AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Pau Lo
Pau Lo
 asked on

limit access of users/client devices to script tools

We are reviewing compliance against cis/sans top twenty cyber controls, and one of the controls is that of limiting access to script tools, which it sites an example of powershell and python. If users only have standard user rights (no local admin) what is the risk of them having powershell at their disposal on their assigned laptop/workstation?

And how from a systems admin / support perspective could you restrict access to such scripting tools to standard users? e.g. how can you hide/uninstall powershell for all?
PowershellOS SecurityScripting LanguagesSecurity
Avatar of undefined
Last Comment
McKnife
8/22/2022 - Mon
SOLUTION
FOX
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Pau Lo
ASKER
Thats great for the how part but the why part / benefits is also interesting.
SOLUTION
Kimputer
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
McKnife
pma, it's no good approach to look for top 20 lists.
You need to understand and cover the basics. If that is a top20 item, then sorry, I have at least 40 basics that need to be covered before that one.

If you feel you really need to do that, look at applocker and software restriction policies / application whitelisting.
Pau Lo
ASKER
Im just interested in why it would be any security benefit and make any list whether it be a top 20 or not.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Pau Lo
ASKER
The top 20 are cis top 20 and top 20 categories not individual controls. It does not rate each control within each category unfortunately.
ASKER CERTIFIED SOLUTION
McKnife
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent