Controlling the Captains of Your Desktops: Avoid Permanent Local Admin Rights

Thursday, April 12 | 9:15AM–10:15AM ET | Maryland Ballroom D, Fifth Floor
Session Type: Breakout Session
Delivery Format: Interactive Presentation
While navigating the heavy seas of faculty and staff computers, it is common to find that all ranks and recognitions wish to be the captain (administrator) of their desktop. Unfortunately, that is not the best strategy for the safety and management of the desktop and laptop fleet. Using a variety of scripts, web applications, SCCM, and native Active Directory functionality, Towson University's Office of Technology Services removed permanent administrator rights on nearly all faculty and staff Windows computers. This presentation will explain how to keep the waters calm while adding this protection to your vessels.

Outcomes: Understand the value in removing permanent admin rights from faculty and staff computers * Learn about possible technical methods and tools that can be used by your organization to remove permanent admin rights. This includes Microsoft products like SCCM and LAPS, plus some custom apps and scripts * Hear about Towson University's experience with getting buy-in, overcoming political challenges, handling exceptions and managing operations


  • Reid Guanti

    Manager, Solutions Engineering, Towson University
  • Richard McIver

  • Patrick Rohe

    Chief Technology Officer, Towson University

Resources & Downloads

  • EducauseSecurity2018LocalAdmins

    13 MB, pptx - Updated on 1/22/2024