[unisog] Defending Administrative Rights policy

Martin Sapsed m.sapsed at bangor.ac.uk
Thu Oct 4 15:36:36 GMT 2007

Davis,William wrote:
> I am defending our security policy that limits Administrative Rights to IT staff only and am looking for statistics and comments from other peer
> universities on this policy.
> If anyone would be willing to share any information with me I would be very grateful.
> I am most interested in knowing:
> 1. Do you permit or deny Administrative Rights to general faculty/staff?
> 2. What constitutes and exception to this policy?
> 3. What infections/incidents, or lack thereof, have you experienced?
> 4. If a security incident occurred, what was the cost as a result?
> 5. If you permit Admin Rights, what additional security measures did you put in place or depend on?
> 6. What strategies do you use to enforce a "deny admin rights" policy for higher level administrative positions?

I'm intrigued by this discussion because it's something I'm under a lot
of pressure about. A large number of people here *need* admin rights so
that they can

a) format floppy disks (I kid you not!)
b) install printer drivers for the random cheap printer they've just bought
c) install random bits of software

We also have laptop users who *need* admin rights so they can do any of
the above when on the road.

I'm curious as to how the sites which don't give out admin rights at all
deal with these issues? Are your admins running around installing
printer drivers etc? Are you making work for yourselves??



Martin Sapsed				
Microcomputer Support Manager
IT Services                          "Who do you say that I am?"
Bangor University                          Jesus of Nazareth

Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi,
gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig
gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y
neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar
unwaith a dilëwch y neges. Os na fwriadwyd anfon y neges atoch chi,
rhaid i chi beidio â defnyddio, cadw neu ddatgelu unrhyw wybodaeth a
gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i
hanfonodd yn unig  ac nid yw o anghenraid yn cynrychioli barn
Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu
bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu
100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn
nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract
rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa
Cyllid Prifysgol Bangor.  www.bangor.ac.uk

This email and any attachments may contain confidential material and
is solely for the use of the intended recipient(s).  If you have
received this email in error, please notify the sender immediately
and delete this email.  If you are not the intended recipient(s), you
must not use, retain or disclose any information contained in this
email.  Any views or opinions are solely those of the sender and do
not necessarily represent those of the Bangor University.
Bangor University does not guarantee that this email or
any attachments are free from viruses or 100% secure.  Unless
expressly stated in the body of the text of the email, this email is
not intended to form a binding contract - a list of authorised
signatories is available from the Bangor University Finance
Office.  www.bangor.ac.uk

More information about the unisog mailing list