Administrative privilege, not administrative birthright

John Hogan

Take the whole notion of administrative privilege. Note that the term isn't administrative God-given right or administrative birthright. Sometimes, that privilege has to be taken away -- or not granted in the first place -- to protect the network from security breaches or to keep people from messing around with things they shouldn't be messing around with. But try to tell that to a user who believes they simply must have administrative privileges because, well, they must. Worse yet, some applications won't run in user mode, so there's no choice but to let them operate as an administrator.

Security consultant Steve Friedl, who spoke recently to on the subject, had some pretty

Requires Free Membership to View

good advice to offer.

First, if you have the ability to revoke privileges for an application, be sure to test things before taking action. You don't want to set in motion unintended consequences. Next, take the time to explain to users why you need to reduce their privileges. With understanding comes acceptance; with ignorance comes a hissy fit. And finally, complain to your vendors if their software doesn't limit user rights. They won't change what they don't know -- or hear -- about.

Have a thought about privileges? Send an e-mail and let us know.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: