We often get the request – “Can one key person or lots of users have Domain Administrator rights to the network?”

This document looks to detail the reasons why this tends to generate a number of challenges for your organization.

First, let’s give you an analogy… If a person (no matter how well-intentioned) walks around all day, every day holding a lit candle, trying to be sure not to: drop it, burn their hand (with the hot wax), not burn anyone else, and not set anything on fire, sooner or later…it’s going to end badly, the only question is: how badly?

The exact same issue occurs with giving any users domain administrator rights…it’s going to end badly.

Why network security is important:

  • Accidents

We deal with the results of wrong clicks, typos, and slips for our clients every day. With normal rights, this can affect either just that user or the common areas (on the network) that the user shares with others. With domain administrator rights – the effects can be dramatically larger. Things like: affecting secure areas on the network, bringing the network down, removing the ability to access files (either locally or on the network), dramatically reducing network performance, and locking out entire sections of the network from being backed up.

  • Fooled

When a user with domain administrator rights is fooled into clicking on an email with some sort of infection mechanism, or just visits an infected website the risk jumps from their computer (and maybe files on the server) to a complete meltdown of all servers and workstations on the entire network often with Ransomware. Many of today’s malware include multiple attack vectors – so the more files and access they have (via domain administrator rights) once they get in the door, the more damage they can do.

  • Good Intentions / Bad Consequences

When a user uses their Domain Administrator permissions to grant/change file/folder rights or modify the settings, like encryption or compression they often expose the organization to risks that are only uncovered when a second event (sometimes much later) occurs. These secondary events often involve either a failure or security issue – like needing to recover files (which now can’t be recovered), a user departure (on less than agreeable terms), or a security issue from outside (like Ransomware or bad actor).

  • The “Typhoid Mary” issue

When someone has domain administrator rights, their ability to auto-run apps during logon and insertion of things like USB sticks goes up. Often malware includes an auto-reinfection mechanism to reinstall itself after removal. If you add to that a roaming characteristic (where they touch multiple computers or even servers) – you end up with a “Typhoid Mary”, who spreads infection(s) throughout the enterprise.

  • Departures

When an employee is looking to leave an organization, domain administrator rights can generate a significant issue. The issue can occur for the user who actually has domain administrator rights or for a user/folder whose access has been previously “tuned” by the actual user with administrator rights. In both cases, it significantly increases the level of damage. Here are the two ways we’ve seen this play out:

The departing user deletes important info (often that the organization’s management didn’t realize they had access to) as part of the departure.

The user copies the data (often that the organization’s management didn’t realize they had access to) and brings it with them – for their new job or other less than honorable intentions.

  • Cleanups

When issues are discovered based on changes made or damage done using the domain administrator rights, uncovering and resolving all the areas that were affected can be a very time-consuming process. This is particularly true in the non-malicious cases, where someone was being helpful/expedient and made changes throughout the Infrastructure over time, and honestly can’t remember where the changes were made.

Why Trust Partners Plus

Partners Plus, Inc. has been a beacon of innovation and reliability in the managed IT services industry for over three decades. Founded on providing bespoke, cutting-edge technology solutions, Partners Plus empowers businesses to achieve peak operational efficiency and security. Our expertise spans comprehensive IT support, cybersecurity enhancements, cloud computing solutions, and data backup and recovery, all tailored to meet each client’s unique needs.

Our Locations:

  • Managed IT Services in Philadelphia: In the city’s heart, our Philadelphia location stands as the cornerstone of our operations, delivering robust IT frameworks and cybersecurity defenses to a diverse clientele.
  • Managed IT Services in Malvern: Serving the dynamic businesses in Malvern, our team specializes in custom IT strategies that drive growth, streamline operations, and protect against cyber threats.
  • Managed IT Services in Wilmington: Our Wilmington branch focuses on delivering top-tier managed IT services, ensuring businesses operate smoothly with state-of-the-art technology and fortified security measures.
  • Managed IT Services in Middletown: The latest addition to our network, the Middletown office, extends our reach, offering comprehensive IT solutions that support businesses in adapting to the digital age, emphasizing innovation and security.

Our Services:

  • Customized IT Support: Understanding that each business’s needs are unique, we offer personalized IT support plans to ensure your technology aligns with your business goals.
  • Cybersecurity Solutions: With cyber threats evolving daily, our advanced cybersecurity services are designed to protect your business from the latest digital threats, ensuring your data and operations are secure.
  • Cloud Computing Services: Leverage the power of the cloud with our cloud computing solutions, facilitating seamless access to data and applications, enhancing collaboration, and optimizing operational efficiency.
  • Data Backup and Recovery: Our comprehensive data backup and recovery services protect your critical business data against loss with robust recovery solutions to minimize downtime during a disaster.
  • Strategic IT Consulting: Navigate the complex technology landscape with our expert IT consulting services. From strategic planning to implementation, we guide you through every step to ensure your IT investments deliver maximum value.

Choosing Partners Plus for your managed IT services means partnering with a team that understands the nuances of technology and values the trust and collaboration essential to fostering long-term business relationships. Our commitment to excellence, combined with our strategic locations in Philadelphia, Malvern, Wilmington, and Middletown, positions us uniquely to serve businesses with unparalleled IT support and services.

At Partners Plus, we’re not just your IT service provider but your IT partner, dedicated to ensuring your business thrives in an ever-evolving digital landscape. Our holistic approach to managing IT services for all companies empowers you to focus on what you do best—running your business while we handle the rest.

Contact Us Today:

Ready to elevate your IT strategy with a partner that puts your business first? Contact Partners Plus today to discover how our managed IT services can transform your technology into a strategic asset.