Thursday, 22 July 2010

Should Windows users have full administrative rights?

In his Techtarget article, Kevin Beaver discusses the need for least privilege security while acknowledging the challenges of implementation.

Personally, I have mixed feelings regarding the scenario. On one hand, I'm for balancing security with usability. Give users what they need and get out of their way. It's one of the least-touted principles of information security, but one that can go a long way to making security work for you rather than against you.

But as we know, giving users full control is also a recipe for disaster:

On the other hand, I understand that users cannot be trusted. Be it malice or ignorance, the average user can and will get themselves, their computers and potentially your network in a bind.

One area where I’d tend to disagree with the article, is that giving users administrative rights doesn’t necessarily reduce helpdesk calls, if system configuration is well planned.

Administrators want their users to have the access and privileges they need because it reduces the number of help desk calls and lightens their own workload.

He concludes by suggesting that you should solve the problem by seeking people with experience and use a mixture of Microsoft and 3rd party solutions:

Get input from others who have experience, research third-party vendors or try to find some workarounds with what Microsoft already gives you.

No comments: