"Using a Least-Privileged User Account" OR "Woohoo, I've been published on microsoft.com!"
Well, not to toot my own horn too loudly, but I've had my first external facing document, Using a Least-Privileged User Account (LUA), published on TechNet as part of the monthly Microsoft Security Newsletter for January 2005. This newsletter is considered the authoritative information source for understanding the Microsoft security strategy and priorities and is written for IT professionals, developers, and business managers.
The article is fairly brief and just quickly touches on a few of the key issues around the principle of "least-privilege". Anyone who has been a victim of viruses, worms, and other malicious software (malware) should appreciate this principle - after all, if all processes ran with the smallest set of privileges needed to perform the user's tasks, it would be more difficult for malicious and annoying software to infect a machine and propagate to other machines. Unfortunately, successfully taking advantage of this principle as a method of defence against external attacks by setting up LUA accounts for daily use is not at all straightforward so my article discusses some of these pitfalls and then points readers to some very useful resource sites to help with this process.
Please take a moment to read my article and, if you do, consider leaving a comment or sending email to our feedback alias (lua-qa@microsoft.com) with your thoughts about the article or around the principle of "least-privilege" in general.
