I am defending our security policy that limits Administrative Rights to IT
staff only and am looking for statistics and comments from other peer
universities on this policy.

If anyone would be willing to share any information with me I would be very
grateful.

I am most interested in knowing:
1. Do you permit or deny Administrative Rights to general faculty/staff?
2. What constitutes and exception to this policy?
3. What infections/incidents, or lack thereof, have you experienced?
4. If a security incident occurred, what was the cost as a result?
5. If you permit Admin Rights, what additional security measures did you put
in place or depend on?
6. What strategies do you use to enforce a "deny admin rights" policy for
higher level administrative positions?

If you prefer, you can reach me off line at [log in to unmask]

Sorry for the off topic post, but I thought this would be a great group to
solicit information and advice from.

Thanks!

-Bill
***********************************************************************
William S. Davis
Network Security Administrator
SANS security certifications:  GSEC,GCIH,GCFW,GCIA
Housing Technology Services
Colorado State University
***********************************************************************