Least Privilege Security for Windows 7, Vista, and XP

Richard Bejtlich said
Russell Smith's Least Privilege Security for Windows 7, Vista, and XP (LPS) is a helpful contribution to the toolbox of many enterprise system administrators. Numerous organizations are finally realizing that the Internet is too hostile an environment to let normal users function with elevated privileges. Although by no means a panacea for preventing intrusions, users operating with least privilege are somewhat more able to resist some attack vectors. Beyond resisting attacks, users operating with least privilege are more likely to meet organizational rules. Thanks to LPS, administrators running Windows 7, Vista, and XP can apply the author's lessons and guidance to their own environment.

I liked LPS because it applies to Windows 7, Vista, and XP. This really reflects the range of environments one is likely to encounter in the real world. (I still see Windows 2000 and even some NT, but those should be considered targets for decommissioning, not new life using least privilege!) The author does not assume that implementing least privilege is a foregone conclusion. He devotes an entire chapter to cultural and political objections to removing local administrator rights. Most chapters present a variety of tools and techniques to accomplish similar goals. The text is also very thorough, with dozens of checklists and supporting screen captures. I also appreciated hearing about several technologies which were fairly new to me, such as DirectAccess, Windows Remote Management (WinRM, Microsoft's version of WS-Management Protocol), Windows Remote Assistance and Easy Connect, and Microsoft's Internet Connectivity Evaluation Shell. The thought of Remote Desktop Protocol over HTTPS through TS Gateways, from the Internet straight to corporate desktops, horrified me.

My main problem with LPS (hence the loss of one star) involved framing the discussions in each chapter. I didn't quite follow some of the material (such as chapter 3). The author seemed too quick to jump to describing an implementation. I could have used more background on the technology and the problem it was trying to solve. However, I felt that it was likely many readers would already know the problem they needed to solve, and Smith's approach would deliver the content fairly well.

I recommend LPS to readers trying to better protect their enterprise, but be sure to include stronger warnings about the limitations of least privilege. Many instances of modern malware are happy to operate with least privilege constraints, so consider improved configuration as one element of a comprehensive security strategy.