Home > Ask the Enterprise Desktop Experts > Questions & Answers > Handling the dangers of network users with too many rights
Ask The Enterprise Desktop Expert: Questions & Answers
EMAIL THIS

Handling the dangers of network users with too many rights

Wes Noonan EXPERT RESPONSE FROM: Wes Noonan

Pose a Question
Other Enterprise Desktop Categories
Meet all Enterprise Desktop Experts
Become an Expert for this site


Advice for securing Windows
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 02 March 2006
Our company has 200+ workstations that are joined in a domain. With regards to privileges, I understand that employees are to be restricted to a USER TYPE ACCOUNT PRIVILEGE as part of a standard practice in a network environment. Unfortunately, some employees preferred the upper privileges. Due to this, I'm afraid that my network would be at risk.

In short, I would like to ask your recommendation as an expert with regards to this situation. I need to provide proof to my seniors and employees of best practices for network security. It would be a big help to bring an end to this "power hunger" of some employees.



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Politics is probably the second most difficult thing the balance against security (the first being money). This is what I use as a measuring stick. If someone can't provide a valid *business* justification for the escalated privileges, I fight strongly against providing them. If a business application requires escalated privileges, I escalate the issue with that vendor to make it clear to them that requiring escalated privileges is against the corporate security policy, and that if they can't provide a workaround, we won't be buying or using their product. In today's environment, many software vendors have more restrictive access requirements that they can run under, but that they do not always make publicly known (you need to ask for them).

If all else fails though, I then work under the basic premise of the most restrictive rights possible. So before I make a user a local administrator, I will check and see if they can do what they need to do as a power user. Before I make a user a power user, I will check to see if I can grant specific rights to the user (or more practically to a group the user is a member of) or specific rights to the appropriate registry keys or files.

The bottom line here though is that you are 100% correct in how you are approaching this issue, and unfortunately this is one of the more unpleasant aspects of security administration. Your best weapon is the ability to demonstrate how the users can perform all of their required business responsibilities at the lower privilege level. Good luck!!

View questions and answers from all of our Windows security experts here.




Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Desktop Solutions - Windows for Enterprise
HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts