Local Administrator Rights for Workstations

Local Administrator Rights for Workstations

The NSU Information Technology Services strives for Service Excellence. A critical aspect of IT's success is our emphasis on security. An important concept that the NSU IT takes seriously is "The Principle of Least Privilege." This is the practice of limiting access rights for users to the minimum permissions they need to perform their work. Running a system with full-time administrative access increases the risk to our institution, as adversaries are constantly trying to find footholds into systems they should not access.

It should be rare that one needs to perform administrative functions on workstations. However, IT is aware that the need will justifiably arise from time to time. NSU IT offers a few options for performing administrative tasks on workstations.

If a ticket is placed for administrative access, it should outline the specific use case and desired result. The more information you can provide, the better the chance of success we all will have when it comes to administrative functions on a workstation.

For most cases, a ticket requesting the function to be performed by IT is sufficient. Especially when proper planning has taken place making sure the need does not arise with urgency.

There are times when even proper planning does not mitigate the need for immediate escalation of rights. When the need arises, and IT leadership deems the need legitimate, IT administrators can perform privilege escalation remotely on the specific workstation. The requester can be added to the local administrator group for a specific duration, usually 24 hours. This window can be approved for longer than 24 hours under extremely rare circumstances.

 

Details

Article ID: 87411
Created
Fri 9/20/19 10:20 AM
Modified
Thu 3/26/20 3:37 PM