- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Implementing the "Just-enough Privilege" Security Model
- Abstract
- This paper discusses some of the challenges associated with migrating a large, widely distributed Windows NT environment with widespread administrative access for the application and server support personnel to a native Windows 2000 environment which embraces the philosophy of the "Just-enough privilege" (JeP) security model to complete assigned job responsibilities. I'll define the concept of Just-enough Privilege within the scope of this migration, briefly describe the old environment, outline some perceived benefits of moving to this security model, discuss the challenges and roadblocks of implementing the JeP Security model, and provide some real-life examples of how to limit widespread administrative authority on Windows 2000 servers for tasks that are commonly perceived to require administrative privileges to complete. This paper depicts experiences with migrating from a Windows NT environment, but the strategies discussed to implement JeP can be applied to an existing Windows 2000 environment which doesn't enforce the JeP philosophy.