Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.6: Make a temporary Administrator account' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Make a temporary Administrator account
Authored by: macsadmn on Mar 31, '11 07:47:49PM

As mentioned, we also use a software deployment solution. In my opinion, it's the only way to go when you have large deployments. We too push out the most popular printer drivers, but I was merely giving an example of where someone could use this solution. There is occasionally the odd all-in-one printer that comes with "special" software that we don't care to make a software set for.

More applicably, one example that happened to me recently involved one of our district administrators attending a demo/trial on a remote system. The demo required him to run a Juniper web VPN connection and then RDP to a "localhost". Each time the VPN connection was made, it required an admin password to modify something dealing with java. After the 3rd time of being interrupted from my work and running down the hall to type in my credentials, I figured it was time to work out a reasonable solution :-)

Another example I've seen deals with wireless. I've rarely seen this happen, but we do have a neighboring University that has an unusual wireless system that prompts our teachers for an admin password to install something in order to join. Since we allow our staff to use their computers for personal-professional use, this helps with that scenario.

As for students... we have never used this solution for a student account and I cannot see us ever doing that, not even in a 1-1 deployment. With that said, we all know that once a user has a computer in his/her possession and physical security is breached, then they can bypass all security with some easy to find tools and a little reading on the web :-)



[ Reply to This | # ]
10.6: Make a temporary Administrator account
Authored by: tom larkin on Mar 31, '11 07:57:15PM

Oh yeah trust me, I have a system of catching hackers because anytime you give a teenager all the time in the world, Google, and their laptop off campus, they will eventually find away around your security. I have a script that checks for admin membership and if so flags the system for abuse. It is impossible to stop someone with physical access, but it is very possible to play detective and catch those who hack machines.

We actually give all our staff local admin accounts anyway. So they have admin rights to their machines, we just don't make their account an admin so they aren't always logged in as an admin. Some directors and stuff are just plain stand alone machines, which aren't even imaged or bound to server. We just load the Casper client on them so they can get software.

I just don't like the concept of temporary admin rights. I think either the user needs it, or they don't. That is all. Thanks for the tip.



[ Reply to This | # ]