Least Privilege Security for Windows 7, Vista and XP

Secure Microsoft Windows desktops with least privilege security for regulatory compliance and business agility with this security book and eBook for Windows 7, Vista and XP

Least Privilege Security for Windows 7, Vista and XP

Starting
Russell Smith

Secure Microsoft Windows desktops with least privilege security for regulatory compliance and business agility with this security book and eBook for Windows 7, Vista and XP
$35.99
$59.99
RRP $35.99
RRP $59.99
eBook
Print + eBook
$12.99 p/month

Get Access

Get Unlimited Access to every Packt eBook and Video course

Enjoy full and instant access to over 3000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Code Files
+ Collection
Free Sample

Book Details

ISBN 139781849680042
Paperback464 pages

About This Book

  • Implement Least Privilege Security in Windows 7, Vista and XP to prevent unwanted system changes
  • Achieve a seamless user experience with the different components and compatibility features of Windows and Active Directory
  • Mitigate the problems and limitations many users may face when running legacy applications
  • Distribute applications, updates and ActiveX Controls to least privilege users with Group Policy, application virtualization and the ActiveX Installer Service
  • Ensure reliable remote access for IT administrators to support users by configuring support features and firecall access

Who This Book Is For

This book is for System Administrators or desktop support staff who want to implement Least Privilege Security on Windows systems.

Table of Contents

Chapter 1: An Overview of Least Privilege Security in Microsoft Windows
What is privilege?
What is Least Privilege Security?
Least Privilege Security in Windows
Advanced Least Privilege Security concepts
Least Privilege Security in the real world
Benefits of Least Privilege Security on the desktop
What problems does Least Privilege Security not solve?
Common challenges of Least Privilege Security on the desktop
Least Privilege and your organization's bottom line
Summary
Chapter 2: Political and Cultural Challenges for Least Privilege Security
Company culture
Getting support from management
User acceptance
Applying Least Privilege Security throughout the enterprise
Managing expectations
Maintaining flexibility
User education
Summary
Chapter 3: Solving Least Privilege Problems with the Application Compatibility Toolkit
Quick compatibility fixes using the Program Compatibility Wizard
Achieving application compatibility in enterprise environments
Summary
Chapter 4: User Account Control
User Account Control components
The shield icon
User Account Control access token model
Conveniently elevating to admin privileges
Summary
Chapter 5: Tools and Techniques for Solving Least Privilege Security Problems
Granting temporary administrative privileges
Bypassing user account control for selected operations
Configuring applications to run with elevated privileges on-the-fly
Solving LUA problems with Avecto Privilege Guard
Suppressing unwanted User Account Control prompts
Setting permissions on files and registry keys
Fixing problems with the HKey Classes Root registry hive
Mapping .ini files to the registry
Using LUA Buglight to identify file and registry access violations
Summary
Chapter 6: Software Distribution using Group Policy
Installing software using Group Policy
Summary
Chapter 7: Managing Internet Explorer Add-ons
ActiveX controls
Managing add-ons
Summary
Chapter 8: Supporting Users Running with Least Privilege
Providing support
Troubleshooting using remote access
Enabling and using command-line remote access tools
Enabling and using graphical remote access tools
Configuring Windows Firewall to allow remote access
Summary
Chapter 9: Deploying Software Restriction Policies and AppLocker
Controlling applications
Implementing Software Restriction Policy
AppLocker
Summary
Chapter 10: Least Privilege in Windows XP
Installing Windows XP using the Microsoft Deployment Toolkit
Windows XP security model
CD burning
ActiveX controls
Changing the system time and time zone
Power management
Managing network configuration
Identifying LUA problems using Standard User Analyzer
Summary
Chapter 11: Preparing Vista and Windows 7 for Least Privilege Security
The Application Compatibility Toolkit
Creating a Data Collection Package
Printers and Least Privilege Security
Logon scripts
Why do a desktop refresh from a technical perspective?
Different methods of reinstalling Windows
Reinstall Vista or Windows 7 with Least Privilege Security
Summary
Chapter 12: Provisioning Applications on Secure Desktops with Remote Desktop Services
Introducing Remote Desktop Services
Summary
Chapter 13: Balancing Flexibility and Security with Application Virtualization
Microsoft Application Virtualization 4.5 SP1 for Windows desktops
VMware ThinApp
Summary
Chapter 14: Deploying XP Mode VMs with MED-V
Solving least privilege security problems using virtual machines
Microsoft Enterprise Desktop Virtualization (MED-V)
Summary

What You Will Learn

  • Explore the principle of Least Privilege Security and implement it across different versions of Microsoft Windows
  • Overcome the most common technical challenges of implementing Least Privilege Security on the desktop
  • Apply Least Privilege Security to different categories of users and get buy-in from management
  • Identify any potential compatibility problems with Least Privilege Security and software installed on networked PCs using Microsoft's Application Compatibility Toolkit (ACT)
  • Prepare a desktop image with Least Privilege Security enabled from the start and deploy the new image while preserving users' files and settings
  • Configure User Account Control on multiple computers using Group Policy
  • Modify incompatible applications and achieve the best balance between compatibility and security by using Application Compatibility shims
  • Deploy applications using Group Policy Software Installation (GPSI) and Windows Installer and create MSI wrappers for legacy setup programs
  • Install per-machine ActiveX Controls using the ActiveX Installer Service (AxIS)
  • Deploy default Software Restriction Policy (SRP) or AppLocker rules to ensure only programs installed in protected locations can run and blacklist applications using SRP or AppLocker

Here is a brief summary of what each chapter covers:

Chapter 1: An Overview of Least Privilege Security in Microsoft Windows
Explore the principle of Least Privilege Security and implement it in different versions of Microsoft Windows. Control and change system privileges. Benefit from implementing Least Privilege Security on the desktop and overcome the most common technical and political problems and challenges when implementing Least Privilege Security.

Chapter 2: Political and Cultural Challenges for Least Privilege Security
Understand the reasons why users may not accept Least Privilege Security on the desktop. Clearly explain and justify the benefits of Least Privilege Security for your organization. Apply Least Privilege Security to different categories of users and get buy-in from management.

Chaper 3: Preparing Vista and Windows 7 for Least Privilege Security
Collect and analyze data to identify any potential compatibility problems with Least Privilege Security and software installed on networked PCs using Microsoft's Application Compatibility Toolkit (ACT). Analyze logon scripts for Least Privilege compatibility. Prepare a desktop image with Least Privilege Security enabled from the start and deploy the new image while preserving users' files and settings.

Chapter 4: Least Privilege in Windows XP
Redeploy Windows XP with Least Privilege Security using the Microsoft Deployment Toolkit. Identify problems with applications caused by Least Privilege Security using the Application Compatibility Toolkit. Mitigate the problems and limitations users may face when running with a Least Privilege Security account. Handle ActiveX controls in Windows XP.

Chapter 5: User Account Control
Achieve a seamless user experience by using the different components and compatibility features of User Account Control. Configure User Account Control on multiple computers using Group Policy and understand the inner workings of User Account Control's core components.

Chapter 6: Supporting Users Running with Least-Privilege
Support Least-Privilege user accounts using reliable remote access. Connect to remote systems with administrative privileges using different techniques. Enable remote access using Group Policy and Windows Firewall.

Chapter 7:Microsoft Windows Application Compatibility Infrastructure
Modify incompatible applications on the fly and achieve the best balance between compatibility and security by using Application Compatibility shims. Create shims using Application Compatibility Toolkit 5.5 and distribute compatibility databases to devices across the enterprise.

Chapter 8: Software Distribution using Group Policy
Prepare to deploy applications using Group Policy Software Installation (GPSI) and Windows Installer. Repackage legacy setup programs in Windows Installer .msi format. Make GPSI more scalable and flexible using the Distributed File System (DFS). Target client computers using Windows Management Instrumentation (WMI) filters and Group Policy Scope of Management.

Chapter 9: Internet Explorer Add-on Management
Support per-user and per-machine ActiveX Controls and manage Internet Explorer add-ons via Group Policy. Install per-machine ActiveX Controls using the ActiveX Installer Service (AxIS). Implement best practices for working with ActiveX Controls in a managed environment.

Chapter 10: Software Restriction Policies and AppLocker
Deploy default Software Restriction Policy (SRP) or AppLocker rules to ensure only programs installed in protected locations can run. Force an application to launch with standard user privileges even if the user is an administrator. Blacklist an application using SRP or AppLocker.

In Detail

Least Privilege Security is the practice of assigning users and programs the minimum permissions required to complete a given task. Implementing this principle in different versions of Microsoft Windows requires careful planning and a good understanding of Windows security. While there are benefits in implementing Least Privilege Security on the desktop, there are many technical challenges that you will face when restricting privileges.

This book contains detailed step-by-step instructions for implementing Least Privilege Security on the desktop for different versions of Windows and related management technologies. It will provide you with quick solutions for common technical challenges, Microsoft best practice advice, and techniques for managing Least Privilege on the desktop along with details on the impact of Least Privilege Security.

The book begins by showing you how to apply Least Privilege Security to different categories of users. You will then prepare a desktop image with Least Privilege Security enabled from the start and deploy the new image while preserving users' files and settings. You will identify problems with applications caused by Least Privilege Security using the Application Compatibility Toolkit. This book will help you configure User Account Control on multiple computers using Group Policy and support Least Privilege user accounts using reliable remote access. Then, you will modify legacy applications for Least Privilege Security, achieving the best balance between compatibility and security by using Application Compatibility shims. You will install per-machine ActiveX Controls using the ActiveX Installer Service (AxIS). The book will help you implement best practices for working with ActiveX Controls in a managed environment. Finally, you will deploy default Software Restriction Policy (SRP) or AppLocker rules to ensure only programs installed in protected locations can run and blacklist applications using SRP or AppLocker.

Authors

Table of Contents

Chapter 1: An Overview of Least Privilege Security in Microsoft Windows
What is privilege?
What is Least Privilege Security?
Least Privilege Security in Windows
Advanced Least Privilege Security concepts
Least Privilege Security in the real world
Benefits of Least Privilege Security on the desktop
What problems does Least Privilege Security not solve?
Common challenges of Least Privilege Security on the desktop
Least Privilege and your organization's bottom line
Summary
Chapter 2: Political and Cultural Challenges for Least Privilege Security
Company culture
Getting support from management
User acceptance
Applying Least Privilege Security throughout the enterprise
Managing expectations
Maintaining flexibility
User education
Summary
Chapter 3: Solving Least Privilege Problems with the Application Compatibility Toolkit
Quick compatibility fixes using the Program Compatibility Wizard
Achieving application compatibility in enterprise environments
Summary
Chapter 4: User Account Control
User Account Control components
The shield icon
User Account Control access token model
Conveniently elevating to admin privileges
Summary
Chapter 5: Tools and Techniques for Solving Least Privilege Security Problems
Granting temporary administrative privileges
Bypassing user account control for selected operations
Configuring applications to run with elevated privileges on-the-fly
Solving LUA problems with Avecto Privilege Guard
Suppressing unwanted User Account Control prompts
Setting permissions on files and registry keys
Fixing problems with the HKey Classes Root registry hive
Mapping .ini files to the registry
Using LUA Buglight to identify file and registry access violations
Summary
Chapter 6: Software Distribution using Group Policy
Installing software using Group Policy
Summary
Chapter 7: Managing Internet Explorer Add-ons
ActiveX controls
Managing add-ons
Summary
Chapter 8: Supporting Users Running with Least Privilege
Providing support
Troubleshooting using remote access
Enabling and using command-line remote access tools
Enabling and using graphical remote access tools
Configuring Windows Firewall to allow remote access
Summary
Chapter 9: Deploying Software Restriction Policies and AppLocker
Controlling applications
Implementing Software Restriction Policy
AppLocker
Summary
Chapter 10: Least Privilege in Windows XP
Installing Windows XP using the Microsoft Deployment Toolkit
Windows XP security model
CD burning
ActiveX controls
Changing the system time and time zone
Power management
Managing network configuration
Identifying LUA problems using Standard User Analyzer
Summary
Chapter 11: Preparing Vista and Windows 7 for Least Privilege Security
The Application Compatibility Toolkit
Creating a Data Collection Package
Printers and Least Privilege Security
Logon scripts
Why do a desktop refresh from a technical perspective?
Different methods of reinstalling Windows
Reinstall Vista or Windows 7 with Least Privilege Security
Summary
Chapter 12: Provisioning Applications on Secure Desktops with Remote Desktop Services
Introducing Remote Desktop Services
Summary
Chapter 13: Balancing Flexibility and Security with Application Virtualization
Microsoft Application Virtualization 4.5 SP1 for Windows desktops
VMware ThinApp
Summary
Chapter 14: Deploying XP Mode VMs with MED-V
Solving least privilege security problems using virtual machines
Microsoft Enterprise Desktop Virtualization (MED-V)
Summary

Book Details

ISBN 139781849680042
Paperback464 pages
Read More