February 27th, 2017
- August 6th, 2011
I often get asked about best practices when configuring Privilege Guard (Edit: now Defendpoint), so I thought I’d take the time to demonstrate some of the flexible ways the product can be used to implement least privilege.
- July 21st, 2011
SMEs often manage without one, and larger companies have it in their staff handbooks, but an IT security policy without the controls to enforce it is of little value, and only useful for assigning blame when something inevitably goes awry.
- July 7th, 2011
One of the comments I receive most frequently from attendees of my Least Privilege webinar is that web conferencing software, such as Citrix’s popular GoToMeeting, prevents IT departments moving forward with least privilege on the desktop. This kind of software can pose a problem as users are often requested to join meetings at short notice and need to install a client program to participate in the conference. In this post I’ll focus on GoToMeeting, but some of the information could also be applied to other software.
- June 12th, 2011
The scope of a Group Policy Object (GPO) can be controlled with WMI filters, based on criteria such as operating system version or hardware specifications. A WMI filter consists of one or more queries, and if all queries evaluate to true then the GPO linked to the filter will be applied.
- May 19th, 2011
Windows XP is deemed ‘good enough’ by many, but the fact is that it’s four to five times more vulnerable to malware infection than Windows 7. While this is mainly due to improved security defenses, including least privilege security implemented with the help of User Account Control (UAC), that’s not to say we should be complacent when using Windows 7.