How do you enforce least privilege on Mac endpoint

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Stella Martin, Apr 5, 2017.

  1. Stella Martin Suspended

    Nov 5, 2014
    Irvine, CA
    How do you enforce least privilege on Mac endpoint without compromising productivity or security? We would like to reduce risk of attack through privileged accounts.
  2. DJLC macrumors 6502a


    Jul 17, 2005
    Mooresville, NC
    The only thing you can really do is not issue admin accounts to employees, but that can hinder productivity. It might also be helpful to use an enterprise anti-virus software; as much as it pains me to recommend AV for a Mac, my coworkers sure can load them up with crap. An AV solution can prevent that.

    FWIW, we do issue admin accounts to employees on their assigned Macs and rely on both AV installed locally and network based AV to keep us protected. Everything else is either local server based or cloud based; ie., easy to enforce least privilege regardless of client device.

Share This Page