Book Review: Least Privilege Security for Windows 7,Vista and XP

I was recently approached to do a book review on “Least Privilege Security for Windows 7,Vista and XP by Russell Smith” published by Packt Publishing. This book is a comprehensive guide at showing how to configure your Windows environment so that your users can operate without administrator permissions. While most administrators realise that giving administrators access to the end users is really poor practice and can lead to many security issues it is quite often a permission that some users require to do their job for whatever reason.

Its good to see that this book is quite comprehensive in the number of areas of technology as I firmly believe that you really need to take a multi-prong approach when it comes to security. Here is a list of the just some of technologies that this book talks about to achieve a Least Privilege Security:

  • Program Compatibility Wizard image
  • Applications Compatibility Wizard
  • User Account Control
  • Group Policy Software Deployment
  • Internet Explorer Add-on Management
  • Troubleshooting Remote Users
  • Configuring Windows Firewall
  • Software Restrictions Policies and AppLocker
  • Microsoft Deployment Toolkit
  • CD Burning
  • ActiveX Controls
  • Changing system time and time zones
  • Power Management
  • Managing networks
  • Standard Users Analyzer
  • Applications Compatibility Toolkit
  • Logon Scripts
  • Remote Desktop Services
  • App-V
  • Med-V

In quite a lot of chapters Russell goes into detail step by step instructions explain how to use the above technologies.  But what I really like is that he also takes the time to talk about how to approach the Cultural and Political challenges in implementing this security model as this is normally the hardest part achieving a secure environment.

Configuring security is something that organisation rarely spend much time thinking about and even more rarely do anything about. Having this book in your library will at least give you the knowledge that is required to start to configure your Windows system to be more secure. I would definitely recommend this book as a reference to anyone in an organisation who is responsible for designing and/or making changes to their Windows environment.

As a special offer Packt Publishing are also letting people download preview chapter of this book by download here Chapter No. 3 – Solving Least privilege Problems with the Application Compatibility Toolkit 

Packt Publishing have also announced discount for purchases of two or more so you could use this offer to get a discount when you buy another book from their catalogue (See new-discounts-launched-purchases-multiple-books for details).

You can either purchase the paper and/or PDF (for convenient iPad reading) version of this book right now from: Least Privilege Security for Windows 7,Vista and XP by Russell Smith

5 Comments

  1. Alan,

    Thanks for the review! I just saw this book the other day and was a bit taken back by the size. I think you are on the mark here with your review, but the I want to ensure that the overall concept and title of the book is clear to those that read the book and posts like this.

    The book is titled “least privilege” and even the chapter you mention is free “Solving Least Privilege with Application Compatibility Toolkit” is misguiding. The only way to solve least privilege is to remove the user from the local Administrators group! There is NO OTHER WAY! Of course, once you do this you have to solve the issues of installing, running applications and ActiveX controls, as well as OS features. BeyondTrust Privilege Manager is ideal for this, of course! I am sure you will agree, as this is the ideal Group Policy extension to solve least privilege.

    As for the other chapters in the book that talk about “applications” and “compatibility”, they might be misleading, as they don’t solve least privilege! App-V, Med-V, UAC, etc… don’t solve least privilege!

    I am sure the book is great and a great resource, but readers be aware you need a tool in place that will elevate applications that require Administrative privileges… BeyondTrust Privilege Manager is one such solution!

    • Derek

      I think the point of the book is how do you manage the technical (and political) pain points that come with removing users from the local administrator group. Agreed other tools like BeyondTrust Privilege Manager is one such product that can also help with this…

      Alan

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>