NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Removing Privileged Credentials From Windows Users Without Impacting Usability

September 28, 2015

  • Blog
  • Archive

multiple computers

Long before the days where Windows NT was merged with the consumer version of Windows, users became accustomed to working with full system access. Before Windows XP was released, the absence of the NTFS filesystem in Windows ME and earlier OSes, meant that access control lists couldn’t be used to secure system resources, so users always had unfettered access to the system.

Even in the corporate world, Windows NT Workstation often required users be given power user or administrator access to run software, as developers rarely adhered to best practices in terms of creating applications that would run under a standard user account. And so the scene was set, that Windows users are always ‘administrators’.

But times have changed, and the Internet has brought with it a different threat landscape that changes almost daily. Not only do security experts now recommend the removal of administrative rights, even from IT staff, but regulatory compliance demands and other security programs, such as the UK government’s Cyber Essentials Scheme, require that administrative privileges be removed from users.

Political and technical challenges of removing administrative privileges

IT has always been reluctant to remove administrative privileges from end users for several reasons. The first that comes to mind, and shouldn’t be overlooked, is the political challenges of such a move. Taking away a perceived privilege can be difficult, much like denying a person their freedom, so a change in IT policy has to be managed carefully to ensure users and management are onboard.

There are still legacy applications that require administrative privileges, and while User Account Control (UAC) in Windows Vista and later OSes increases the number of legacy applications that can run with a standard user account, there are still times where a program may require administrative rights. Additionally, there may be occasions where users legitimately need to carry out system tasks that require administrative privileges, especially on portable devices that have limited connectivity to the Internet or company intranet.

But the risks of administrative privileges in today’s threat landscape greatly outweigh the benefits, and removing administrative privileges from end users and IT staff is critical for ensuring that systems remain secure, and should be part of a defense-in-depth security strategy that includes deploying antimalware detection, endpoint firewalls, and ensuring that operating system and updates for third-party software are installed in a timely manner.

Overcoming the challenges

In this webinar, join me to learn about some strategies that can be used to overcome these challenges. I’ll discuss how the Application Compatibility Toolkit (ACT) and UAC can be used to deploy shims to improve legacy app compatibility with standard user accounts, and how embracing Universal Apps in Windows 10 can enable organizations to secure systems but still allow users to install ‘after work applications’

Author/Presenter: Russell Smith, Windows & IT Security Expert

Photograph of Russell Smith

Russell Smith, IT Consultant & Security MVP

Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.

Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.