Why Remove Local Admin Rights | FRSecure (2024)

Table of Contents
Local Admin Rights Removal Guide Download your free copy now Free Resource The Case for Removing Local Administrator Rights 5 Reasons to Remove Local Admin Rights Communicate the Importance of Removing Local Admin Rights Definitions Waivers Enforcement Cheat Sheets Checklists Incident Response Playbooks Policy Templates Program Guides Workbooks Local Admin Rights Removal Guide Get your free copy now! FAQs

Local Admin Rights Removal Guide

Download your free copy now

Attackers thrive on the misuse of local admin rights. By making too many people local administrators, you run the risk of people being able to download programs on your network without proper permission or vetting. One download of a malicious app could spell disaster. Giving all employees standard user accounts is better security practice.

See Also
How to Create a Local Account on Windows 11 (Home and Pro Editions)Active Directory AccountsHow to set up Windows 11 without a Microsoft accountAdd or remove accounts on your PC

This guide is meant to be a starting point for your business. It paints a picture of why it’s important to remove local admin rights for those that don’t need it and how you can convince management to let you do so.

This document will help you:

  • Learn why removing local admin rights is critical
  • Communicate the removal of local admin rights to decision-makers
  • Shape recommendations into actions and policies while logging the changes

Free Resource

Download our free Local Admin Rights Removal Guide now. Learn why it is important to remove local admin rights.

DOWNLOAD GUIDE

The Case for Removing Local Administrator Rights

The misuse of administrative privileges is a key method used by attackers to gain unauthorized access to our networks. In fact, misuse of administrative privileges is such an important issue that theCIS(Center for Internet Security), in their latest release of theCritical Security Controls 6.0, moved it from 12th to 5th in order to make it a higher priority for organizations to address.

The risk of being a local administrator is that you can install programs on the computer without asking anyone’s permission. The alternative is a standard user account, which can use programs and change settings that do not affect the security of the computer. When standard users try to do something that they do not have permission to do, the computer requests the credentials for an account that has local admin rights.

5 Reasons to Remove Local Admin Rights

  1. Helps keep malware off computers– Our computers can’t differentiate between good and bad software, so the only way to prevent the installation of malware is to prevent installations in general. If a malware infection occurs, the malware generally has the same rights as the person who is logged in which means that malware could be far more damaging if the person who is logged in has administrative permissions.
  2. Helps maintain protections that are in place– Local administrators have the ability to turn off organizational protections that have been put in place, like your antivirus, firewall, encryption and Group Policy. If the local administrative account is running malware, the malware has the ability to do the same thing!
  3. Keeps computers in compliance with organizational policies– Local admin group policies take precedence over Group Policy. This means a user with local admin rights (or an attacker masquerading as the user) can create their own policies or deny the system from reading Group Policies, effectively invalidating much of the security controls that the organization has put in place.
  4. Closes vulnerabilities– An annual report fromAvectoon Microsoft patch analysis reveals that removing local admin rights mitigates: a. 85% of all Critical vulnerabilities
    1. 99.5% of all Internet Explorer vulnerabilities
    2. 82% of all vulnerabilities affecting Microsoft Office
      Thestatisticsare similar for other software programs as well. Fewer vulnerabilities mean fewer opportunities for attackers to compromise your network.
  5. Helps defends against hackers– Administrative credentials are key targets of attackers looking to penetrate and exploit a network. Local administrator accounts provide enough privilege for attackers to impersonate other logged-on users or run exploit tools locally which can then be used to gain valuable information to further pivot into a network, escalate privilege and locate sensitive information.

By minimizing the number of local admin accounts, you reduce the opportunities for an attacker to gain sensitive access on your network. For the administrative accounts that remain, make sure you are monitoring the activity related to them. Strong, centralized logging, monitoring and auditing of these credentials can provide early warning that nefarious activity is taking place.

Communicate the Importance of Removing Local Admin Rights

When making a significant change to the network like removing local admin rights, it is important to communicate with and educate your users on the reasoning behind the change. It’s important that they understand a change in privileges is about protecting them (they can’t defend themselves against attacks they aren’t even aware of!) and not about lack of trust or trying to limit their ability to do their job effectively. Your users are much more likely to support initiatives like this when they understand the reasoning behind it.

Definitions

See Appendix A: Definitions

Waivers

Waivers from certain policy provisions may be sought following the FRSecure Waiver Process.

Enforcement

Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.

See Also
How do I log on as an administrator?

Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of contract(s), and related civil or criminal penalties.

Cheat Sheets

Checklists

Incident Response Playbooks

Policy Templates

Program Guides

Workbooks

Local Admin Rights Removal Guide

Get your free copy now!

Download Now

Why Remove Local Admin Rights | FRSecure (2024)

FAQs

Why should I remove local admin rights? ›

By minimizing the number of local admin accounts, you reduce the opportunities for an attacker to gain sensitive access on your network. For the administrative accounts that remain, make sure you are monitoring the activity related to them.

Tell Me More
Why no user should have local admin rights? ›

When misused, local admin privileges can cause severe damage to the user's computer, expose other computers on a given network, and make machines more susceptible to viruses and malicious actors, which creates even more challenges and problems for the organization's IT department.

See More
What are the risks of having local admin rights? ›

A user with local admin rights, or an attacker impersonating the user, can: Change boot and hardware configurations (enable/disable devices, change CPU and memory voltage and frequencies, etc.) Modify or delete storage volumes. Radically simplify malware techniques, such as code injection and DLL hijacking.

Tell Me More
Why would we want to restrict who is a local administrator? ›

An admin account has complete access to all areas of your network and system. Admin rights present a huge risk to the security of your data, as an attacker who infiltrates a business and has access to these rights could do significant harm.

Explore More
Why do we need admin rights? ›

Without administrative rights, you cannot perform many system modifications, such as installing software or changing network settings.

Know More
What do you need admin rights for? ›

Viruses or malware could end up being downloaded by accident because an employee installed what they thought was a legitimate software update, for example. Users with full admin rights are also able to copy sensitive data, edit source code for software and install anything on the device.

Find Out More
Can normal user install software without admin rights? ›

2 answers. Users can install any software that doesn't require admin privileges. Most software these days allow you to install per-user and don't require admin rights.

Learn More Now
How do I run without admin rights? ›

To run a program without administrator rights on Windows 10, you can right-click the program icon and select the “Run as different user” option. This will open the program with the default user account that you have set up on your computer.

Continue Reading
Does malware need admin rights? ›

A study done by Avecto, a leading security research firm, found that most malicious software, or malware, requires elevated privileges, or administrator rights, to complete its malicious actions.

Read The Full Story
How do I know if a user has local admin rights? ›

Double-click the Administrators group from the right pane. Look for the user name in the Members frame: If the user has administrator rights and is logged in locally, only his user name displays in the list. If the user has administrator rights and is logged into the domain, Domain Name\User name displays in the list.

Show Me More

How can I tell if I have local admin rights? ›

In the Control Panel window, double click on the User Accounts icon. In the lower half of the User Accounts window, under the or pick an account to change heading, find your user account. If the words “Computer administrator” are in your account's description, then you are an administrator.

Get More Info
What is the difference between local admin rights and domain admin rights? ›

Under administrator account type, there can be domain administrator (an admin user that works for te entire business network) and local administrator (admin right is only in the scope of the device itself).

Discover More Details
Can you disable local admin? ›

Type net user administrator /active:yes, and press enter. Wait for the confirmation and restart. To disable, open the command prompt as an administrator and enter net user administrator /active:no.

See More
What is the difference between a local administrator and a power user? ›

Administrator: Administrators have full system access, including access to Settings and Utilities. Power User: Power Users have similar access to Administrators but without access to Settings and Utilities.

Find Out More
Can you remove administrator permission? ›

To turn off administrator permission in Windows 10, first open the Control Panel. Then, navigate to User Accounts and select “Change User Account Control Settings”. Finally, in the User Account Control window, move the slider to the Notify Me Only When Programs Try to Make Changes to My Computer setting.

View More
Why do I need administrator permission when I am the administrator Windows 10? ›

If the folder you're trying to modify is a system folder or the PC's other user's folder, then you aren't supposed to be able to make changes to it, even though you are an administrator. If you must do it anyway, you have to set permissions on the folder so that your user will have proper permissions.

View Details
Top Articles
Raid Summoning Event
Zalog Livestream
Po Box 6726 Portland Or 97228
Planet Fitness Nesr Me
Latest Posts
Teen Leaks Links
Operations and Business Strategy of McDonald's
Article information

Author: Zonia Mosciski DO

Last Updated:

Views: 6666

Rating: 4 / 5 (51 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Zonia Mosciski DO

Birthday: 1996-05-16

Address: Suite 228 919 Deana Ford, Lake Meridithberg, NE 60017-4257

Phone: +2613987384138

Job: Chief Retail Officer

Hobby: Tai chi, Dowsing, Poi, Letterboxing, Watching movies, Video gaming, Singing

Introduction: My name is Zonia Mosciski DO, I am a enchanting, joyous, lovely, successful, hilarious, tender, outstanding person who loves writing and wants to share my knowledge and understanding with you.