The Essentials Series: Eliminating Administrator Rights

by Greg Shields


Too often in today’s IT environments the solution for difficult applications or difficult users is to simply grant them administrator rights and move along. Yet that accumulated distribution of admin rights, and the inappropriate actions and potential for problems that goes with it, eventually takes away IT’s ability to control the environment. The problem with the Windows OS is that sometimes the only way to accomplish a needed task is with Administrator rights. With the right tools and techniques, no more. In The Essentials Series: Eliminating Administrator Rights, we’ll talk about the issues with granting privileges and the ways to take them back. You’ll understand the concept of Least Privilege, the business benefits of eliminating excessive privileges, and the limitations you’ve probably already experienced in today’s native solutions for privilege management.


Article 1: Understanding Least Privilege

Any discussion on the right-sizing of administrative privileges starts with a solid understanding of how Least Privilege works. This article will define Least Privilege and discuss why simply handing out Administrator privileges doesn’t provide the necessary levels of granular control.

Article 2: The Business Benefits of Eliminating Administrator Rights

Once you understand the right ways in which rights should be assigned as learned in Article 1, your next job is in recognizing how their correct assignment benefits the business. In Article 2, you’ll learn how the business benefits along the lines of operational, security, and compliance when admin rights are eliminated in favor of granular privilege assignment.

Article 3: Limitations in Native Solutions for Privilege Management

Tools are natively available today in the Windows OS that go only part of the way in achieving the goals of Least Privilege. But each of those tools remains too coarse in rights assignment. In Article 3, you’ll learn about those native tools and read about the critical omissions in how they assign privileges to users and applications.