[unisog] User rights
Michael W. Fleming
mfleming at csub.edu
Thu Jun 29 16:13:02 GMT 2006
On Jun 29, 2006, at 6:36 AM, I Freecycle wrote:
> I'm wondering how others deal with allowing users rights on work
> At our school, users aren't normally given Administrator or Power User
> rights unless it's absolutely necessary. Occasionally we
> encounter employees and students that don't understand how easily a
> system can be messed up and the security issues involved nor why we
> feel it's necessary to operate like this.
> I would like to know what others do, and what policies they have in
> place to address these issues.
We're a university. If we stopped faculty from having administrator
rights, the hue and cry would be deafening. Many of them have a
legitimate need to install and test software. However, we also must
allow these same faculty to have access to confidential information
because of student advising and grade processing. We have edge
firewall rules blocking all access from the outside to those
machines, we have McAfee's EPO installed and pushing engine and
signature updates; but, still, a disaster waiting to happen when the
trojan could be directly installed by the user. So, I too would be
interested in others' responses.
An idea we have just recently begun to float is using virtual OS
technology to put two OS installations on every appropriate machine,
one locked tight as a drum (no software installation, no saving
information to usb drives, no remote volumes, etc.), the other with a
standard protected installation. Access to the confidential
information would be restricted to the locked OS systems.
If anybody else is doing this, I'd love to hear your experiences.
More information about the unisog