Good practice, Part 2: Local admin rights
If you set up a fresh copy of Windows, the default user account will have local admin rights. You should do something about that. But why, and what?
Vulnerabilities in the operating system.
The results also revealed that removing admin rights would mitigate 96% of critical vulnerabilities affecting Windows operating systems, 91% critical vulnerabilities affecting Microsoft Office and 100% of vulnerabilities in Internet Explorer.Avecto, Microsoft vulnerabilities report 2013
The quote above from Avecto, creator of the report they are discussing, show one major reason why having local admin rights on your personal user account should be reconsidered. By having these rights enabled by default, you are exposing your system for many potential security vulnerabilities – known and unknown – in the operating system it self.
Another factor to consider is the possible harm malware could do to your information if it were able to run as admin. Just some basic computer facts first: If you open a program, that program will run as you, with your privileges. So if you open that to-good-to-be-true email from the Nigerian prince, and try to read the attached PDF, the concealed malware will run as your user account. And if you have admin rights, so will the malware.
From a corporate side of things, local admin rights also opens up for software installations by the end users. This can lead to unwanted license consumption (since you as a company are responsible for what software are installed and used on a corporate computer). And each additional software on a system opens itself up to a set of possible vulnerabilities. Another aspect is that more software seldom leads to a more stable system. You would only want the necessary software installed on your systems. Not more, not less.
Administrators can make mistakes.
Well, everyone makes mistakes. Admins too. In Norway, we have a saying, “many chefs, great mess”. Even if administrators can mess up from time to time – adding admin rights to everyone would only lead to more mess. And if you have admin rights, you can mess up a lot more then if you are running as a standard user.
So, what should you do?
- Remove local administrator rights from everyone’s personal account, even IT.
- Always think “least privileged”. Do not give anyone, not even your self, greater privileges then needed.
- If someone needs more rights then included in a standard user account, delegate specific permissions, perhaps to a separate account.
- Give those that need it a separate local administrator account to elevate to, when needed.
Of course, this is not easy. But with proper planning and diligent execution, you can create and implement a secure local administrator policy.
In later articles, I will discuss other areas regarding administrator rights that will fill some gaps, like how to stop end users from installing programs that doesn’t require administrator rights, and how to manage domain admin rights.