Zero Trust - Getting rid of End-User Admin Rights

In the new world of Zero Trust most companies are now aiming to get rid of local administrative rights for their end users. Sami Laiho has specialized in this field since 2002 and is the world leading specialist in his field.

Even the NT 3.1 User Guide states, that in Windows, there is no security if you give people local admin rights. Local admin rights give you the ability to bypass all company Group Policy / MDM -settings, take any logged on users’ identity, read/delete any files on the computer even with Deny ACLs, and probably the worst – the ability to breach the rest of the company systems.

Taking away end-user admin rights can lower the amount of Helpdesk tickets by 75%! Most people say that: “if I don’t have admin rights I can’t fix my computer” – No, in reality, it’s: “if you don’t have admin rights you can’t break your computer!”.

Most people think this hinders usability and is not possible for certain old apps, laptop users, or devs.

Sami has successfully taken away admin rights from all of these, in companies ranking from a single-person to a company with more than half a million users.


In this workshop you will learn:

  • How to get rid of admin rights with different solutions with different budgets,
  • You will also learn to understand even more about the dangers of having excessive rights
  • And how this leads to company-wide breaches and Ransomware breakouts.


Target audience:

Technical professionals (Junior and up) or project managers responsible for security projects.


Prerequisites to the course (recommended):

Basic knowledge of Windows Operating System, Networks, and Active Directory.


The prerequisite for issuing the certificate is full participation in training.

Length: 8 academic hours


The training topics and description:

Module 1: Problems with end-user admin rights

  • How to abuse admin rights
  • How removing admin rights extends the lifetime of OS installation
  • How removing admin rights reduces tickets

Module 2: Different solutions to implement

  • How to move from giving rights to users to giving rights to processes and tasks
  • Different solutions for different budgets
  • How to deal with Devs
  • How to deal with kids/students

Module 3: Daily life of an IT admin without admin rights

  • How to survive without admin rights in daily work


The training price also includes:
study materials;
a trainer's consultation on the topics learned by e-mail after the training;

As an added value, we offer:
free parking;
hot drinks with cookies;
fresh fruits;
lunch on each training day.


Loe koolitaja artiklit:

Uued küberturbe koolitused: kaitse võrku turvatarkvara eest maksmata, väldi administraatori õigusi