Questions

How much administrative privileges do your employees have?

Tags:
+
0 Votes
Locked

How much administrative privileges do your employees have?

jmartin.hlg
I work at a small to mid-size college in Missouri. Out of curiosity, how much administrative privileges do employees that you manage have? Even better to know what rights faculty have if you work for a college or university.

Thanks!
  • +
    0 Votes
    IC-IT

    Only on a rare occassion do we let anyone go beyond a limited user. This includes our Campus President. Except for IT of course.

    Some courseware (usually the Sciences) like to have executables to launch their CD/DVD materials. A very few of them will have a seperate exe that allows limited users to use the programs. Others we have to teach the Faculty how to find the materials with Explorer.

    +
    0 Votes
    Slayer_

    Most though have full admin, largely because most of us are developers and a limited user would be a serious hindrance.

    +
    0 Votes
    Greybeard770

    Limiting their ability to install spyware, junkware, viruses, delete the Windows directory also limits your need to clean up their mess. True, they can't install productive software but they should already have what they need. Programmers do have different needs but they understand and take responsibility for their actions.

    +
    0 Votes
    rkuhn

    As a construction company using some old ERP software, all my sales people and office staff have local admin rights. Construction workers are local power users.

    There are software reasons I just can't get around.

    Of course, no one other than me gets above domain user.

    That said, honestly, as much as is written about it, I haven't really noticed much of a difference.

    Sure, I get an occassional virus and have to either repair or rebuild a PC but if I had to guess I'd say that's not more than one every few months out of 75+ PC's.

    My hunch is education, Symantec Enterprise AV, OpenDNS, and half way decent border controls is keeping me relatively safe.

    +
    0 Votes
    Tony Hopkinson

    But if I twiddle with something and break an IS supported function, then all I can do is untwiddle, and then put a request in for IS to support what I need to do do.
    Even if I turn something off, as soon as I restart/ logon, corporate settings get reapplied through Active Directory Policies, also given the privileges I have I must meet the responsibilities that entail.

    In my experience only a moron would ask for admin privileges they don't need to do their job. Even if you are completely responsible, any time something goes wrong, your IS/IT departments first response will be what did you do, or he could have done it, it's just shooting yourelf in the foot, that one.

  • +
    0 Votes
    IC-IT

    Only on a rare occassion do we let anyone go beyond a limited user. This includes our Campus President. Except for IT of course.

    Some courseware (usually the Sciences) like to have executables to launch their CD/DVD materials. A very few of them will have a seperate exe that allows limited users to use the programs. Others we have to teach the Faculty how to find the materials with Explorer.

    +
    0 Votes
    Slayer_

    Most though have full admin, largely because most of us are developers and a limited user would be a serious hindrance.

    +
    0 Votes
    Greybeard770

    Limiting their ability to install spyware, junkware, viruses, delete the Windows directory also limits your need to clean up their mess. True, they can't install productive software but they should already have what they need. Programmers do have different needs but they understand and take responsibility for their actions.

    +
    0 Votes
    rkuhn

    As a construction company using some old ERP software, all my sales people and office staff have local admin rights. Construction workers are local power users.

    There are software reasons I just can't get around.

    Of course, no one other than me gets above domain user.

    That said, honestly, as much as is written about it, I haven't really noticed much of a difference.

    Sure, I get an occassional virus and have to either repair or rebuild a PC but if I had to guess I'd say that's not more than one every few months out of 75+ PC's.

    My hunch is education, Symantec Enterprise AV, OpenDNS, and half way decent border controls is keeping me relatively safe.

    +
    0 Votes
    Tony Hopkinson

    But if I twiddle with something and break an IS supported function, then all I can do is untwiddle, and then put a request in for IS to support what I need to do do.
    Even if I turn something off, as soon as I restart/ logon, corporate settings get reapplied through Active Directory Policies, also given the privileges I have I must meet the responsibilities that entail.

    In my experience only a moron would ask for admin privileges they don't need to do their job. Even if you are completely responsible, any time something goes wrong, your IS/IT departments first response will be what did you do, or he could have done it, it's just shooting yourelf in the foot, that one.