In network security, the term "privilege" refers to a users ability to access certain data and resources, and their ability to make configuration changes to a computer or the network. The "principle of least privilege" means giving a user only those privileges which are required to do their work.
Some administrators, being very busy and tired of being pestered by users, will simply grant full administrator privileges to many users. In fact, It's very common for administrators to give laptop users full administrative privileges to their computers. This allows the users to install hardware or software to their laptop.
When a user's account allows them to install software, it also allows them to inadvertently install malware. And that malware receives the same administrative rights as the user. Although there may be valid reasons to give users administrative rights to their computers, this significantly increases the risk of the computer being compromised, and these risks can affect many areas of an organization's operations.
It's important for system administrators to understand the log on process. When a user logs on to a computer, the operating system authenticates the user's credentials and starts an instance of the Windows desktop. This desktop runs with the user's security context with the logged on user's access rights and permissions. Any viruses or spyware on the computer also receives that user's security context, access rights and permissions.
If a user logs on and authenticates as a member of the local Administrators group, any program that the user starts will run with the full administrator rights to that computer. Administrative rights allows the user to carry out the following actions:
• Install, run, and uninstall programs.
• Install and uninstall device drivers.
• Install, start, and stop services.
• Install, start, and stop processes.
• Create, modify, and delete registry settings.
• Replace operating system files.
• Configure firewall settings.
• Control event log entries.
• Access the Security Accounts Manager (SAM).
Because a user with administrative rights can make these system-wide changes, so can any program that a user with administrative rights runs, including malicious software. For the majority of computer users, these rights are unnecessary and significantly increase the risk to the computer.
If a user logs on and authenticates as a standard user they can access only a reduced number of resources and are able to make changes to only particular areas. Standard users rights allow the user to can carry out only the following tasks:
• Run programs.
• View the status of device drivers.
• View the status of services.
• View running processes.
• Create, modify, and delete registry settings only within HKEY_CURRENT_USER, and read registry settings in HKEY_LOCAL_MACHINE.
• Read most operating system files.
• View firewall settings.
• View system and application log entries only.
Users can still carry out tasks that are required for them to do their jobs, such as attach to a wireless network, install signed Plug and Play drivers, and change desktop settings.
During installation Windows 7 creates a default administrator account, named Administrator. This account is not associated with any password and is disabled by default. The installation then requests a user name and password which it uses to create the first account, which joins the Administrators group. This account is equivalent to the original built-in Administrator account, except that when used to perform administrative level functions it is prompted by the User Account Control (UAC) From this account you can create and manage all other user accounts.
It is recommended, even if there is only one user of the computer, that you create a second, standard user account for daily use. This standard user account will not allow malware that finds its way onto the system to receive administrator rights, thus creating a higher level of security. If you should require administrative privileges for managing the system, you can always log on with the first account.
To create a new account, you can log on with the username and password of the first user account, which is a member of the Administrators group, open Control Panel and in the User Accounts and Family Safety group, select Add or remove user accounts.
Click on Create a new account, and on the Name the account and choose an account type page, type in the new account name and set the Standard user checkbox. Then click on the [Create Account] button. To assign a password click on that account's icon and select Create a password. Alternatively, leave it blank to allow the user to set a password when they first log on.
Once you create a standard user account, you can use group policies and NTFS permissions to limit users access to data and system resources. To use group policies you'll need to log on as Administrator and open the The Local Group Policy Editor (gpedit.msc). The Local Group Policy Editor is not included in the Windows 7 Starter, Home Basic, and Home Premium editions. In those versions of Windows 7 you'll have to edit the registry manually to set users access rights.
To use NTFS permissions to limit users access to data and system resources, you'll need to log on as Administrator and right-click on the drive, folder, or file that you want to configure access for and, in the menu that appears, select Properties. In the Properties dialog box that appears, click on the Security tab. On the Security page, click on the name of a user or group for which you want to configure access and, in the Permission Entry dialog box that appears, set the checkboxes to allow or deny any permission from Read permissions to Full control.
Probably the most difficult issues to deal with when implementing the Principle of Least Privilege are political issues. When the company issues an employee a computer, that employee often feels that it's their computer and that they should have complete control over it. However, when the employee causes damage that cost the company serious money, the blame is going to be on the administrator that give them full administrative control.
Many company executives expect full control over not only their computers, but the companies entire network and free access to all company information. To manage this situation, it's important to educate management about the growing threat from malicious software and how much damage can be caused by an attack. Educate them about the legal liability the company faces if customers personal information is compromised by malicious software.
Both company executives and system administrators can have multiple user accounts with different levels of privileges. Executives would get most use of the computers and network under a standard user account with limited access. When they need access to company critical or confidential information, they could quickly log on and off with a second higher privileged account.
Similarly system administrators could get most use of the computers and network under a standard user account with limited access. Only when Administrator privileges are required would they quickly log on and off with an administrators account.
The Principle of Least Privilege refers to giving users permissions to access only the data and system resources which are required to do their work. Give users full administrative rights to their computers, or data and resources not directly required to do their work significantly increases the risk of the companies critical or confidential information being compromised.
More Windows Administration Information:
• Basic Functions of Microsoft Active Directory
• The Windows 7 Backup and Restore Utility
• Windows Event Logs for Maintaining or Troubleshooting Your PC
• How to Audit Security Permissions and Access Rights in Active Directory
• Use the HOSTS File to Block Web Sites
• How to Create a Bootable USB Drive
• Disable Cutesy Effects to Speed Up Windows 10
• What is Windows Aero and Mouse Gestures?
• Configure Vista's Data Execution Prevention
• Network Security Through the Principle of Least Privilege