Skip to main content
Contact the IT Service Desk contact us

Thycotic Privilege Manager (TPM)

The Office of Information Technology recently conducted a review of our online environment and identified an opportunity to implement additional proactive security measures. Within the College environment, workstations and laptops are the primary tool used by employees.  As a strategy to further secure all end user devices, we are launching a project that will reduce threats by removing Local Administrator privileges from all of our workstations and laptops. Local Administrator privileges include installing system updates and changing system settings. To assist us in managing this transition, we will be introducing Thycotic Privilege Manager (TPM) software.

TPM will allow us to remove Local Administrator privileges, and provide the flexibility of improving security, without impacting daily work. It will allow you enough control over your computer system to perform your job function, while minimizing the risk of malware or suspicious software.  

In the coming weeks and months, you will receive further communications at each phase of this project:

Phase 1 – Install Thycotic Privilege Manger Agent and enable User Account Control (UAC)

As the first step of OIT’s effort to further secure employee endpoints, we will remotely install the Thycotic Privilege Manager agent on all Windows 10 workstations and laptops. This should be seamless with no interaction required from you. This agent will manage all security policies and ensure that you have the required privileges to run the software you need.

In addition to remotely installing the agent, we will also ensure that all Windows 10 devices have User Account Control (UAC) enabled.

Phase 2 – Collect data on applications use and develop policies to limit user impact
During Phase 2 of this effort, IT Security will collect logs from the agent and UAC to develop the policies that will ensure your work continues uninterrupted as we move into Phase 3 of this project—the removal of Local Administrator privileges.

Phase 3 – Remove Local Administrative Privileges for Windows 10 devices (ensure all users are “standard” users).
Phase 3 will move slowly as we address one group at a time throughout the College. You will receive another email before we make further changes to your device so you know what to expect as we complete this project.

Phase 4 – Monitor privilege elevation requirements; create or modify policies as required.

 

Thank you for your cooperation as we ensure a secure working environment for all employees. 

 

 

Skip sidebar
End of sidebar