Removing Privileged Credentials From Windows Users Without Impacting Usability

Long before the days where Windows NT was merged with the consumer version of Windows, users became accustomed to working with full system access. Before Windows XP was released, the absence of the NTFS filesystem in Windows ME and earlier OSes, meant that access control lists couldn’t be used to secure system resources, so users always had unfettered access to the system.

Even in the corporate world, Windows NT Workstation often required users be given power user or administrator access to run software, as developers rarely adhered to best practices in terms of creating applications that would run under a standard user account. And so the scene was set, that Windows users are always ‘administrators’.

But times have changed, and the Internet has brought with it a different threat landscape that changes almost daily. Not only do security experts now recommend the removal of administrative rights, even from IT staff, but regulatory compliance demands and other security programs, such as the UK government’s Cyber Essentials Scheme, require that administrative privileges be removed from users.

Political and technical challenges of removing administrative privileges

IT has always been reluctant to remove administrative privileges from end users for several reasons. The first that comes to mind, and shouldn’t be overlooked, is the political challenges of such a move. Taking away a perceived privilege can be difficult, much like denying a person their freedom, so a change in IT policy has to be managed carefully to ensure users and management are onboard.

There are still legacy applications that require administrative privileges, and while User Account Control (UAC) in Windows Vista and later OSes increases the number of legacy applications that can run with a standard user account, there are still times where a program may require administrative rights. Additionally, there may be occasions where users legitimately need to carry out system tasks that require administrative privileges, especially on portable devices that have limited connectivity to the Internet or company intranet.

But the risks of administrative privileges in today’s threat landscape greatly outweigh the benefits, and removing administrative privileges from end users and IT staff is critical for ensuring that systems remain secure, and should be part of a defense-in-depth security strategy that includes deploying antimalware detection, endpoint firewalls, and ensuring that operating system and updates for third-party software are installed in a timely manner.

Overcoming the challenges

In this webinar, join me to learn about some strategies that can be used to overcome these challenges. I’ll discuss how the Application Compatibility Toolkit (ACT) and UAC can be used to deploy shims to improve legacy app compatibility with standard user accounts, and how embracing Universal Apps in Windows 10 can enable organizations to secure systems but still allow users to install ‘after work applications’

Author/Presenter: Russell Smith, Windows & IT Security Expert