Kill Local Admin Rights and
Block Malware
Not only does Microsoft recommend restricting local administrator accounts on workstations and servers, the SANS Institute refers to local admin accounts as “keys to the kingdom.” Hackers and malicious insiders use local admin accounts to embed your machines with malicious code.
“Killing local admin rights is essential if you are going to secure your Windows enterprise.”
SAMI LAIHO, Microsoft MVP and World-Renowned Windows 10 & 11 Security Speaker
Why Give Users Admin Rights?
Some applications that install into the Program Files or other directories require administrator rights. Without those rights, some users can’t do their jobs.
Install software
Bypass UAC prompts
Manage network cards, printers, and remove software
Access parts of the OS including Control Panel and Device Manager
Allow power users or tech users to run scripts
After You Remove Local Admin Rights, Users Can’t Perform Certain Tasks
They may have to get past a UAC prompt to run an application requiring admin rights.
They may need to access a particular Control Panel applet (like Device Manager).
They may need to install an MSI application (once or multiple times).
They may need to modify OS settings (Network card, Remove Programs, Update a driver).
They may need to install or remove printers.
The Problem with LAPS
Although you can use Microsoft Local Administrator Password Solution (LAPS) to provide users a temporary password, it puts your network at risk. Even with a temporary password, the user may inadvertently uninstall your antivirus, stop services, and install malware … all in the line of attempting to work around a UAC prompt.
Overcome UAC prompts quickly & easily
With PolicyPak Least Privilege Manager, you can kill local admin rights and still allow users to perform the operations on their machine that they need to in order to do their work.
Additionally, many admins want to curate which Universal Windows Applications (UWP) apps can be run on an endpoint. With PolicyPak Least Privilege Manager, you can dictate exactly which UWP applications can and cannot run, including things like the Microsoft Store or Microsoft Edge.
Preventing Malware
A single click by any user can cause unleashed havoc and disruption; not just to their machines but to others as well. So how do you stop users from executing unsanctioned applications?
The Challenge with Microsoft AppLocker | |||
---|---|---|---|
Microsoft AppLocker is the built-in choice for Windows 10 & 11 whitelisting. But ask any AppLocker admin what their day looks like, and most will tell you it either became their “whole life” or they had to give up. |
GOAL
Prevent users from running naughty items |
APPLOCKER | POLICYPAK |
Prevent Malware with PolicyPak SecureRunTM |
Enables transition from admin users to standard users |
||
Implement automatic whitelisting and get it rolled out in less than a minute. That’s right! In less than a minute, you can completely block users from executing unknown files or malicious code. SecureRunTM is a part of PolicyPak Least Privilege Manager. It prevents standard users from running non-sanctioned applications and prevents malware and “unknownware.” |
Prevent Users from executing malware Once admin rights are removed, elevate applications & situations |
Resources
Top 5 Reason Admins Give Away Local Admin Rights
In this white paper, we will tackle this threat and do a deep dive into the top 5 reasons that enterprises give local admin rights to users. We will also show how PolicyPak Least Privilege Manager abates this threat and allows users to fully perform their jobs, while protecting desktop devices.
READ WHITEPAPERAppLocker vs PolicyPak Least Privilege Manager
This white paper explains Microsoft AppLocker vs. PolicyPak Least Privilege Manager and where each has merit and best use cases.
READ WHITEPAPER