In order to address one of the most effective and undetectable methods of attacks against campus technology and information, ITS is changing the way that administrator access is set up and used on Drake-owned computers. In the past, the accounts we used to browse the Internet, open email, and edit documents also had full access to install software and change settings on our computers. While this makes it easy for us to use, it also permits attackers to hijack this access to install malicious software and/or steal information.
To help reduce the likelihood and impact of attacks, we’re removing always-on administrator access on all Drake-owned computers. With rare exception, the programs, applications, and websites we use to perform our daily work do not require administrator access to function. To minimize disruption when greater access is needed, ITS will be automatically installing an application called Make Me Admin on all campus computers. Make Me Admin allows you to obtain temporary administrator access when needed to install new software or make computer changes and removes your elevated access after 30 minutes. You can also submit a request to ITS for assistance with installing programs or making configuration changes, if you prefer.
Make Me Admin will be silently installed on your Drake computer(s) over the next few weeks, and there are guides available in the IT service portal on using this new tool:
How-to guide for Macs
How-to guide for Windows
Where always-on administrator access currently exists, it will be removed sometime prior to the end of the fall semester. This timing will allow us to provide the best level of support during and after the change takes effect, and a follow up communication will be sent around that time.
For questions about these changes, please contact Peter Lundstedt, director, Information Security & Compliance, at peter.lundstedt@drake.edu.
—Peter Lundstedt, ITS