Desktop lockdown shouldn’t hinder a user from performing their day to day role, so here are 5 tips to achieve flexible desktop lockdown.
1. Implement Least Privilege
If you are serious about desktop lockdown then you really need to adopt least privilege. If users are logging on with admin rights (or power user rights) then locking down the desktop becomes an almost impossible and thankless task.
If the only thing stopping you from implementing least privilege is that users need to run problem applications, perform basic admin tasks, such as connecting printers, or install approved software, then consider a privilege management solution. Privilege management solutions enable individual applications to be elevated under a standard user account, making it possible to remove admin rights from users. Click here to read more »
It surprises me how few vendors use Active Directory Group Policy as a mechanism to centrally manage and deploy policy settings for their Windows based products, and instead build their own backend infrastructure for this purpose. I could rattle off a long list of benefits, including hierarchical management, a strong security model that includes delegated administration, built-in replication, stability and scalability, to name but a few.
Even if you could build your own deployment mechanism that matched or even surpassed the features in Active Directory Group Policy, there would still be one over-riding reason not to do so … most organizations already have an Active Directory in place, and they have carefully designed and built an infrastructure that is suitable for their environment. So why provide them with a proprietary system for your product that requires additional servers and all of the dedicated training, management and support time that is required to set up and maintain this new infrastructure. Click here to read more »