There
are a number of benefits to organizations when users do not have local
administrator rights on their desktop systems. Desktop management costs are
reduced because the endpoint is more controlled, compliance objectives are met
and your distributed desktop environment is more secure.
Better
Protection against Malware
When the locally logged
on user does not have local administrative rights, the programs and processes
that the user runs do not have rights to modify core operating system files and
settings. This reduces the surface area of an attack from malware. Malware that
runs on the system in the context of the logged on user is not able to change
core system settings. While this does not mean that the system does n’t need
other security software such as firewall and anti-virus, removal of local admin
rights does provide a more secure environment.
For example, there are
many benefits when running the browser and mail client in a mode that does not
have local admin rights. As users interact with web sites and data sources that
are not necessarily trusted, malware that may be encountered is not as likely
to be able to make unauthorized changes and introduce system instabilities.
Every month Microsoft
releases a wide range of software updates (also known as patch Tuesday). Many
of these updates are security related. A large percentage of software updates
that are released by Microsoft every “patch Tuesday”
No comments:
Post a Comment