Should Users have Admin Rights?

CybersecurityArticle
Written By Bob Coppedge

I Want Local Admin Rights for all my smart users!

What are “Local Admin Rights” for computers, and do I want my end users to have them?

Every time you log onto your computer, you’re doing so with your “User Account”. That’s not just your user name and password. It’s all of the settings specific to your account. Some of it’s about how programs should behave. Some of it’s about security.

And one of the most important settings about your User Account? Whether you have…”Local Admin Rights”.

If your account has these rights, you can essentially do…anything…to your computer. Install and uninstall programs. Install other components. Change anything. Add other users. Oh, and delete other users as well. Change passwords. Patch and update pretty much any part of the system. Heck, nuke the entire system.

Local Admin Rights Rule!!!

But here’s the problem. Actually there are two problems.

First is the “whoops” factor. Basically you can easily change or remove parts of the system that you really didn’t mean to. Delete Office (don’t say you haven’t ever considered it). Remove all your documents. Install a new program that completely mucks up your system. We’re talking about accidents.

Second is more nefarious. The bad guys love to present themselves are things you should install or run. Let’s say it’s a screen saying “You’ve been infected, click here to remove the malware”. Click it, and…you’ve just installed the malware yourself. If you didn’t have Local Admin Rights? Odds are the malware wouldn’t be able to do a thing (this isn’t always true).

Most organizations have taken the logical step of removing local Admin Rights from their end users. And this can be annoying. Every time an end user legitimately wants something installed? They have to contact IT (whether it be internal employees or a Managed Service Provider like Simplex-IT) and wait for them to take action.

Absolutely impacts productivity.

But not as much as end users accidentally infecting their machines with malware.

And we’re finding (and creating) more and more ways to either automatically push out software, including patching and updating, to our client workstations. To preemptively handle these updates. And ways to automatically install common software, so the solution is actually a lot faster than it used to be. And to do these things with little to no impact on the end user.

There are some people who take losing their local Admin Rights personally. As if it demonstrates a lack of trust. But many cyber insurance providers are requiring their customers to remove local Admin Rights for their end users.

For good reason.

Bob Coppedge

About Bob Coppedge

Simplex-IT, CEO

Bob is the CEO of Simplex-IT. He has over 40 years’ experience in IT (Information Technology and in 2007 he created Simplex-IT to be the “good guys” in the IT world, specializing in making IT work for small to medium businesses and to “Simplify the Complex”. Bob is an industry leading expert with the ability to translate tech talk into everyday language. Bob has authored three books “The MSP’s Survival Guide to Co-Managed IT services”, “A CEO’s Survival Guide to Information Technology”, and his latest “I Don’t Want Your Job: Is Co-Managed IT services the Right fit for You?”. Bob regularly speaks at various national and area events, including IT Nation, DattoCon, Private Directors Association and more.

Connect with Bob on LinkedIn: https://www.linkedin.com/in/rlcoppedge/

Previous

Passkeys Could Improve The Way You Work, Forever
Next

Windows 10 is Getting a Very Useful Windows 11 Feature