[unisog] User rights

Michael W. Fleming mfleming at csub.edu
Thu Jun 29 16:13:02 GMT 2006


On Jun 29, 2006, at 6:36 AM, I Freecycle wrote:

> Hello,
>
> I'm wondering how others deal with allowing users rights on work  
> computers.
>
> At our school, users aren't normally given Administrator or Power User
> rights unless it's absolutely necessary. Occasionally we
> encounter employees and students that don't understand how easily a
> system can be messed up and the security issues involved nor why we
> feel it's necessary to operate like this.
>
> I would like to know what others do, and what policies they have in
> place to address these issues.


We're a university. If we stopped faculty from having administrator  
rights, the hue and cry would be deafening. Many of them have a  
legitimate need to install and test software. However, we also must  
allow these same faculty to have access to confidential information  
because of student advising and grade processing. We have edge  
firewall rules blocking all access from the outside to those  
machines, we have McAfee's EPO installed and pushing engine and  
signature updates; but, still, a disaster waiting to happen when the  
trojan could be directly installed by the user. So, I too would be  
interested in others' responses.

An idea we have just recently begun to float is using virtual OS  
technology to put two OS installations on every appropriate machine,  
one locked tight as a drum (no software installation, no saving  
information to usb drives, no remote volumes, etc.), the other with a  
standard protected installation. Access to the confidential  
information would be restricted to the locked OS systems.

If anybody else is doing this, I'd love to hear your experiences.

Michael


More information about the unisog mailing list