Tech-2 Security

Privilege Access Management It is in the Security 101 manual that end users (no matter who they are) should not have admin rights on their workstations.   Certain users may be allocated an administrative account for their workstation, but this account must not have internet access or an associated email account and must not be used for normal day to day tasks.   However, in general this is not a recommended approach and also has its share of problems. The reason for this is simple, admin rights enable applications and processes to execute in the context of a privileged user which in essence means code can get installed or access the system at a low level, in many cases without the user knowing.   Removing admin rights on a Windows workstation will immediately thwart somewhere in the region of 80% of current threats.   It also allows the Domain administrators to take back control of their endpoints. How often have we heard this from decision makers? “I don’t mind users having