Many of you already know of my love for ScriptLogic’s Desktop Authority and if you don’t you can certainly read about why I think it’s great here, but today I wanted to point out perhaps a lesser known product that can make life as an IT administrator much easier. ScriptLogic’s Privilege Authority is the perfect tool for allowing your users to have the rights to do their jobs without giving them the keys to bring down the network or their PC. In my experience as an admin in the past it was always an all or nothing deal, we either locked down the desktops so tight that they couldn’t install anything and we got a million calls a day need permission to install this app or ActiveX blah blah and it was a nightmare… We spent more time installing things than we did actually fixing things. On the flip side eventually you cave and just make them an administrator of their local machine only to come back and see that antivirus is disabled because it makes things “slow” or they had installed every toolbar ever and a thousand games.
Privilege Authority bridges that gap, giving users a configurable amount of rights to their machines without giving them the keys to the whole world. We can let them install ActiveX controls, of course only the ones that we are okay with, likewise for additional applications or even certain windows processes. We can get as granular as we want on the different privileges they have down to users, computers, network subnets, etc. Sometimes its little things that you don’t even think about take the use case below for example provided by the ScriptLogic team.
A School District had granted the students admin rights on the workstations and they thought they were secure. What they didn’t know was that in Windows 7 you can check a box to reveal wireless passwords if you have admin rights. This features existence became known when a student figured it out and tweeted the WPA2 wireless password thus causing a major security breech. They now needed to lock down all machines but the students need rights for a certain application thus leading them to Privilege Authority to solve exactly this issue
Here is the issue in Windows 7.
Wireless Network Security Key Flaw
When the Wireless LAN Network Keys have already been entered into the system, a normal user with administrative rights (to the local machine) can in fact goes into the Wireless network properties and view the entered Network Security Key.
This is due to a checkbox located conveniently below the Network Security Key, named Show Characters. By clicking on this checkbox, the user actually can have the network security key displayed in clear text!
I don’t know about the readers out there but this is something that I don’t think I would have ever thought of and sometimes it’s the little things like this that get you! One last thing before I end my rant… ScriptLogic has a cool video that I think if fitting for all this. Check it out LOL!