Educause Security Discussion mailing list archives

Re: Lab Computers, Research & Administrative Rights


From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Wed, 6 Jun 2018 14:58:41 +0000

We...
- Segment off the machines whenever possible.
- Deep Freeze is used on the PCs.
- MakeMeAdmin (https://makemeadmin.com/) -  We have not started to use it here, but we have been talking about it in 
certain circumstances, being needed.
- Any access to the 'research' machines require a special AUP be signed.
- Access to those machines is limited in AD; we've limited what machines specific AD users can log into.

Robert W. Barton
Director of Information Security
Lewis University
One University Parkway
Romeoville, ILĀ  60446-2200
815-836-5663

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Hahues, Sven
Sent: Wednesday, June 6, 2018 9:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Lab Computers, Research & Administrative Rights

Hi everyone,

I wanted to find out if some of you could share what some of the approaches you have taken when handling shared 
computers, such as devices used in labs that are hooked up to research equipment where faculty/staff and students may 
need to have administrative rights.

We have been in the process of removing administrative rights, and if the computer is loaded by central IT, students do 
not have administrative rights.  We have been getting an increasing number of requests to allow for this to happen and 
are hesitant to do so.

Could you guys share some of your approaches?

Thanks,

Sven

Sven Hahues
Florida Gulf Coast University
Director, ITS Helpdesk, Network Services & Security
Tel: (239) 590 1337
E-Mail: shahues () fgcu edu

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone at (815)-836-5950 and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.


Current thread: