Chap 2
Chapter 3
The Principle of Least Privilege-
The Principle of Least Privilege is:
The best balance between providing necessary access to authorized users and applications, and denying any unnecessary access.
Provides just the necessary access required to carry out a task.
The application of the principle of least privilege limits the damage that can result from accident, error, or unauthorized use.
In windows the principle of least privilege is implemented at the user account level.
In Microsoft all accounts that use this principle are call least privilege user accounts or LUAs.
The majority of permissions in a Windows environment are controlled at the user group level.
A way to implement least privilege is to create user groups that represent roles in your organization.
Each organization is different and there are several ways to create roles.
The windows installation process creates the different groups as Windows is installed.
These different groups represent common roles within an organization and provide a starting point for implementing least privilege. User groups and Descriptions: Administrators- granted urestricted access to the computers resources, this is the highest account level; Power Users- Limited administrative rights, including the ability to install software and manage users, and extensive file and folders access permissions; Users- Limited user rights, prevented from making most system changes(aka limited user accounts.); Guests- very limited user rights, fewer rights than regular users; Backup Operators- ability to back up and restore files, regardless of the files permissions; Remote Desktop Users-Regular user rights plus the right to logon remotely.
Each group in Windows has the ability to apply rights and permissions to sets of users.
Associating users with one or more groups allows the implementation of least privilege in a group setting, as opposed to configuring each individual user account. Securing groups instead of individual
The Principle of Least Privilege-
The Principle of Least Privilege is:
The best balance between providing necessary access to authorized users and applications, and denying any unnecessary access.
Provides just the necessary access required to carry out a task.
The application of the principle of least privilege limits the damage that can result from accident, error, or unauthorized use.
In windows the principle of least privilege is implemented at the user account level.
In Microsoft all accounts that use this principle are call least privilege user accounts or LUAs.
The majority of permissions in a Windows environment are controlled at the user group level.
A way to implement least privilege is to create user groups that represent roles in your organization.
Each organization is different and there are several ways to create roles.
The windows installation process creates the different groups as Windows is installed.
These different groups represent common roles within an organization and provide a starting point for implementing least privilege. User groups and Descriptions: Administrators- granted urestricted access to the computers resources, this is the highest account level; Power Users- Limited administrative rights, including the ability to install software and manage users, and extensive file and folders access permissions; Users- Limited user rights, prevented from making most system changes(aka limited user accounts.); Guests- very limited user rights, fewer rights than regular users; Backup Operators- ability to back up and restore files, regardless of the files permissions; Remote Desktop Users-Regular user rights plus the right to logon remotely.
Each group in Windows has the ability to apply rights and permissions to sets of users.
Associating users with one or more groups allows the implementation of least privilege in a group setting, as opposed to configuring each individual user account. Securing groups instead of individual