why giving local administrative access is a bad thing

Local administrative rights give users the power of downloading any content, using any program, and adding or deleting computer settings. Statistics prove that companies that give their employees local administrative rights are more likely to undergo a critical vulnerability. This is because most employees aren’t experts in information technology and won’t realize that they’re accidentally downloading malware until it’s too late.

The reason why some businesses don’t bother taking local administrative rights from their employees is that the company doesn’t have enough IT technicians to walk around and give access to other employees all day. For example, a manufacturing company has 300 employees who work on desktops and download material at all different times of the day. However, the company only has 10 IT technicians, so, if the company were to remove local admin rights from all the desktops, then an IT technician would have to put in the password every time an employee wanted to download something. The IT technicians should be the only ones that are allowed to give the computer permission to download material because they are experts in detecting malware. This would become a problem for the company because there aren’t enough IT technicians working at the company to keep up with the demand of other employees.

The benefits of removing local admin rights outweigh the drawbacks of keeping them. In 2021, Microsoft’s Vulnerabilities Report showed that more than 50% of critical vulnerabilities the previous year would have been mitigated if companies removed local admin rights. Employees who have local admin rights can turn off organizational protections like firewalls, antivirus, and group policies. For example, an employee could innocently turn off those protections to download a file that they believe is work-related but is malware. Another benefit to removing local admin rights is the challenge it presents to attackers because they can’t as easily impersonate logged-on users.

Companies should try to minimize the number of employees that have local administrative access to the least amount possible. When a company does need to give an employee access the company should monitor the activity regularly so that suspicious activity can be addressed ASAP.  Company leaders and IT technicians should explain to other employees that removing local admin rights is not a lack of trust towards the employees but instead to protect the company from critical vulnerabilities. If employees understand the reasoning behind removing local admin rights then they are more likely to be willing during the process.

About Partners Plus

Managed IT Services That Do the Work for You

Partners Plus began in 1991 as an outsourced IT department after working as the Director of Programming and a Consultant for six years. For 30+ years now, we have been 100% committed to ensuring small- and medium-sized business owners have the most reliable and professional virtual CIO in the Delaware Valley. Our dedicated team of professionals will solve your IT nightmares quickly and without confusion on your part.

Our customer-specific memberships deliver your needs without overstepping your budget boundaries. From cloud services and data backups to ransomware prevention and Dark Web monitoring, Partners Plus is here to work with you and your expert company, dependable outsourced IT support and security.

Partners Plus has locations and services the following areas:

Managed IT Services in PhiladelphiaManaged IT Services in DelawareManaged IT Services in Malvern