BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

When Legacy Apps Dictate Desktop User Privilege Access

Posted October 25, 2010    Peter McCalister

legacy apps require admin rightsIn an enterprise Windows’ desktop environment, whether a company has 100 or 10,000 seats, the challenge of managing access is fraught with difficulty.

Even if an IT administrator can work out how to circumnavigate Windows User Access Controls or how to set a Group Policy for every application, there will invariably still be a legacy application on which the company relies, which will only run if every user is given administrator status.

In effect one or more legacy application forces the company to leave the entire network vulnerable to either intentional or accidental damage from giving users a higher level of privileged access than they require.

These applications will have been written in-house, or by a third party provider, to meet the bespoke needs of the company – and yet without recognising the security risks and compliance headache caused by leaving desktop access wide open.

Equally rife, is the use of legacy apps such as Sage Instant Accounts and Intuit Quick Books, more associated with the individual user or small company, but more often than not used en-masse in larger companies with 100+ desktops.

The impact of these legacy apps, is not just the security risks they pose, but also the impact on IT support in fixing the unintentional errors caused by over privileged desktop users.

Leave a Reply

Additional articles

Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.

password-safety

What Does Microsoft Local Administrator Password Solution Really Do?

Posted May 19, 2015    Morey Haber

LAPS is a feature that allows the randomization of local administrator accounts across the domain. Although it would seem that this capability overlaps with features in BeyondTrust’s PowerBroker Password Safe (PBPS), the reality is it is more suited for simple use cases such as changing the local Windows admin account and not much more.

Tags:
, ,
webinar_ondemand

On Demand Webinar: Securing Windows Server with Security Compliance Manager

Posted May 14, 2015    BeyondTrust Software

On Demand Webinar: Security Expert Russell Smith, explains how to use Microsoft’s free Security Compliance Manager (SCM) tool to create and deploy your own security baselines, including user and computer authentication settings.

Tags:
, ,