PacktLib: Least Privilege Security for Windows 7, Vista and XP

Least Privilege Security for Windows 7, Vista and XP


About the Author

About the Reviewers


An Overview of Least Privilege Security in Microsoft Windows

What is privilege?

What is Least Privilege Security?

Least Privilege Security in Windows

Advanced Least Privilege Security concepts

Least Privilege Security in the real world

Benefits of Least Privilege Security on the desktop

What problems does Least Privilege Security not solve?

Common challenges of Least Privilege Security on the desktop

Least Privilege and your organization's bottom line


Political and Cultural Challenges for Least Privilege Security

Company culture

Getting support from management

User acceptance

Applying Least Privilege Security throughout the enterprise

Managing expectations

Maintaining flexibility

User education


Solving Least Privilege Problems with the Application Compatibility Toolkit

Quick compatibility fixes using the Program Compatibility Wizard

Achieving application compatibility in enterprise environments


User Account Control

User Account Control components

The shield icon

User Account Control access token model

Conveniently elevating to admin privileges


Tools and Techniques for Solving Least Privilege Security Problems

Granting temporary administrative privileges

Bypassing user account control for selected operations

Configuring applications to run with elevated privileges on-the-fly

Solving LUA problems with Avecto Privilege Guard

Suppressing unwanted User Account Control prompts

Setting permissions on files and registry keys

Fixing problems with the HKey Classes Root registry hive

Mapping .ini files to the registry

Using LUA Buglight to identify file and registry access violations


Software Distribution using Group Policy

Installing software using Group Policy


Managing Internet Explorer Add-ons

ActiveX controls

Managing add-ons


Supporting Users Running with Least Privilege

Providing support

Troubleshooting using remote access

Enabling and using command-line remote access tools

Enabling and using graphical remote access tools

Configuring Windows Firewall to allow remote access


Deploying Software Restriction Policies and AppLocker

Controlling applications

Implementing Software Restriction Policy



Least Privilege in Windows XP

Installing Windows XP using the Microsoft Deployment Toolkit

Windows XP security model

CD burning

ActiveX controls

Changing the system time and time zone

Power management

Managing network configuration

Identifying LUA problems using Standard User Analyzer


Preparing Vista and Windows 7 for Least Privilege Security

The Application Compatibility Toolkit

Creating a Data Collection Package

Printers and Least Privilege Security

Logon scripts

Why do a desktop refresh from a technical perspective?

Different methods of reinstalling Windows

Reinstall Vista or Windows 7 with Least Privilege Security


Provisioning Applications on Secure Desktops with Remote Desktop Services

Introducing Remote Desktop Services


Balancing Flexibility and Security with Application Virtualization

Microsoft Application Virtualization 4.5 SP1 for Windows desktops

VMware ThinApp


Deploying XP Mode VMs with MED-V

Solving least privilege security problems using virtual machines

Microsoft Enterprise Desktop Virtualization (MED-V)