• Home
  • Why it’s a Bad Idea for Businesses to Allow Local Administrator Access

Why it’s a Bad Idea for Businesses to Allow Local Administrator Access

Bad Idea For Businesses To Allow Local Administrator Access
13Apr

Why it’s a Bad Idea for Businesses to Allow Local Administrator Access

One of the best things companies can do to keep their network and data secure is to remove local administrator access on all their computers.

Local administrator access gives a user complete control over their computer, allowing them to install and uninstall software, delete system or network files, add or remove users, and more. This may seem counterintuitive to remove that access, especially if it’s an owner, CEO, CFO or another important decision-maker, but it’s also a major security risk that attackers attempt to exploit.

It only takes one person with local administrator access for a hacker to mount an attack from their computer to get to all your company’s most sensitive data.

Granting Local Administrator Access is a Security Risk

Think of each user that has local administrator access as having a master key to your home. The more master keys there are, the more opportunities an attacker has to steal one of those master keys and gain access to your company’s network and data.

All it takes is one click from a legitimate-looking email to install spyware or malware on your computer meant to steal money, data or disrupt activities. Even with the most well-intentioned and responsible employees, all software has bugs that can be manipulated by hackers to get access to your network.

Once a hacker has access to an account with local administrator access rights, they can install and run any software they want to mount an attack on your business. They could even dwell for months before launching an attack.

The idea is to reduce the “keys” available to those who want to harm your company.

What are some other reasons to remove local administration access from your company’s computers?

Vital system files could be deleted: A user with local administrator access can open, modify or delete any file on their computer. That could include vital files needed to run the Windows operating system down to files needed to run Microsoft Word.

An employee even could mistakenly delete or modify files with no intention of causing harm, rendering the computer useless until it is reformatted, wasting valuable time and money.

Stop or disable antivirus services: A user with local administrator access can stop or disable any antivirus service you have installed, opening your computer to even more security threats.

Give persistent access to bad actors outside the company: A user with local administrator access can knowingly or unknowingly make it easier for an attacker to gain access to your company’s network by changing the privileges of current users.

Who Should Have Local Administrator Access for My Company?

Your information technology team is the most adept and knowledgeable when it comes to managing access to your company’s network and data.

The IT industry encourages a security stance of the “principle of least privilege” for any account within a company. The principle of least privilege means every employee is given the minimum level of permissions required to do their job. The idea is the more privileges given, the more responsibility and, ultimately, the more risk for the company.

The biggest downside of this stance is inconvenience. If any employee needs to install or run a certain program, they would need to be granted permission from the IT team. It’s a hassle to reach out to your IT team and wait for a response, but it reduces security vulnerabilities.

There are programs your IT team may use that give them a way to allow or deny access on a real-time basis. These programs alert the technician when someone is attempting to do something above their permission level, and the technician can react within minutes.

The technician can allow or deny just the current request or create a rule for that one user, a group of users or all users.

While having your local administrator access removed may be inconvenient, it goes a long way toward securing your company’s data and systems.

West Michigan Managed Service Provider

Are you looking to increase security for your company’s network and data? Contact Hungerford Technologies to see how we can help keep your business running smoothly while increasing productivity, security and profitability.

Get Support

Share this post

Related Posts

Windows 11 In-Place Upgrade or Clean Install?
23Apr

Windows 11 In-place Upgrade or Clean Install?

Security updates and support for Windows 10 will end Oct.... read more

Planning Your Upgrade From Windows 10 to 11
18Apr

Planning Your Upgrade from Windows 10 to 11

Next year, Oct. 14, 2025, to be exact, Microsoft will... read more

Microsoft Unbundles Teams and Office
16Apr

Microsoft Unbundles Teams and Office: What You Need to Know

Earlier this month, Microsoft announced it will sell its messaging... read more

Why Does Windows 11 Need TPM 2.0?
11Apr

Why Does Windows 11 Need TPM 2.0?

If your organization is looking to make the jump to... read more

Mel Trotter Enjoys Flexibility With Co-Managed IT Grand Rapids
09Apr

Mel Trotter Enjoys Flexibility with Co-managed IT

A managed service client since 2018, Mel Trotter Ministries is... read more

Critical Applications Grand Rapids Managed IT Services
04Apr

How Do I Identify My Critical Applications?

Critical applications are essential for business continuity. If a business-critical... read more

Our IT Services Grand Rapids Managed Services
02Apr

Is Your Organization an Ideal Fit for Our IT Services?

As we’ve previously outlined, there are several things to consider... read more

Cellular Data or Public Wi-Fi Managed Services Grand Rapids
28Mar

Is it More Secure to Use Cellular Data or Public Wi-Fi?

Thanks to cellular networks, the internet can be accessed from... read more

What Determines Whether Email Goes to Junk Folder or Quarantine?
26Mar

What Determines Whether an Email Goes to Junk Folder or Quarantine?

If your organization uses Microsoft Defender, you may have received... read more

Business Password Manager is Better Grand Rapids Cybersecurity
21Mar

6 Reasons a Business Password Manager is Better Than a Personal One

Password managers are a great tool for your employees to... read more