Applying the Principle of Least Privilege across the Enterprise: Locking Down Desktops by Removing Local Administrator
When users login to their computers with local administrator privileges they greatly
increase the risk of security breaches by viruses, malware and malicious users.
By removing administrative privileges and implementing the security best practice
of Least Privilege these threats can be avoided and network security increased.
Whether driven by security concerns, business needs or mandated by compliance standards, applying the Principle of Least Privilege is a prudent move for organizations. Eliminating unnecessary administrative rights protects against zero-day exploits, prevents unauthorized malicious use, and will increase productivity and compliance when correctly implemented.
Unfortunately, organizations must often overcome hurdles before they can implement a least privilege environment. In addition to removing unnecessarily elevated privileges, companies must ensure that users can still run applications and perform tasks that their jobs require. Any implementation that results in a decrease in productivity will be quickly overridden.
A variety of solutions for implementing least privilege are now in common use. While some of the solutions are more secure and easier to implement than others, all of them are preferable to an environment with no attempt to adhere to the Principle of Least Privilege.
Director of Product Management,
As the Director of Product Management at DesktopStandard, Kevin Sullivan integrates market needs and emerging requirements to guide the direction and functionality of DesktopStandard products. Prior to joining DesktopStandard, Kevin was a key member of the Product Management team at Quest Software, and was a successful Product Manger for Aelita's Active Directory solutions. He is a Microsoft MVP (Windows Server – Group Policy), and with his experience in Active Directory enterprise management he brings broad perspective and in-depth understanding of customer needs to the product development process.
- BeyondTrust Corporation
- 20 May 2008
- 01 Jan 2006
- White Paper