Compartilhar via

Why should your users use least privilege on their corporate computers?

  • Artigo

If a business allows it's users to install whatever software they choose and/or make configuration changes then they run the increased risk of the security of the machine being compromised. I recommend wherever possible businesses should refrain from giving end users administrative rights over the machines they use thereby preventing users from installing software (that affects the system as a whole) or making configuration changes that affect the system as a whole.

 

Regular user accounts CAN still customise items that just affect the current user such as the desktop background and in principle most day to day activities should be possible without using an Administrator level account.

 

By installing a piece of software the user is implicitly trusting both the author and distributor of the software that there aren't any backdoors or security vulnerabilities in the software itself. In addition there are many cases of malicious software "piggybacking" onto/into perfectly legitimate code due to the distribution point (often a website) being compromised. To ensure effective security it's critical to only install software from sources you have reason to trust.

 

If the user is allowed (due to having administrative rights over their machine) to make configuration changes then they could accidentally disable security features such as the firewall thereby rendering them ineffective.

 

Some applications don't work properly when run without admin rights and whilst ideally such code should be replaced, in the real world that's often not feasible in the near term. Vista makes life easier but you certainly CAN run XP without admin rights AND be productive - I did so for a couple of years. In such situations I advise giving each user TWO accounts - one with admin rights and one without - encouraging them to use the non-admin account as much as possible to reduce their attack surface AND EXPLAIN TO THEM that their machine is less likely to "break" due to malware/accidental mis-configuration while they are using that account.

Comments

  • Anonymous
    January 01, 2003
    Darren> It's always writing something in a few words and getting the point across. I agree that standard users can install software by default - the thing is that they can't change the config of the machine as a whole OR install software that affects other users. I worry most about browser helper objects being installed by users. I'd love to hear more about your concerns - please either comment or email me using //stephlam@microsoft.com

  • Anonymous
    January 01, 2003
    Ben> Thanks for checking. You should have received a message (online) letting you know that comments are moderated hence there will be a delay. Perhaps it wizzed off screen before you noticed it.

  • Anonymous
    January 01, 2003
    P.S why do comments take sooo long to appear? are they on manual verify?

  • Anonymous
    January 01, 2003
    Bibble> Yes comments are on "manual verify" to deal with comment spam and the occasional expletive. I've posted your comment within 1/2 a business day I'm surprised you think that's a long time. Please do keep contributing as you comments are interesting

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi Steve, Sorry i wasn't meaning to complain about the comment speed i was just checking as i keep thinking that i didn't actually press the "submit" button or some such. I posted my initial comment within 10 minutes of the main post & it only showed up this morning (Monday 21st) - I know that's over the weekend, does that mean there is something else going on so they don't show? Ben.

  • Anonymous
    April 21, 2008
    That's all well and good until some silly app decided that it "has" to have admin rights to install AND run.  A lot of dev tools have this and some come from the likes of Microsoft so it's all well and good saying such things but HOW exactly can you do this AND have a usable system without having to log in and out constantly for differents apps with their associated requirements for admin rights.

  • Anonymous
    April 26, 2008
    Steve I'm sorry but surely it's not that simple.  Forcing users to use standard/limited accounts rather than admin accounts does not prevent them from installing software.  There is a large proportion of software out there especially the downloadable type (which from a security prespective we're most worried about) that can install without any admin rights being required.  

  • Anonymous
    April 29, 2008
    The comment has been removed