Gartner Blog Network

The Single Most Important Way to Improve Endpoint Security

by Neil MacDonald  |  August 23, 2011  |  2 Comments

Run more of your Windows users without administrator rights.

I’ve talked about this several times before – including here, here and here.

While it may not be feasible to remove administrator rights from all users, it is an absolutely achievable goal to continue to improve the percentage of Windows users running without administrator rights year over year for the foreseeable future. Make this your goal for 2012.

Case in point – I talked with a client today that had removed administrator rights from 90% of their users. This is a noteworthy achievement as they are only in the planning process of migrating to Windows 7. They had achieved this on Windows XP and for large numbers of XP-based laptop users. Impressive.

Better yet, I worked with this client on a strategy to move this to 95-97% using the migration to Windows 7 as a catalyst for further improvements – some coming from improvements in the Windows OS (like a new printer driver model) and some coming from the selective use of a third party tool for Windows privilege management.

If you are struggling with malware infestations and are considering switching out vendors, take a look first at removing administrator rights. For Gartner clients, I’ve outlined the best practices for achieving this in this research document.

Remember, if done correctly, removal of administrator rights does not have to equate to “lockdown”.

Category: beyond-anti-virus  endpoint-protection-platform  microsoft-security  windows-7  

Tags: best-practices  beyond-anti-virus  endpoint-protection-platform  lockdown  microsoft-security  security-no-brainer  windows  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on The Single Most Important Way to Improve Endpoint Security

  1. What about making sure that you use strong authentication at the log in ?

  2. Neil MacDonald says:


    Sure that helps – but it doesn’t protect from end users doing stupid things and being tricked into loading malware, malicious PDFs, etc. Actually, I’m being too harsh on the end users. The RSA attack was a zero day contained in a PDF labeled something like “next year’s HR plan”. A large number of people would be tricked by that.

    People will be targeted and tricked – so let’s minimize the ability of this code to cause damage to the Windows system files or sensitive areas of the machine.

    The vast majority of Windows vulnerabilities(90+% in a study by Avecto I believe) run code in the context of the logged in user. If users run with administrator rights, everything is open.


Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.