Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« More News out of VMworld | Main | Why Publishing Applications is Better than Publishing Desktops »

Eliminating Admnistrator Rights

Vista's User Account Control was a valient attempt by Microsoft to address the needs of Least Privilege, but ultimately its implementation was a failure. Least Privilege effectively requires IT to lock down privilege based on a combination of factors

  • The User's Role
  • The Available Tasks
  • The Corporate Policy

These three elements come together to become the location where privileges need to be granularly assigned. This means assigning administrator privileges by application, by user role, and based on the policies of the company rather than UAC's person-based over the shoulder elevations.

So is UAC broken? Yes. But is it completely useless? No. UAC, and especially its tie into Internet Explorer Protected Mode remains a useful addition to the IT environment. Just make its prompts go away.

I talk about those problems and more on the topic of Eliminating Administrator Rights in my three-part Essentials Series of the same name just released this week:

Article 1 - Understanding Least Privilege
Any discussion on the right-sizing of administrative privileges starts with a solid understanding of how Least Privilege works. This article will define Least Privilege and discuss why simply handing out Administrator privileges doesn't provide the necessary levels of granular control.

Article 2 - The Business Benefits of Eliminating Administrator Rights
Once you understand the right ways in which rights should be assigned as learned in Article 1, your next job is in recognizing how their correct assignment benefits the business. In Article 2, you'll learn how the business benefits along the lines of operational, security, and compliance when admin rights are eliminated in favor of granular privilege assignment.

Article 3 - Limitations in Native Solutions for Privilege Management
Tools are natively available today in the Windows OS that go only part of the way in achieving the goals of Least Privilege. But each of those tools remains too coarse in rights assignment. In Article 3, you'll learn about those native tools and read about the critical omissions in how they assign privileges to users and applications.

Download your copy of all three papers here and find out how any why getting rid of Administrator rights for all your users is a key security and compliance need for your environment.

Tags:        
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on September 18, 2008 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/955

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.