Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSAS 2009 Running Windows as a Non- Administrator or how I learned to love “User” By: Kasey Dennler.

Published byAlexander Jordan Modified over 9 years ago

Similar presentations

Presentation on theme: "CSAS 2009 Running Windows as a Non- Administrator or how I learned to love “User” By: Kasey Dennler."— Presentation transcript:

1 CSAS 2009 Running Windows as a Non- Administrator or how I learned to love “User” By: Kasey Dennler

2 Running Windows as a Non-Administrator Here is what we are going to talk about today –Why should I be running as a non- administrator on my machine? –How do I run my machine properly as a non- administrator –Common misconceptions surrounding running your machine as a non-administrator

3 Why should I be running as a non-admin? Why, do you ask? –S–Security –S–Security –S–Security

4 Here are 4 reasons you should not run as administrator –You could potentially lose control of your entire system –Remote code execution –New services can be installed or old services can be stopped –You could potentially become a risk to the entire UI Network

5 How do I run as a non-admin So, now that I have successfully put the fear of being an administrator into you. What should you do? –Run as a user –Use software / hardware to allow problematic or legacy programs to run with the rights they need –Employ different software / hardware solutions to allow for users machines to be kept in a known good working state

6 Running as a user What is UAC? Benefits of having a separate admin account to make changes. Can you remotely work with UAC? Drawbacks for using UAC.

7 Running as a user What is UAC –( U ser A ccount C ontrol) The management of user accounts in Windows Vista. Because malware has greater control of the computer when it is running in administrator mode, UAC was designed to enable more users to run their computers as a standard user rather than as administrator. A computer is more secure against attack if it is running with fewer privileges. – ZDNet Definition for UAC

8 Running as a user What is UAC - continued – Admin Approval Mode The default mode in UAC is the Admin Approval Mode, which requires administrators to approve functions that were allowed in Windows XP without a prompt. For example, although standard users are unable to add programs, a user running as administrator does have the right to install new applications. However, in order to prevent unwanted programs from being slipped in "under the covers," the administrator must approve any installation first.

9 Running as a user The many faces of UAC

10 Running as a user

11

12 Benefits of having a separate admin account to make changes –There are already exploits for bypassing UAC when your account is already an admin –UAC will ask for a password –Access to network resources can also be handled differently –Runas a different user without having to grab sysinternals run as utility (just select Run as Administrator) –Eat your own dog food (when managing other users)

13 Running as a user Can you remotely work with UAC? –Microsoft's RDP works properly –There are limitations with other remote client software

14 Running as a user Some common drawbacks for using UAC –Access to network resources is different (don't expect your U: drive to be available in another session) –Windows explorer cannot be run as another user, use xplorer or another alternative

15 Using software to solve problems…… Use software / hardware to allow problematic or legacy programs to run with the rights they need –Application Issues –Virtualization –Maintaining the integrity of my system

16 Using software to solve problems…… Application Issues –Problems running –Writing data to profile folders (redirection necessary) –Security (managing file and registry permissions) –Working with the vendor –Using tools, like process monitor to watch usage –Viewing registry before and after

17 Using software to solve problems…… Virtualization –Thinapp –App-V –Sandboxie (also can be used to determine registry and file permissions needed for application)

18 Maintaining the integrity of your systems Employ different software / hardware solutions to allow for users machines to be kept in known good working state –Using AD sourced accounts –Maintaining the system –Default user profile –Shared computer toolkit/Deepfreeze / SCCM (App-V)

19 Maintaining the integrity of your systems Using AD sourced accounts –Maintaining access –Disabling and deleting local admin access (physical access to machine allows break-in if necessary)

20 Maintaining the integrity of your systems Maintaining the system –Auto-updates –Installing new software –Managing "All Users" content –Sysprep

21 Maintaining the integrity of your systems Default user profile –Common configuration –How to... –Redirecting folders to U: drive

22 How do I run as a non-admin – recap How do I run as a non-admin –Run as a user on your machine –Using software to solve problems…… –Maintaining the integrity of your systems

23 Common Misconceptions So now lets talk about some common misconceptions about not running as an admin on your machine. –#1 – I will not be able to do my job unless I am logged in as an administrator –#2 – I will not be as productive on my machine as I was as an administrator –#3 – I really just don’t want to…..

24 Common Misconceptions I will not be able to do my job unless I am logged in as an administrator

25 Common Misconceptions I will not be as productive on my machine as I was as an administrator

26 Common Misconceptions I really just don’t want to…

27 CSAS 2009 Questions?

Download ppt "CSAS 2009 Running Windows as a Non- Administrator or how I learned to love “User” By: Kasey Dennler."

Similar presentations

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Microsoft Windows Server 2008 Software Deployment Chris Rutherford EKU Technology: CEN/CET.

Microsoft Windows Server 2008 Software Deployment Chris Rutherford EKU Technology: CEN/CET.
Understand Virtualized Clients 10753 Windows Operating System Fundamentals LESSON 2.4.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Hands-On Microsoft Windows Server 2008 1 Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
6. Configuring & Deploying the Desktop Thomas Lee Chief Technologist – QA.

6. Configuring & Deploying the Desktop Thomas Lee Chief Technologist – QA.
Working with Workgroups and Domains

Working with Workgroups and Domains
NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.

NTFS. Authentication Is the person who she says she is? If so, access is allowed In Windows, authentication is handled by a password-protected user account.
Cyber Patriot Training

Cyber Patriot Training

Similar presentations

Ads by Google