Check out Aaron Margosis’ blog for tricks and tips to make it easier for you (and those around you!) to run with Least Privilege User Access(LUA). We’re no doubt all familiar with the argument of “I need Administrator/root access to do my job” – and of course running with full rights is rarely actually required for ALL of a user’s session activities. Windows’ “RunAs” feature can be a big help as can “su” and “sudo” on LINUX/UNIX(setuid can be effective too ASSUMING it’s managed carefully). I recently posted a blogcast (what’s a blogcast?) showing how to create a non-privileged user account in Windows XP – click here to view the blogcast – it’s only a couple of mintues long and shows you exactly what to do.
Getting users to understand that any malware they accidentally install & trigger will run with the same rights as them tends to focus the mind a little but it’s quickly forgotten ;-(
Good security awareness training is required to cement important concepts such as LUA and really simple (but very effective) things like LOCKING YOUR SESSION BEFORE leaving a machine unattended.
Here’s a quick tip – hitting the flag(Windows) key together with the L key is the quickest way to lock your session.
If you’re going to TechEd USA then Aaron’s latest post will be of interest as he outlines his sessions here.