ID Number: G00211136



Best Practices for Removing End-User Administrator Rights on Windows
14 March 2011
 
Neil MacDonald   Michael A. Silver  

Removing administrator rights from end users is one of the single most-effective ways to improve overall security posture, but it must be well-planned to avoid common pitfalls and a failed project.




Price: US$495.00

Pages: 12











Contact Gartner





Purchasing this document is fast, easy and secure, but you must be registered with gartner.com so we can track your order. Please select your status from these three choices:
Registration is required to purchase this document.
Or, you can register for gartner.com only.
 You or your organization may already own this document. Register now to find out. Your Gartner Membership Administrator can supply the needed License Key(s).
You will not lose your document during registration.
Sign in here:
Username:

Password:
Forgot your username
or password?







For more information about purchasing this or other documents, contact Gartner at one of the telephone numbers below:
North America:    +1 203-316-3010 7:30 am - 8:00 pm Stamford, CT
Europe:    +44 1784 267770 9:00 am - 5:00 pm London
Asia/Pacific:    +65 6879 2785 9:00 am - 6:00 pm Singapore
Japan:    +81 3 3481 3552 9:00 am - 5:30 pm Tokyo

This document is not available as part of your current Gartner subscription. For pricing and availability of the full document, please contact your Gartner account representative. Your account representative can also give you more information about your current subscription and other access options that may be available to you. If you do not have a Gartner account representative, call +1 203 316 1200 for assistance.

Table of Contents

Contents
  • Analysis
    • Agree on the Problem You're Trying to Solve, and Understand the Limitations of Removing Administrator Rights
    • Don't Overlook the Cultural and Political Challenges of Removing Administrator Rights
    • Survey and Test Applications and Usage Scenarios to Understand Administrator Access Requirements
    • Use the Migration to Windows 7 as a Catalyst for the Switch to Running as a Standard User
    • Have a Definitive Plan for How Browser Plug-Ins Will Be Handled
    • Have a Definitive Plan for How Drivers Will Be Handled
    • Plan for Additional Controls If the Goal Is to Keep End Users From Installing Software
    • Consider the Use of Third-Party Tools That Can Elevate Privileges for Exceptions
    • Design and Staff an Exception Process for When End Users Need Unapproved Software
    • Design and Staff a Process for Application Approval
    • Consider Full Virtualization as an Alternative
    • Require Application Vendors to Change
    • Tying It All Together: Don't Try to Remove Administrator Rights From All Users
  • Recommended Reading




© 2011 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 1587523