Russell Smith's Least Privilege Security for Windows 7, Vista, and XP (LPS) is a helpful contribution to the toolbox of many enterprise system administrators. Numerous organizations are finally realizing that the Internet is too hostile an environment to let normal users function with elevated privileges. Although by no means a panacea for preventing intrusions, users operating with least privilege are somewhat more able to resist some attack vectors. Beyond resisting attacks, users operating with least privilege are more likely to meet organizational rules. Thanks to LPS, administrators running Windows 7, Vista, and XP can apply the author's lessons and guidance to their own environment.
I liked LPS because it applies to Windows 7, Vista, and XP. This really reflects the range of environments one is likely to encounter in the real world. (I still see Windows 2000 and even some NT, but those should be considered targets for decommissioning, not new life using least privilege!) The author does not assume that implementing least privilege is a foregone conclusion. He devotes an entire chapter to cultural and political objections to removing local administrator rights. Most chapters present a variety of tools and techniques to accomplish similar goals. The text is also very thorough, with dozens of checklists and supporting screen captures. I also appreciated hearing about several technologies which were fairly new to me, such as DirectAccess, Windows Remote Management (WinRM, Microsoft's version of WS-Management Protocol), Windows Remote Assistance and Easy Connect, and Microsoft's Internet Connectivity Evaluation Shell. The thought of Remote Desktop Protocol over HTTPS through TS Gateways, from the Internet straight to corporate desktops, horrified me.
My main problem with LPS (hence the loss of one star) involved framing the discussions in each chapter. I didn't quite follow some of the material (such as chapter 3). The author seemed too quick to jump to describing an implementation. I could have used more background on the technology and the problem it was trying to solve. However, I felt that it was likely many readers would already know the problem they needed to solve, and Smith's approach would deliver the content fairly well.
I recommend LPS to readers trying to better protect their enterprise, but be sure to include stronger warnings about the limitations of least privilege. Many instances of modern malware are happy to operate with least privilege constraints, so consider improved configuration as one element of a comprehensive security strategy.
下载免费的 Kindle 阅读软件,即可立即在智能手机、平板电脑或电脑上阅读 Kindle 电子书 - 无需 Kindle 设备。了解更多信息
使用 Kindle 网页版即时在浏览器上阅读。
使用手机摄像头 - 扫描以下代码并下载 Kindle 阅读软件。
![“Least Privilege Security for Windows 7, Vista and XP (English Edition)”,作者:[Russell Smith]](https://images-cn.ssl-images-amazon.cn/images/I/51SQ-gaeTeL._SX260_.jpg)
%2520%25E4%25BD%259C%25E8%2580%2585%2520Russell%2520Smith%2520%25EF%25BC%258C%25E7%258B%25AC%25E4%25B9%2590%25E4%25B9%2590%25E4%25B8%258D%25E5%25A6%2582%25E4%25BC%2597%25E4%25B9%2590%25E4%25B9%2590%25EF%25BC%2581%25E5%2588%2586%25E4%25BA%25AB%25E7%25BB%2599%25E5%25A4%25A7%25E5%25AE%25B6%25E3%2580%2582%26desc%3D%25E5%25BE%2597%25E6%259D%25A5%25E5%2585%25A8%25E4%25B8%258D%25E8%25B4%25B9%25E5%25B7%25A5%25E5%25A4%25AB~%25E6%2588%2591%25E5%259C%25A8%25E4%25BA%259A%25E9%25A9%25AC%25E9%2580%258AZ.cn%2520%25E6%2589%25BE%25E5%2588%25B0%25E4%25BA%2586%2520Least%2520Privilege%2520Security%2520for%2520Windows%25207%252C%2520Vista%2520and%2520XP%2520(English%2520Edition)%2520%25E4%25BD%259C%25E8%2580%2585%2520Russell%2520Smith%2520%25EF%25BC%258C%25E7%258B%25AC%25E4%25B9%2590%25E4%25B9%2590%25E4%25B8%258D%25E5%25A6%2582%25E4%25BC%2597%25E4%25B9%2590%25E4%25B9%2590%25EF%25BC%2581%25E5%2588%2586%25E4%25BA%25AB%25E7%25BB%2599%25E5%25A4%25A7%25E5%25AE%25B6%25E3%2580%2582%26url%3Dhttps%253A%252F%252Fwww.amazon.cn%252Fdp%252FB005OY7S2U%252Fref%253Dcm_sw_r_qq_dp_FTVE5JQKV54Z44YS8GTP%26pics%3Dhttps%253A%252F%252Fimages-cn.ssl-images-amazon.com%252Fimages%252FI%252F51SQ-gaeTeL.jpg%26site%3DAmazon&token=2E1D517C539CE1F7C2FEF73965A8A1ACDD5E2CA6){kind=link}
%2520%25E4%25BD%259C%25E8%2580%2585%2520Russell%2520Smith%26title%3D%25E6%2588%2591%25E5%258F%25AA%25E8%25B4%25AD%25E4%25B9%25B0Least%2520Privilege%2520Security%2520for%2520Windows%25207%252C%2520Vista%2520and%2520XP%2520(English%2520Edition)%2520%25E4%25BD%259C%25E8%2580%2585%2520Russell%2520Smith%26pics%3Dhttps%253A%252F%252Fimages-cn.ssl-images-amazon.com%252Fimages%252FI%252F51SQ-gaeTeL.jpg%26url%3Dhttps%253A%252F%252Fwww.amazon.cn%252Fdp%252FB005OY7S2U%252Fref%253Dcm_sw_r_qz_dp_FTVE5JQKV54Z44YS8GTP&token=9783C9CD91B83F7FD00756715EF4D91B981AD70F){kind=link}