We use Zenworks. All users are Windows "Users". Zenworks Applications
(bundles) are granted more rights as necessary, rather than users.
Student User accounts are volatile (removed at logout).
This is how we had Windows 7 and have Windows 10.
Lease privilege: http://www.securewinbox.com/home/ maybe?
Si
>>> On 11/07/2017 at 11:13, in message
<[log in to unmask]>
Dave West <[log in to unmask]> wrote:
> What are people using for managing least privilege?
>
> Our old Windows 7 service relied upon staff having local admin rights
> (manually added at deployment time) and students being standard
users. For
> Windows 10 we want to take the opportunity to introduce least
privilege but
> want to provide a mechanism for managing this with as little impact
on the
> service desk as possible, i.e. some sort of self-service with
approval
> mechanism.
>
> Currently Microsoft do not offer much in the way of managing this in
a
> granular fashion, you’re either an admin or you’re not, and this
is generally
> managed on the local machine or via security groups and group
policy.
>
> For those that have implemented least privilege, can anyone recommend
(or
> advise against) any specific products?
>
> Thank you.
>
> Dave West
> Senior Operations Analyst
> Service Management
>
> Technology & Information Services | University of Plymouth | Drake
Circus |
> Plymouth | PL4 8AA
> Tel: 01752 587247 | Email:
> [log in to unmask]<mailto:[log in to unmask]> | Web:
> www.plymouth.ac.uk/ITservices<http://www.plymouth.ac.uk/ITservices>
>
>
> ________________________________
>
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk
> /worldclass>
>
> This email and any files with it are confidential and intended solely
for
> the use of the recipient to whom it is addressed. If you are not the
intended
> recipient then copying, distribution or other use of the information
> contained is strictly prohibited and you should not rely on it. If
you have
> received this email in error please let the sender know immediately
and
> delete it from your system(s). Internet emails are not necessarily
secure.
> While we take every care, Plymouth University accepts no
responsibility for
> viruses and it is your responsibility to scan emails and their
attachments.
> Plymouth University does not accept responsibility for any changes
made after
> it was sent. Nothing in this email or its attachments constitutes an
order
> for goods or services unless accompanied by an official order form.
--
Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at sylw'r
unigolyn neu'r sefydliad a enwir uchod. Bydd
unrhyw farn neu sylwadau a fynegir yn perthyn i'r awdur yn unig ac ni
chynrychiolant o anghenraid farn Coleg Sir Gâr.
Os ydych chi wedi derbyn yr e-bost hwn ar gam, rhowch sylw i'r
gweinyddwr ar y cyfeiriad canlynol:
[log in to unmask]
Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn?
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to
whom they are addressed. Any views or opinions expressed are solely
those of the author and do not necessarily represent those of Coleg Sir
Gâr. If you have received this email in error please notify the
administrator on the following address:
[log in to unmask]
Please consider the environment - do you really need to print this
email?.
|