Way too many administrators. This is clear. This is made clear through the interpretation of some of the compliance regulations such as SarBox and HIPAA and others. This is clear from our internal security audits. It seems that every time someone asks how many domain administrators there are in a given enterprise the answer is much smaller than the reality. When we talk about local administrator rights, the numbers are staggering.
I usually start conversations about limiting local privileges with a question. "Do you ever have a situation where someone requests that they get local adminsitrative rights because they need to run a specific application?" Always, a resounding yes. "Do you ever take away users local administrative rights, only to have them or their boss (or worse, your boss!) come back to tell you that you have all but destroyed their ability to perform their job?" Again, so many head nods it actually can make the room move!
The purpose of this blog is to spend a few weeks discussing some of the situations that we have come across regarding Managing with Least Privilege and how organization are dealing with these issues.
Come back often, book mark, dog ear, flag, google, pluck the page and share your thoguhts. Three or four of us will be participating in adding just about daily content for you to enjoy. Other than providing some thoughtful articles, dialogs, rants, raves... we will also be providing many links to resources out there that you may find helpful in your quest to completely Manage with Least Privilege.
Best regards, and see you back soon.
Kevin Sullivan
Director of Product Management
DesktopStandard
