Administrative Privileges

In this article:  Problem, Solution, Limits, More info

Problem

Often users of computers need to have administrative rights.  However, the standard logon for College computers is not an administrator.  How can we keep our computers useful (allow downloads and maintenance) and also protect the network (limit users to non-administrative roles?)

Solution

Skagit Valley College solves this problem primarily by automating our systems.  All supported software is updated automatically when a computer is connected to the College network.  Administrative rights are only needed with non-standard software, in unusual circumstances, or for troubleshooting.  In these cases, we offer employees two accounts.  

  1. All employees get a non-administrative account for daily use.  This account has access to email, shared drives, and computers. The account will be named with "firstname.lastname@skagit.edu" 
  2. By request, some employees get an administrative account. This  second account does not have access to email or shared drives.  For example IT Staff have such administrative accounts.  The account will be named with "randomword.lastname@skagit.edu"

Your Administrative Account

To request an administrative account, have your supervisor contact the IT Helpdesk.  The Director of IT will review your request.  If approved, we will create your account and provision it with the power you need.  Your administrative account will only work while connected to the College network.  To safely use your administrative account, you need to:

  1. Agree to use your administrative account only when doing administrative changes to your computer. 
  2. Use your administrative account only in "run as administrator" mode during specific procedures, never as a full logon.
  3. Never use it during email or Internet sessions.
  4. Understand the cybersecurity reasons for dual accounts

Cybersecurity

The danger of an admin account is to the network.  Although we have the ability to re-image and clean individual computers, real harm can happen to other computers while your computer is compromised.    A hacker's prime technique is to:

  1. Use email or a website to gain access to your computer via the account currently logged on.
  2. Use your computer to connect to other computers on the network - a pivot.  Pivots happen quickly and require admin privileges. 
  3. Establish an account on a more important computer, and disassociate from your computer.

A pivot can happen in less than a minute.

Related services

If you need assistance with this topic, please call the I.T. Helpdeskat .

For general comments on this knowledge-base write to Andy Heiser at andy.heiser@skagit.edu

Details

Article ID: 116505
Created
Fri 9/18/20 11:03 AM
Modified
Tue 6/28/22 3:42 PM