[UniMacTech] RE: What rights do your laptop users have?

David Angelovich david.angelovich at deakin.edu.au
Mon Feb 9 16:30:17 EST 2009 

Hi Mervin,

We're running a "Get Admin Access" application set, which grants users Admin access for 1 hour.
Effectively, the process is:
1. User runs a Get Admin Access application and enters their username/password and a reason for requesting access
2. The app contacts a server, authenticates the user and logs the request details
3. The app grants the access locally by adding the user to the Admin group on the machine
4. A daemon is started to remove access after an hour

Advantages are:
No support staff required to grant admin
Works from anywhere an internet connection is available (uses HTTPS, but doesn't support proxies)
Allows staff to get admin access to their own machine only (unless we specify otherwise - useful for faculty IT support staff)
Gives us the same functionality as our Windows users have
Requests are logged (with a reason for the request)
Installed for all staff machines (desktop or laptop)

The disadvantage is that it's a little complicated, and if our infrastructure changes too much things will break.

It's not completely perfect, but it works.

Regards,
- David

--
David Angelovich, Unix Administrator
Information Technology Services Division
Deakin University, Waterfront Campus
Phone: 03 5227 8669 International: +61 3 5227 8669
Fax:   03 5227 8866 International: +61 3 5227 8866
E-mail:   david.angelovich at deakin.edu.au<mailto:david.angelovich at deakin.edu.au>
Website:  http://www.deakin.edu.au

Deakin University CRICOS Provider Code 00113B


From: unimactech-bounces at auc.edu.au [mailto:unimactech-bounces at auc.edu.au] On Behalf Of Mervin uy
Sent: Monday, 9 February 2009 3:08 PM
To: University Macintosh Technical Mailing List
Subject: [UniMacTech] What rights do your laptop users have?

Hi All..

  Not really asking a tech question today more of  a General query, I am currently having issues with admin rights and end users constantly requesting admin rights. I wanted to know what other universities are doing with laptops in regards to End users requesting Admin rights.

Cheers all

Mervin Uy
Technical Officer

School Of Philosophical and Historical Inquiry
The University of Sydney
Room 607 Brennan Maccallum Building A18, University of Sydney NSW 2006
T: +61 2 9351 2538 | F: +61 2 9351 3918 | E: Mervin Uy <mailto:Mervin.uy at usyd.edu.au>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://auc.uow.edu.au/pipermail/unimactech/attachments/20090209/aadcbb9a/attachment-0001.html

More information about the unimactech mailing list