Benefits of Using Limited User Accounts

On Roger's Information Security Blog, Roger posted an article about the challenges in getting his company to remove local admin rights from their users. It got me thinking about the issue, and how problems with administrative rights extend beyond just Information Security. Here is a list of arguments for using limited user accounts that I came up with:

Benefits:

• Limits the impact of viruses, worms, and other malicious software
  (both DACL and integrity level controls limit the impact of malicious code)
• Reduces unapproved and unlicensed software use
  (Companies are liable for unlicensed software, even when unauthorized end-users install it unknowingly.)
• Reduces Help Desk calls by maintaining standard configurations
  (This is for both for non-standard software installation and configuration changes that cause issues)
• Helps prevent purposeful and accidental bypass of other security controls
  (Such as disabling firewalls and anti-virus, bypassing web filters, group policy, etc.)

Further thoughts:

• Default Windows behavior is to place Domain Users as members of the Users group, not administrators.
• One study showed that 92% of criticial Windows vulnerabilities (in 2008) were limited or eliminated by removing local admin rights
• Starting with Windows 7, the Power Users group is now functionally equivalent to the Users group
• Recent changes address problems with running as a standard user
  (This includes allowing users to change time zones, join wireless networks, install approved printer and device drivers, change power management settings, and more)
• File system and registry namespace virtualization now enable many legacy applications that used to require administrative rights to work under a Limited User Account (LUA)
• Enhanced Run As functionality and UAC enhancements allow over the shoulder privilege elevation

Resources
SANS 20 Critical Security Controls
ComputerWorld article
Microsoft Inside Windows Vista User Account Control