News Stay informed about the latest enterprise technology news and product updates.

Administrative privilege, not administrative birthright

Information workers are the lifeblood of an organization. Without them, there would be no need for an IT shop. But there are limits to that gratitude.

Take the whole notion of administrative privilege. Note that the term isn't administrative God-given right or administrative birthright. Sometimes, that privilege has to be taken away -- or not granted in the first place -- to protect the network from security breaches or to keep people from messing around with things they shouldn't be messing around with. But try to tell that to a user who believes they simply must have administrative privileges because, well, they must. Worse yet, some applications won't run in user mode, so there's no choice but to let them operate as an administrator.

Security consultant Steve Friedl, who spoke recently to on the subject, had some pretty good advice to offer.

First, if you have the ability to revoke privileges for an application, be sure to test things before taking action. You don't want to set in motion unintended consequences. Next, take the time to explain to users why you need to reduce their privileges. With understanding comes acceptance; with ignorance comes a hissy fit. And finally, complain to your vendors if their software doesn't limit user rights. They won't change what they don't know -- or hear -- about.

Have a thought about privileges? Send an e-mail and let us know.

Dig Deeper on Enterprise infrastructure management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.