Lock down user access and privileges

Malware tends to execute with privileges of the currently logged on user -- which is one reason why users should not be Administrators. Contributor Tony Bradley discusses this problem here.

The following tip is one of six steps to help you protect Windows systems from bi-modal attacks. Click to return to the main page.


Users should not be Administrators. Malware tends to execute with the privileges of the currently logged-in user. If the user did not have access to key system files and was not authorized to install software, the malware would be stopped dead in its tracks. Unfortunately in most cases, users do have Administrator privileges on their own machines, which means that malware executed under their privileges has carte blanche on the system as well.

Many users, particularly those in the executive suites, jump and holler when talk begins of removing or restricting their access to their own machines. For the sake of security, general access should be limited, but that is a tough, uphill battle which requires the support of senior leadership to have any chance of success.

More information:

  • Checklist: Lock down Joe User's administrator rights
  • Checklist: Control Joe User's actions
  • Checklist: Three security mandates for any Windows environment

  • Click for the next tip in this series: Training, training and more training
    This was first published in June 2005

    Dig Deeper

    PRO+

    Content

    Find more PRO+ content and other member only offers, here.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    • Virtual desktop security guide

      To secure virtual desktops, consider antivirus, certificates and network vulnerabilities. Just remember, VDI doesn't always ...

    • Guide to low-cost desktop virtualization

      In this guide, learn to virtualize desktops without spending more than you would when deploying PCs, and what VDI vendors are ...

    • VDI pilot project guide

      A VDI pilot project should start with a VDI project plan. Know what pitfalls to avoid and test product options to achieve a ...

    Close