by Neil MacDonald | April 8, 2011 | Comments Off on Even With Windows 7, Privilege Management Tools May be Needed
One of the top recommendations I made to increase your security “bang for the buck” in 2011 was to increase the percentage of users that run without administrative access.
For clients, we’ve recently published a research note that details the best practices for removing administrator rights from Windows users.
One of the best practices is to use the migration to Windows 7 as a catalyst to remove administrator rights. Windows 7 helps the removal of administrator rights with a set of technologies under the umbrella brand of “User Account Control”; however, UAC has it own set of pros and cons.
Many clients have reached the conclusion that a third party privilege management tool will be required to help with the removal of administrator rights – at least for some percentage of their users.
The good news is that there are multiple competing vendors that provide this capability:
- Altiris (Symantec) – as a feature within its application control offering, sold separately on request
- AppSense – as a feature within its application manager offering but not sold separately
- Windows “Run As” (requires administrator credentials)
Note that ScriptLogic has moved beyond its free, community-supported offering to an enterprise version that includes support and more features.
If you are a client, give me a call if you want to talk through these solutions and whether or not they are required with your Windows 7 deployment.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.