

Cut Microsoft admin rights to mitigate 92% of threats, study shows - skipass
http://www.computerweekly.com/news/2240214560/Cut-Microsoft-admin-rights-to-mitigate-92-of-threats-study-shows

======
joshstrange
I'll just file this under "No shit sherlock".

Really, is it any surprise to anyone here that if you give employees less rope
it's harder for them to hang themselves? For employees that need admin so that
they can install programs and modify settings you simply have a "Here is admin
access but don't come to us if you break it" policy.

This article seems painfully obvious and doesn't belong on HN IMHO.

~~~
recursive
How is it simple to have a "don't come to us" policy? Who should they then
come to? A hundred different people trying to fix a problem they don't really
understand a hundred different ways is probably going to do more damage in the
long run.

------
oz
Most sysadmins don't want to give users admin rights on their machines. But
the problem occurs when there's software (especially software written for
previous versions of Windows) that requires admin access to run. Management
doesn't wanna hear it about "privilege separation" and "principle of least
privilege." Bob in Accounting needs Quickbooks to work _right now._

Then, there are the senior managers who know enough to know that they want
admin access so they can do whatever, but not how to protect themselves.
They're gonna call your boss, who's gonna tell you to give them admin access.
And WHEN something goes wrong, guess who gets the blame?

I don't miss those days...

------
kyberias
By Microsoft admin rights, I guess they mean Windows admin rights. Otherwise
it doesn't make any sense.

------
windsurfer
The "study" looks like spam to me: [http://learn.avecto.com/2013-microsoft-
vulnerabilities-repor...](http://learn.avecto.com/2013-microsoft-
vulnerabilities-report)

------
nn3
The exploits today are written for admin-rights account, because most people
use that. But I'm sure there are plenty of non-admin->admin holes too. If
running as non admin became wide spread the exploits would just need to add an
additional step to become admin after they exploited the non admin user. Thus
would be a short term improvement at best.

