Educause Security Discussion mailing list archives

Re: Privileged Users

From: Kevin Ledbetter <kevin.ledbetter () VALPO EDU>
Date: Fri, 18 Jun 2021 08:15:27 -0500

We create special username.admin accounts with local admin rights that
apply only to their department's computers.  These accounts do not have
rights to network shares, which discourages people from using them for
everyday use. The .admin accounts are provided ONLY to provide admin
credentials when needed. We also have GPOs that remove any local admin
rights granted to their regular AD account thay they may set using the
.admin account.
Kevin Ledbetter

On Fri, Jun 18, 2021 at 8:06 AM Dr. Christopher Davis <CDavis () franciscan edu>
wrote:

Does anyone have a system in place (possibly a form with a policy backing
it up) that you use to identify and approve “privileged users” who are
allowed to have local admin access to their assigned campus machines?  We
are looking to make some changes to our policies and procedures and are
wondering what others are doing?  Thanks!

Pax Christi,

*Dr. Chris Davis*
Director of Information Technology Services


Franciscan University of Steubenville
1235 University Blvd.
Steubenville, OH 43952
740-284-5192
cdavis () franciscan edu

“The body was made for the sake of the soul, and this world for the sake
of the other world.”
St. Giles

**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://www.educause.edu/community



-- 
*Kevin Ledbetter*
Systems Security Administrator
Office of Information Technology

1700 Chapel Drive
Valparaiso, IN 46383
219.464.6191
Staff Employee Advocacy Council
Kevin.Ledbetter () valpo edu

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Privileged Users Dr. Christopher Davis (Jun 18)
- Re: Privileged Users Xavier Belanger (Jun 18)
- Re: Privileged Users Kevin Ledbetter (Jun 18)
- Re: [External] [SECURITY] Privileged Users Napier, Mark E (Jun 29)