Zero Trust - Getting rid of End-User Admin Rights

Kestus: 8 academic hours

Vana-Lõuna 39/1, Tallinn

In the new world of Zero Trust most companies are now aiming to get rid of local administrative rights for their end users. Sami Laiho has specialized in this field since 2002 and is the world leading specialist in his field.

Even the NT 3.1 User Guide states, that in Windows, there is no security if you give people local admin rights. Local admin rights give you the ability to bypass all company Group Policy / MDM -settings, take any logged on users’ identity, read/delete any files on the computer even with Deny ACLs, and probably the worst – the ability to breach the rest of the company systems.

Taking away end-user admin rights can lower the amount of Helpdesk tickets by 75%! Most people say that: “if I don’t have admin rights I can’t fix my computer” – No, in reality, it’s: “if you don’t have admin rights you can’t break your computer!”.

Most people think this hinders usability and is not possible for certain old apps, laptop users, or devs.

Sami has successfully taken away admin rights from all of these, in companies ranking from a single-person to a company with more than half a million users.


In this workshop you will learn:

  • How to get rid of admin rights with different solutions with different budgets,
  • You will also learn to understand even more about the dangers of having excessive rights
  • And how this leads to company-wide breaches and Ransomware breakouts.


Target audience:

Technical professionals (Junior and up) or project managers responsible for security projects.


Prerequisites to the course (recommended):

Basic knowledge of Windows Operating System, Networks, and Active Directory.


The prerequisite for issuing the certificate is full participation in training.

Length: 8 academic hours


The training topics and description:

Module 1: Problems with end-user admin rights

  • How to abuse admin rights
  • How removing admin rights extends the lifetime of OS installation
  • How removing admin rights reduces tickets

Module 2: Different solutions to implement

  • How to move from giving rights to users to giving rights to processes and tasks
  • Different solutions for different budgets
  • How to deal with Devs
  • How to deal with kids/students

Module 3: Daily life of an IT admin without admin rights

  • How to survive without admin rights in daily work


The training price also includes:
study materials;
a trainer's consultation on the topics learned by e-mail after the training;

As an added value, we offer:
free parking;
hot drinks with cookies;
fresh fruits;
lunch on each training day.


You can participate in the training with the Unemployment Insurance Fund training card.

See you at the training!



Loe koolitaja artiklit:

Uued küberturbe koolitused: kaitse võrku turvatarkvara eest maksmata, väldi administraatori õigusi


Sami Laiho

Sami Laiho is one of the world’s leading professionals in the Windows OS and Security. Sami has been working with and teaching OS troubleshooting, management, and security since 1996.

In 2019 Sami was chosen by TiVi-magazine as one of the top 100 influencers in IT in Finland. He is the 11th most followed person in his field in Finland.

At Ignite 2018, Sami’s “Behind the Scenes: How to build a conference winning session” and “Sami Laiho: 45 Life Hacks of Windows OS in 45 minutes” sessions were ranked as #1 and #2 out of 1708 sessions!! This was the first time in the history of the conference that anyone has been able to do this.

Before that, at Ignite 2017, the world’s biggest Microsoft event, Sami was evaluated as the Best External Speaker! Also, Sami’s sessions were evaluated as the Best session in TechEd North America, Europe and Australia in 2014, and Nordic Infrastructure Conference in 2016, 2017 and 2019.

Specializes in and trains:
• Troubleshooting
• Security
• Centralized Management
• Active Directory
• Hacking
• Penetration testing
• Social Engineering

• Best Session (and #2) out of 1708 sessions at Microsoft Ignite 2018, Orlando
• Best External Speaker & Best Session by an External Speaker at Microsoft Ignite 2017, Orlando
• Best Sessions (#1 and #2) at AppManagEvent 2018, Utrecht
• Best Session at the Sharepoint HPR 2017, Helsinki
• Best Sessions (#1 and #2) at TechTalks 2017, Helsinki
• Best Session at AppManagEvent 2017, Utrecht
• Best Speaker at TechDays Sweden 2016, 2018, Stockholm
• Best session at TechTalks 2016, Helsinki
• Best Speaker at NIC Conference 2016, 2017 and 2019, Oslo (More info)
• Best session at TechTalks 2015, Helsinki
• Ignite 2015 Chicago – #2 in the evals (over 1000 speakers)
• TechEd Europe 2014 – Best session (More info)
• TechEd North America 2014 – Best session, Best Speaker (More info)
• TechEd Australia 2013 � Best session, Best speaker
• TechEd Europe 2013 � Best Session by an external speaker
• Best session at Techdays Finland 2013
• Best session by Microsoft STEP member in 2012
• Best session at Techdays Finland 2012
• Best session at Techdays Finland 2011

618 1727 | [email protected]

Osalemise tingimused

Registreerudes e-poe, e-kirja või telefoni teel, saadame Teile arve ja täpsema info osalemise kohta.
Üksteist päeva enne koolitust saadame Teile e-kirjaga meenutuse osalemise infoga.

Koolitusel osalemine on nimeline, kuid saate osalejat tasuta muuta kuni koolituse alguseni.

Koolituse eest tasumine toimub arvel viidatud arveldusarvele. Arve saadetakse maksja aadressile e-postiga. Arve tuleb tasuda enne koolituse algust arvel märgitud maksetähtajaks.

Kui Te ei saa mingil põhjusel osaleda, palun andke sellest kindlasti teada e-posti aadressil [email protected] või telefonil 618 1727 . Kui teatate koolitusel mitteosalemisest kuni 10 tööpäeva enne algust, pakume mõnd muud samaväärset koolitust või tagastame 100% tasutud koolituse maksumusest. Mitteosalemisest vähemalt 5 tööpäeva varem teatades, tagastame 50%. Muul juhul kuulub arve tasumisele. Raha tagastame ette antud summas juhul, kui pole tehtud koolituse korraldamisega seotud kulutusi (ostetud õppematerjale jms). Koolitusele mitteilmumisel, sellest mitteteatamisel või koolituse poolelijätmisel õppetasu ei tagastata.

IT Koolitusel on õigus koolitusgrupi mitte täitumisel koolituse toimumine edasi lükata või koolitus ära jätta. Koolitusele registreerunuid teavitatakse kursuse edasi lükkumisest või ära jätmisest telefoni või e-posti teel. Koolituse ära jäämisel korraldajatest tulenevatel põhjustel makstakse õppetasu tagasi. .

IT Koolitus on Eesti Töötukassa koolituskaardi koostööpartner. Tutvuge koolituskaardi infoga SIIN.
Täpsema info saamiseks võtke meiega ühendust telefonil 618 1727 või [email protected].

Vaata ka neid