Building a Secure and Compliant Windows Desktop by Derek Melber, Microsoft MVP, MCSE, CISM
Improving desktop security is a priority for nearly all companies. This is fueled by an increased recognition of the threat unsecured desktops pose, as well as a need to meet compliance regulations. However, most companies have struggled with implementing new security solutions. Removing administrator rights from end users when they log into their desktop is the Holy Grail of desktop security. Implementation of this level of security has been difficult due to the fact that ordinary activities an end user needs to do for their job, such as running certain applications, performing authorized installations, or managing certain desktop settings require users to have administrative privileges. The good news is that the technologies exist to eliminate the need for end users to have administrative privileges on their desktop to perform their job tasks. This paper presents the benefits or removing administrator rights from end users, the combination of technologies needed for effective implementation of this level of security, and how to best remove the local Administrator account, while maintaining the users' access to all applications.