Yesterday I received a pre-release copy of Russel Smith’s book called Least Privilege Security for Windows 7, Vista and XP. The book is entirely dedicated to the subject of running Least Privilege Security (or standard user accounts) on Windows operating systems in the enterprise.
The book has 420 pages and covers the following topics:
- Chapter 1, An Overview of Least Privilege Security in Microsoft Windows
- Chapter 2, Political and Cultural Challenges for Least Privilege Security
- Chapter 3, Solving Least Privilege Problems with the Application Compatibility Toolkit
- Chapter 4, User Account Control
- Chapter 5, Tools and Techniques for Solving Least Privilege Security Problems
- Chapter 6, Software Distribution using Group Policy
- Chapter 7, Managing Internet Explorer Add-ons
- Chapter 8, Supporting Users Running with Least-Privilege
- Chapter 9, Deploying Software Restriction Policies and AppLocker
- Chapter 10, Least Privilege in Windows XP
- Chapter 11, Preparing Vista and Windows 7 for Least Privilege Security
- Chapter 12, Provisioning Applications on Secure Desktops with Remote Desktop
Services, - Chapter 13, Balancing Flexibility and Security with Application Virtualization
- Chapter 14, Deploying XP Mode VMs with MED-V
You can download the FREE chapter Solving Least privilege Problems with the Application Compatibility Toolkit from here
I haven’t read the entire book yet, but from what i have seen thus far, it’s definitely a must have for any IT Pro who working within the Client Desktop management space. I’ll submit further feedback when I have completed the review.
This book hits the mark in so many ways, but it also leads pre-readers to believe that many of the solutions in the outline provide least privilege. Least privilege is only available with solutions that allow IT to remove the user out of the local admins group, but still allow apps and OS features to perform fully. for apps and OS features that require local admin privileges, there must be another solution implemented. The most seasoned and most secure solution on the market for this is BeyondTrust’s PowerBroker Desktops. It fits into your existing Group Policy/AD structure, with no intrusion at all! Nothing is installed on a DC. Then, rules are generated automatically that allow users to run apps and OS features, while still being a standard user! http://www.beyondtrust.com
Derek Melber, MVP
The Winnipeg Computer Master Says Thanks For Sharing, Nice Site, And Good Job!