Least Privilege Security for Windows 7, Vista, and XP

Least Privilege Security for Windows 7, Vista, and XP
Russell Smith
05 Jul 2010
Purchase online

Secure desktops for regulatory compliance and business agility *Implement Least Privilege Security in Windows 7, Vista and XP to prevent unwanted system changes *Achieve a seamless user experience with the different components and compatibility features of Windows and Active Directory *Mitigate the problems and limitations many users may face when running legacy applications

Page 2 of 2
  1. Editorial Reviews
  2. Customer Reviews

Customer Reviews

Richard Bejtlich said
Russell Smith's Least Privilege Security for Windows 7, Vista, and XP (LPS) is a helpful contribution to the toolbox of many enterprise system administrators. Numerous organizations are finally realizing that the Internet is too hostile an environment to let normal users function with elevated privileges. Although by no means a panacea for preventing intrusions, users operating with least privilege are somewhat more able to resist some attack vectors. Beyond resisting attacks, users operating with least privilege are more likely to meet organizational rules. Thanks to LPS, administrators running Windows 7, Vista, and XP can apply the author's lessons and guidance to their own environment.

I liked LPS because it applies to Windows 7, Vista, and XP. This really reflects the range of environments one is likely to encounter in the real world. (I still see Windows 2000 and even some NT, but those should be considered targets for decommissioning, not new life using least privilege!) The author does not assume that implementing least privilege is a foregone conclusion. He devotes an entire chapter to cultural and political objections to removing local administrator rights. Most chapters present a variety of tools and techniques to accomplish similar goals. The text is also very thorough, with dozens of checklists and supporting screen captures. I also appreciated hearing about several technologies which were fairly new to me, such as DirectAccess, Windows Remote Management (WinRM, Microsoft's version of WS-Management Protocol), Windows Remote Assistance and Easy Connect, and Microsoft's Internet Connectivity Evaluation Shell. The thought of Remote Desktop Protocol over HTTPS through TS Gateways, from the Internet straight to corporate desktops, horrified me.

My main problem with LPS (hence the loss of one star) involved framing the discussions in each chapter. I didn't quite follow some of the material (such as chapter 3). The author seemed too quick to jump to describing an implementation. I could have used more background on the technology and the problem it was trying to solve. However, I felt that it was likely many readers would already know the problem they needed to solve, and Smith's approach would deliver the content fairly well.

I recommend LPS to readers trying to better protect their enterprise, but be sure to include stronger warnings about the limitations of least privilege. Many instances of modern malware are happy to operate with least privilege constraints, so consider improved configuration as one element of a comprehensive security strategy.

You might also like...



Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“Most software today is very much like an Egyptian pyramid with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves” - Alan Kay