Admin Rights

Avecto Logo Smaller

Elevated User Rights (EUR) - Windows devices

Updated May '19.

Aston University are currently in the process of deploying a solution to all Windows based desktops and laptops which removes the need for users to have local admin rights.

What is Avecto? 

Avecto is an industry approved solution to the problem of rights escalation that provides any extra needed  rights without the user needing to be a local administrator. This has many security advantages, mainly in regards to reduced malware risks.

Avecto has recently introduced extra features which will sandbox and run tests on any potentially harmful pps or files and if deemed dangerous, will not allow them to run. This is particularly helpful for reducing ransomware attacks so this will be a huge benefit to the University in saving IT Support engineer time and reducing any potential of lost data in such ransomware attacks.

Why are we changing from local admin rights? 

From recommendations of IT Security audits and in line with industry best practice relating to the principle of least privilege (PoLP), Avecto will give users the flexibility needed to perform their daily roles in a way that reduces risk from malware or malicious actors.

A lot of new threats will use the extra privileges that local admin rights affords to cause extra damage to systems and to spread to more machines laterally across the network. Avecto will stop this as any unauthorised apps will not be able to run as an admin, hence protecting the end user and the University infrastructure from attack.

Deployment of Avecto

Avecto has already been deployed to a select group of test users, an internal test in IT was conducted and  the scope was then broadened to include some volunteer end users who historically had admin rights. We have used this to fine tune the software to deliver a better experience to our users.

Over the next few weeks, we will be deploying the client to all staff desktop and laptops.

The benefit of this is that anyone that previously didn’t have local admin rights, will have an uplifted experience as it will allow installation of Aston approved apps and give standard users more flexibility..

If you are an existing user that has historical local admin rights, nothing will change initially. We will contact each of you direct and work with you to provide a seamless tailored transition. This may involve us testing any specific apps you require to allow them. A small amount of cooperation is requested for this to be progressed and we thank you for your help with this.

What do I need to do?

Absolutely nothing for any normal desktop or laptop. Avecto will target your system automatically and install silently with little or no disruption to your services. Upon next reboot, it will be fully functional. This will have no effect on the performance of your machine.

 

**Computers connected to specialised test equipment - Responsible End User Action Required**

The university has a large number of machines that are used for testing, some of these have been directly purchased without IT Services knowledge.

If you have specific test equipment that you know the account absolutely needs admin rights and will not work without it, please contact us through IT Security Team. The IT Security Team are based in MB420 in case of any urgent requirements.

**It is important that we are informed of these types of machines prior to full deployment so we can configure them to work seamlessly during roll-out of Avecto.**

We will need the following information in the email:

  • Asset number or computer name of device that requires this.
  • The user responsible for the device contact details.
  • Location of device.
  • Description of what the device is used for.

We can then contact you and work closely on a resolution that allows this machine to continue to work after this software has been deployed, this may be through whitelisting any specific or bespoke apps.