office politics
It's all just 1s and 0s
- Messages
- 6,555
- Location
- in the lab
Applying the Principle of Least Privilege to User Accounts on Windows XP
Authenticating as an Administrator
If a user authenticates as a member of the local Administrators group, the desktop and any programs that the user starts will run with the full access rights and permissions of an administrator. Users who have administrative rights can carry out the following actions, which are legitimately required to administer a computer:
• Install, start, and stop services and device drivers.
• Create, modify, and delete registry settings.
• Install, run, and uninstall programs.
• Replace operating system files.
• Terminate processes.
• Control firewall settings.
• Manage event log entries.
• Install Microsoft ActiveX® controls.
• Access the SAM.
For the majority of computer users, these rights are unnecessary and significantly increase the risk to the computer. Because a user with administrative rights can make these system-wide changes, so can any program that a user with administrative rights runs, either intentionally or accidentally. Hence, if a user authenticates with administrative rights, it is far easier for malicious software to install onto that computer.
Authenticating as a User
Users who are not members of the Administrators group can only access a significantly reduced number of resources, and then may only be able to make changes to particular areas. To compare user rights with administrative rights, users can carry out the following tasks:
• View the status of services and device drivers.
• Create, modify, and delete registry settings within HKEY_CURRENT_USER, and read registry settings in HKEY_LOCAL_MACHINE.
• Run programs.
• Read most operating system files.
• View running processes.
• View firewall settings.
• View system and application log entries only.
Limited users can still carry out tasks that are required for them to do their jobs, such as attach to a wireless network, install signed Plug and Play drivers, and change desktop settings. The LUA approach does not seek to limit those abilities, but to reduce risks by limiting the accounts that have administrative rights.
You should now understand the role of groups in Windows XP and the differences between authenticating with administrative and limited user rights. The next section of this paper reviews the benefits that result from the use of limited user accounts.
Authenticating as an Administrator
If a user authenticates as a member of the local Administrators group, the desktop and any programs that the user starts will run with the full access rights and permissions of an administrator. Users who have administrative rights can carry out the following actions, which are legitimately required to administer a computer:
• Install, start, and stop services and device drivers.
• Create, modify, and delete registry settings.
• Install, run, and uninstall programs.
• Replace operating system files.
• Terminate processes.
• Control firewall settings.
• Manage event log entries.
• Install Microsoft ActiveX® controls.
• Access the SAM.
For the majority of computer users, these rights are unnecessary and significantly increase the risk to the computer. Because a user with administrative rights can make these system-wide changes, so can any program that a user with administrative rights runs, either intentionally or accidentally. Hence, if a user authenticates with administrative rights, it is far easier for malicious software to install onto that computer.
Authenticating as a User
Users who are not members of the Administrators group can only access a significantly reduced number of resources, and then may only be able to make changes to particular areas. To compare user rights with administrative rights, users can carry out the following tasks:
• View the status of services and device drivers.
• Create, modify, and delete registry settings within HKEY_CURRENT_USER, and read registry settings in HKEY_LOCAL_MACHINE.
• Run programs.
• Read most operating system files.
• View running processes.
• View firewall settings.
• View system and application log entries only.
Limited users can still carry out tasks that are required for them to do their jobs, such as attach to a wireless network, install signed Plug and Play drivers, and change desktop settings. The LUA approach does not seek to limit those abilities, but to reduce risks by limiting the accounts that have administrative rights.
You should now understand the role of groups in Windows XP and the differences between authenticating with administrative and limited user rights. The next section of this paper reviews the benefits that result from the use of limited user accounts.
