Administrative privilege, not administrative birthright

Information workers are the lifeblood of an organization. Without them, there would be no need for an IT shop. But there are limits to that gratitude.

Take the whole notion of administrative privilege. Note that the term isn't administrative God-given right or administrative birthright. Sometimes, that privilege has to be taken away -- or not granted in the first place -- to protect the network from security breaches or to keep people from messing around with things they shouldn't be messing around with. But try to tell that to a user who believes they simply must have administrative...

privileges because, well, they must. Worse yet, some applications won't run in user mode, so there's no choice but to let them operate as an administrator.

Security consultant Steve Friedl, who spoke recently to SearchWin2000.com on the subject, had some pretty good advice to offer.

First, if you have the ability to revoke privileges for an application, be sure to test things before taking action. You don't want to set in motion unintended consequences. Next, take the time to explain to users why you need to reduce their privileges. With understanding comes acceptance; with ignorance comes a hissy fit. And finally, complain to your vendors if their software doesn't limit user rights. They won't change what they don't know -- or hear -- about.


Have a thought about privileges? Send an e-mail and let us know.

Dig deeper on Enterprise Infrastructure Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close