Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

Thycotic PAM, IT and
Cyber Security Webinars

Ongoing education, on-demand


Getting to Least Privilege on Windows 10 and Windows Server 2016

Watch the Webinar


In this webinar we will take a fresh look at implementing least privilege on Windows 10 and Windows Server 2016 – for both end-users and operator/first-level IT staff who really shouldn’t have full admin authority.

Historically, Active Directory has always supported highly granular privilege model that allowed you to fully implement least privilege over IT staff if you were willing to define the roles, create the OU structure and delegate the permissions.

But least privilege has never been as easy outside AD – in Windows itself. Too many operations in Windows that end-users need to be able to perform required them to be a member of the local Administrators group. Things like:

• Installing printer drivers
• Reconfiguring the network
• Installing applications
• Legacy applications that require admin authority

The least privilege challenge varies with what types of end-users you have to support ranging from:

• Call center employees that use 3 applications and nothing else
• Knowledge workers and consultants who need great flexibility in order to perform their technology heavy jobs
• VIPs who have the clout to demand the ability to customize their computers

Windows privilege has never been as granular as AD. But improvements have been made and we’ll explore these in this real training for free event.

Least privilege is more important than ever because:

• Today, most attacks begin and spread through workstations
• Pass-the-hash and related credential harvesting attacks exploit the fact that too many accounts in our networks have admin authority

Does User Account Control (UAC) obviate the need for least privilege workstations? Only if you can trust end-users to be diligent about security, not to click Yes automatically, not to abuse their authority for convenience or expedience, etc. So, the answer is no. UAC is an added protection but not a security control and it only works if the user makes the right decision. In this webinar we will:

• Identify operations that can be delegated without making the user a full admin
• Call out operations that can’t be delegated using native Windows features
• Discuss management and protection of the built-in local Administrator user and Administrators group using group policy, Microsoft’s LAPS tool and more
• Explore system privileges relevant to least privilege
• Explore how logon rights are important to this issue