Frequently Asked Question

Removal of Local Admin Rights
Last Updated a year ago

The Case for Removing Local Administrator Rights

The misuse of administrative privileges is a key method used by attackers to gain unauthorized access to our networks. In fact, misuse of administrative privileges is such an important issue that the CIS (Center for Internet Security), in their latest release of the Critical Security Controls 6.0, moved it from 12th to 5th in order to make it a higher priority for organizations to address.

The risk of being a local administrator is that you can install programs on the computer without asking anyone’s permission. The alternative is a standard user account, which can use programs and change settings that do not affect the security of the computer. When standard users try to do something that they do not have permission to do, the computer requests the credentials for an account that has local admin privileges.

5 Reasons to Remove Local Admin Rights

  1. Helps keep malware off computers – Our computers can’t differentiate between good and bad software, so the only way to prevent the installation of malware is to prevent installations in general. If a malware infection occurs, the malware generally has the same rights as the person who is logged in which means that malware could be far more damaging if the person who is logged in has administrative permissions.
  2. Helps maintain protections that are in place – Administrators have the ability to turn off organizational protections that have been put in place, like your antivirus, firewall, encryption and Group Policy. If the administrative account is running malware, the malware has the ability to do the same thing!
  3. Keeps computers in compliance with organizational policies – Local admin group policies take precedence over Group Policy. This means a user with local admin rights (or an attacker masquerading as the user) can create their own policies or deny the system from reading Group Policies, effectively invalidating much of the security controls that the organization has put in place.
  4. Closes vulnerabilities – An annual report from Avecto on Microsoft patch analysis reveals that removing local admin rights mitigates: a. 85% of all Critical vulnerabilities
    1. 99.5% of all Internet Explorer vulnerabilities
    2. 82% of all vulnerabilities affecting Microsoft Office
      The statistics are similar for other software programs as well. Fewer vulnerabilities mean fewer opportunities for attackers to compromise your network.
  5. Helps defends against hackers – Administrative credentials are key targets of attackers looking to penetrate and exploit a network. Local administrator accounts provide enough privilege for attackers to impersonate other logged-on users or run exploit tools locally which can then be used to gain valuable information to further pivot into a network, escalate privilege and locate sensitive information.

By minimizing the number of local admin accounts, you reduce the opportunities for an attacker to gain sensitive access on your network. For the administrative accounts that remain, make sure you are monitoring the activity related to them. Strong, centralized logging, monitoring and auditing of these credentials can provide early warning that nefarious activity is taking place.

This website relies on temporary cookies to function, but no personal data is ever stored in the cookies.

Loading ...