I know from my experience of deploying privilege management in global organizations that people think it’s going to be hard. Every organization is facing an endpoint security balancing act. On one hand employees, and their endpoints, need to be secure. But on the other hand, many employees require a free and flexible operating environment.
One of the comments I receive most frequently from attendees of my Least Privilege webinar is that web conferencing software, such as Citrix’s popular GoToMeeting, prevents IT departments moving forward with least privilege on the desktop
The scope of a Group Policy Object (GPO) can be controlled with WMI filters, based on criteria such as operating system version or hardware specifications. A WMI filter consists of one or more queries, and if all queries evaluate to true then the GPO linked to the filter will be applied.
Windows XP is deemed ‘good enough’ by many, but the fact is that it’s four to five times more vulnerable to malware infection than Windows 7. While this is mainly due to improved security defenses, including least privilege security implemented with the help of User Account Control (UAC), that’s not to say we should be complacent when using Windows 7.
While Windows owes much of its success to its flexibility and ease of use, a new computing model, chiefly heralded by Apple in the consumer space, is changing the proposition value for end users.
One of the most common reasons cited for granting administrative privileges to notebook users on Windows is the need to install drivers for new hardware when IT support isn’t available.
A recent press release from a competitor made some ill-educated statements about Microsoft User Account Control (UAC) and other user mode solutions that control application privileges
As we begin 2011 this will be the year that many companies will look to move from pilot to production with Windows 7. The migration to Windows 7 is an ideal opportunity to assess the security posture of the corporate desktop.
Windows 7 Ultimate and Enterprise editions ship with AppLocker, which is a Group Policy based application control solution. AppLocker is a big improvement over Software Restriction Policies, as it provides a more flexible and intuitive solution to its predecessor. Here we discuss the pros and cons of Windows AppLocker.
As many organizations look to migrate to Windows 7, it is an opportune time to review user privileges. User Account Control (UAC) was introduced by Microsoft in Windows Vista, and it has remained much the same in Windows 7, albeit with a few minor tweaks to its default behavior. Although UAC is a welcome addition to Windows, it really doesn’t provide a corporate solution to least privilege.