Why End-users should not have administrator access

In today’s day of cyber attacks, viruses and ransomware, business owners and executives are always asking what can we do to limit our exposure?

One of the easiest things we tell them and is considered an industry standard is to never allow end-users to have administrative access to their computers.

In our over 17 years of being in business, it is really easy for us to pull up thousands of tickets related to viruses, computer slowness, and operating system issues that are a direct result of an end user having local administrator access to their computer. In fact, giving users administrative access not only can make your staff less productive, it raises the cost of doing business (e.g. fixing computer issues, employee downtime, data loss from virus infections). Administrator accounts on a computer allow the user to install software, make any change to the system settings, and override local folder permissions. This might not seem like a big deal, but let’s consider the possible issues which result from that:

• Unauthorized software can be installed on the computer, leading to non-work-related activities and possible computer slowdowns or shutdowns.
• Unlicensed software can be installed, opening your business up to potentially hefty fines from software vendors.
• Users can intentionally or unintentionally execute a malicious program, leading to infections that could potentially span many computers on your network. These are often undetectable by anti-virus programs (frequently because the user specifically allows them to execute so the antivirus does not stop them).
• If multiple users use a single PC, the administrator account can be used to access data in other user profiles. This could allow for data breaches, theft, and privacy concerns.
• Operating system settings can be changed intentionally or unintentionally causing potentially unfavorable consequences.

While limiting users access might seem like an inconvenience for some, mitigating the significant risks and costs associated with running with Administrator access, is well worth any inconvenience, especially when you have a 24 x 7 helpdesk to provide that access and oversight to make sure the right components are being installed. We have seen firsthand the devastation that can occur when malware can run with full admin access and today’s day, that cost can easily exceed hundreds of thousands of dollars.