Pau Lo
asked on
limit access of users/client devices to script tools
We are reviewing compliance against cis/sans top twenty cyber controls, and one of the controls is that of limiting access to script tools, which it sites an example of powershell and python. If users only have standard user rights (no local admin) what is the risk of them having powershell at their disposal on their assigned laptop/workstation?
And how from a systems admin / support perspective could you restrict access to such scripting tools to standard users? e.g. how can you hide/uninstall powershell for all?
And how from a systems admin / support perspective could you restrict access to such scripting tools to standard users? e.g. how can you hide/uninstall powershell for all?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
pma, it's no good approach to look for top 20 lists.
You need to understand and cover the basics. If that is a top20 item, then sorry, I have at least 40 basics that need to be covered before that one.
If you feel you really need to do that, look at applocker and software restriction policies / application whitelisting.
You need to understand and cover the basics. If that is a top20 item, then sorry, I have at least 40 basics that need to be covered before that one.
If you feel you really need to do that, look at applocker and software restriction policies / application whitelisting.
ASKER
Im just interested in why it would be any security benefit and make any list whether it be a top 20 or not.
ASKER
The top 20 are cis top 20 and top 20 categories not individual controls. It does not rate each control within each category unfortunately.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER