Restricting PC Admin Rights Barton, Robert W. (Aug 13)
    - Re: Restricting PC Admin Rights Andrew Chiarello (Aug 13)
    - Re: Restricting PC Admin Rights Gregory Keane (Aug 13)
  - Re: Restricting PC Admin Rights McHugh, Susan (Aug 13)
    - Re: Restricting PC Admin Rights Jack Barrett (Aug 13)
    - Re: Restricting PC Admin Rights Kevin Ledbetter (Aug 13)
    - Re: Restricting PC Admin Rights Gregg, Christopher S. (Aug 14)
    - Re: Restricting PC Admin Rights Alex Lindstrom (Aug 14)
    - Re: Restricting PC Admin Rights Ronald King (Aug 20)
- Re: Restricting PC Admin Rights WALTER KERNER (Aug 13)
- Re: Restricting PC Admin Rights Simanovich, Roman (Aug 13)
- Re: Restricting PC Admin Rights Joanna Grama (Aug 13)
- Re: Restricting PC Admin Rights Seymour, Patrick (Aug 13)
- Re: [External Sender] [SECURITY] Restricting PC Admin Rights Davis, Chris (Aug 13)
  - Re: [External Sender] [SECURITY] Restricting PC Admin Rights Frank Barton (Aug 13)
- Re: Restricting PC Admin Rights Madl, Michael (Aug 13)

(Thread continues...)