Book Image

Least Privilege Security for Windows 7, Vista and XP

By : Russell Smith
Book Image

Least Privilege Security for Windows 7, Vista and XP

By: Russell Smith

Overview of this book

Least Privilege Security is the practice of assigning users and programs the minimum permissions required to complete a given task. Implementing this principle in different versions of Microsoft Windows requires careful planning and a good understanding of Windows security. While there are benefits in implementing Least Privilege Security on the desktop, there are many technical challenges that you will face when restricting privileges.This book contains detailed step-by-step instructions for implementing Least Privilege Security on the desktop for different versions of Windows and related management technologies. It will provide you with quick solutions for common technical challenges, Microsoft best practice advice, and techniques for managing Least Privilege on the desktop along with details on the impact of Least Privilege Security.The book begins by showing you how to apply Least Privilege Security to different categories of users. You will then prepare a desktop image with Least Privilege Security enabled from the start and deploy the new image while preserving users' files and settings. You will identify problems with applications caused by Least Privilege Security using the Application Compatibility Toolkit. This book will help you configure User Account Control on multiple computers using Group Policy and support Least Privilege user accounts using reliable remote access. Then, you will modify legacy applications for Least Privilege Security, achieving the best balance between compatibility and security by using Application Compatibility shims. You will install per-machine ActiveX Controls using the ActiveX Installer Service (AxIS). The book will help you implement best practices for working with ActiveX Controls in a managed environment. Finally, you will deploy default Software Restriction Policy (SRP) or AppLocker rules to ensure only programs installed in protected locations can run and blacklist applications using SRP or AppLocker.
Table of Contents (19 chapters)
Least Privilege Security for Windows 7, Vista and XP
Credits
About the Author
About the Reviewers
Preface
12
Provisioning Applications on Secure Desktops with Remote Desktop Services

Different methods of reinstalling Windows


Pre Vista, when installing a fresh version of Windows from the DVD media, it was best practice to reformat the disk and then proceed with the install. It's inevitable that in an unmanaged environment, there will be data stored on PC hard disks, so reformatting introduces the risk of losing important data.

Manual, non-destructive install

The Windows Imaging Format (WIM) introduced in Vista can install OS images non-destructively, leaving existing data on the disk intact. Provided that you're working with Vista or Windows 7, WIM file-based imaging technology provides system administrators with the option to leave all user files and settings in place, and application binaries are retained on the local disk, though not installed in the new operating system.

Automated install

If you choose to automate the process, the Microsoft Deployment Toolkit (MDT) automatically migrates users' files and settings to the new operating system and optionally backs up the...