How do you enforce least privilege on Mac endpoint

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Stella Martin, Apr 5, 2017.

  1. Stella Martin macrumors member

    Joined:
    Nov 5, 2014
    Location:
    Irvine, CA
    #1
    How do you enforce least privilege on Mac endpoint without compromising productivity or security? We would like to reduce risk of attack through privileged accounts.
     
  2. DJLC macrumors 6502a

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #2
    The only thing you can really do is not issue admin accounts to employees, but that can hinder productivity. It might also be helpful to use an enterprise anti-virus software; as much as it pains me to recommend AV for a Mac, my coworkers sure can load them up with crap. An AV solution can prevent that.

    FWIW, we do issue admin accounts to employees on their assigned Macs and rely on both AV installed locally and network based AV to keep us protected. Everything else is either local server based or cloud based; ie., easy to enforce least privilege regardless of client device.
     
  3. Stella Martin thread starter macrumors member

    Joined:
    Nov 5, 2014
    Location:
    Irvine, CA
    #3
    I see, I think what you are saying is similar to the least privilege solutions that we are currently looking into. Am right?
     

Share This Page