In this article: Problem, Solution, Limits, More info
Problem
Often users of computers need to have administrative rights. However, the standard logon for College computers is not an administrator. How can we keep our computers useful (allow downloads and maintenance) and also protect the network (limit users to non-administrative roles?)
Solution
Skagit Valley College solves this problem primarily by automating our systems. All supported software is updated automatically when a computer is connected to the College network. Administrative rights are only needed with non-standard software, in unusual circumstances, or for troubleshooting. In these cases, we offer employees two accounts.
- All employees get a non-administrative account for daily use. This account has access to email, shared drives, and computers. The account will be named with "firstname.lastname@skagit.edu"
- By request, some employees get an administrative account. This second account does not have access to email or shared drives. For example IT Staff have such administrative accounts. The account will be named with "randomword.lastname@skagit.edu"
Your Administrative Account
To request an administrative account, have your supervisor contact the IT Helpdesk. The Director of IT will review your request. If approved, we will create your account and provision it with the power you need. Your administrative account will only work while connected to the College network. To safely use your administrative account, you need to:
- Agree to use your administrative account only when doing administrative changes to your computer.
- Use your administrative account only in "run as administrator" mode during specific procedures, never as a full logon.
- Never use it during email or Internet sessions.
- Understand the cybersecurity reasons for dual accounts
Cybersecurity
The danger of an admin account is to the network. Although we have the ability to re-image and clean individual computers, real harm can happen to other computers while your computer is compromised. A hacker's prime technique is to:
- Use email or a website to gain access to your computer via the account currently logged on.
- Use your computer to connect to other computers on the network - a pivot. Pivots happen quickly and require admin privileges.
- Establish an account on a more important computer, and disassociate from your computer.
A pivot can happen in less than a minute.
Related services
If you need assistance with this topic, please call the I.T. Helpdeskat .
For general comments on this knowledge-base write to Andy Heiser at andy.heiser@skagit.edu