mgualt

I work at a university, and the computer services for my academic department are managed in-house by a couple of computer officers. To maintain a secure network, they do not allow users admin privileges on any machine for which they provide support. While I understand this point of view, (and I am aware that there are probably many potential problems that I have no knowledge of) it seems to render the network much less useful than it could otherwise be.

For example, my postdocs can't install any software without clearing it with the admins in advance (and for experimenting with new software and programming languages, this is really impossible, just think of dependencies).

Another example: I would like to send a student to a python boot camp, but he would need admin privileges on the department laptop. It's a no-go.

My question is: What is the modern "right way" to securely administer a network without laming it to this extent? What is your opinion on what strategy the department should employ?