Taking a least-privilege approach to user accounts is a key part of any in-depth defense strategy, many analysts and security pros say.
“I think it’s very important … not even just as [a component] of security, but in the broader sense [of] risk posed to the business in IT,” said Scott Crawford, an analyst with Enterprise Management Associates. “Nowhere is that more true than in a Windows environment where there [are] some things at least on the endpoint or desktop…you simply can’t do without administrative privilege.”
In its defense, Microsoft has built the User Account Control feature into Windows Vista, allowing IT administrators to elevate their privilege for specific tasks and application functions while still running most applications, components and processes with a limited privilege. Other companies such as Symark Software and BeyondTrust also look to address the issue of least privilege with their software.