Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

The Single Most Important Way to Improve Endpoint Security

by Neil MacDonald  |  August 23, 2011  |  2 Comments

Run more of your Windows users without administrator rights.

I’ve talked about this several times before – including here, here and here.

While it may not be feasible to remove administrator rights from all users, it is an absolutely achievable goal to continue to improve the percentage of Windows users running without administrator rights year over year for the foreseeable future. Make this your goal for 2012.

Case in point – I talked with a client today that had removed administrator rights from 90% of their users. This is a noteworthy achievement as they are only in the planning process of migrating to Windows 7. They had achieved this on Windows XP and for large numbers of XP-based laptop users. Impressive.

Better yet, I worked with this client on a strategy to move this to 95-97% using the migration to Windows 7 as a catalyst for further improvements – some coming from improvements in the Windows OS (like a new printer driver model) and some coming from the selective use of a third party tool for Windows privilege management.

If you are struggling with malware infestations and are considering switching out vendors, take a look first at removing administrator rights. For Gartner clients, I’ve outlined the best practices for achieving this in this research document.

Remember, if done correctly, removal of administrator rights does not have to equate to “lockdown”.

2 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Microsoft Security Windows 7     Tags: , , , , , ,

2 responses so far ↓

  • 1 Ross Macdonald   August 25, 2011 at 6:58 am

    What about making sure that you use strong authentication at the log in ?

  • 2 Neil MacDonald   August 25, 2011 at 7:17 am

    @Ross,

    Sure that helps – but it doesn’t protect from end users doing stupid things and being tricked into loading malware, malicious PDFs, etc. Actually, I’m being too harsh on the end users. The RSA attack was a zero day contained in a PDF labeled something like “next year’s HR plan”. A large number of people would be tricked by that.

    People will be targeted and tricked – so let’s minimize the ability of this code to cause damage to the Windows system files or sensitive areas of the machine.

    The vast majority of Windows vulnerabilities(90+% in a study by Avecto I believe) run code in the context of the logged in user. If users run with administrator rights, everything is open.

    Neil