Have you ever used your car’s Valet Key? It is included with most modern vehicles and allows you to keep the contents of your glovebox and trunk safe from the Valet. That special key gives the Valet the ability to perform their job (park your car and lock it) and nothing more, thus providing you with an extra level of security.
Most, if not all, current computer operating systems have a similar design. By the way of restricting Admin Rights, a typical person is able to use the computer to perform their job while leaving the maintenance and security to the people responsible for those duties. Where this becomes a gray area is when a user requires these advanced rights to perform their job, which is most common for people that work in IT.
I like to use an analogy that some of you may have heard me say about Admin Rights. I am not a mechanic by trade, but I have worked on cars since I was 15 years old. I can do most repairs on older vehicles that do not have electronics. For example, I have the tools and knowledge to perform full-service brake jobs but you won’t catch me running down to 1762 with a toolbox when I hear a UTS van squeak. It’s not that I can’t do it; it’s just that I have my own job duties and someone else is being paid to perform vehicle repairs and maintenance.
There are other considerations. The mechanic might have a stockroom full of replacement parts that were purchased by Emory at a fraction of what I can get them for. He/she may have special knowledge about the vehicle that I do not. If I were to do something to the brakes that is not consistent with the repair shop’s best practices, I may be creating new vulnerabilities or risks for people that might drive the van.
Ok, so enough car analogies. I think you get the point. When new patches, OS upgrades and software versions are released, my team has a QA process in place to test the new software prior to deployment.
We spend considerable time to verify compatibilities with other programs. There are occasions when updates are intentionally not released to managed Emory computers because of known problems or incompatibilities. For instance, we had to postpone the Internet Explorer 9 upgrade due to incompatibilities with PeopleSoft. We also have had to block certain JAVA updates due to incompatibilities with Kronos.
When you are at home on your own personal computer applying patches and updates from Microsoft and Apple, it may be just an easy mouse-click. That computer may not need to connect to EMC storage, talk to an Exchange server, require a very specific version of Java or be compatible with full disk encryption. While the task of installing an update is essentially the same, the results may be far more impacting at work.
In UTS Client Services, we certainly understand the need for some of you to have Admin Rights to do your job, but those rights also give you the ability to perform system tasks that must be left to the experts. So when in doubt, contact us.
Remember, with great power comes great responsibility.
Leave a Reply