Why You Should Not Use an Admin Account (2024)

An account with administrative access has the power to make changes to a system. Those changes may be for good, such as updates, or for bad, such as opening a backdoor for an attacker to access the system. While an administrator would hopefully not do anything nefarious to his/her company’s systems purposefully, the act of using administrative accounts for daily activities can lead to just that.

When penetration testers are attempting to compromise a system, they are looking to “gain admin.” This is no different from a malicious attacker who also wants to gain administrative rights to a system or, even better, a network.

Allowing a systems administrator, especially one with Domain Administrator privileges, to access his/her e-mail and the Internet via their administrative account makes it easier for attackers to introduce malware via a phishing attack or gain those credentials by using impersonation, which is a very common attack in the Microsoft Windows environment.

Therefore, it is important for administrators to have a separate, normal account for their day-to-day activities to reduce the risk of inadvertently compromising the system. Using a normal account without administrative privileges for activities such as browsing the internet, reading email, and creating documents provides an additional layer of protection against cyber threats.

A normal account can also help with accountability and auditing. By using a separate account for administrative activities, administrators can be held responsible for any changes made to the system. It also makes it easier to track changes made to the system and identify any potential security breaches.

Using a normal account for daily activities and a separate administrative account for system management is a best practice in maintaining the security and integrity of a system. It is a simple but effective way to reduce the risk of cyber threats and ensure that administrators are held accountable for their actions.

When an organization is creating accounts and roles for its employees, most are familiar with the concept of least privilege, which is the idea of giving an individual access within the system to do only what is needed to fulfill the individual’s job duties.

For example, the mail room clerk is not going to be given access to payroll and engineers will not have access to Human Resources files. This logic needs to apply to Windows administrators as well.

When a person is logging into a workstation to do normal daily work, such as checking e-mail or surfing the Internet, or even troubleshooting, they should log on as a typical user. Then, when job circ*mstances require the individual to have privileged access, they should switch to a separate, privileged account to perform those tasks in the system.

Microsoft Windows has an option to allow commands to be run as an administrator with separate authentication if it is needed. This does several things:

1. 1. it ensures an administrator does not inadvertently make a change without knowing that is an administrative change (it does happen);
   2. it ensures the administrative credentials are only used for administrative tasks and
   3. it ensures that use of administrator privileges is appropriately logged within the system as evidence of the work performed.

The hardest part of implementing privileged and non-privileged accounts for administrators is push back from the administrators themselves. They may make statements about two accounts slowing down their work or making them less productive, when in fact they already log into multiple systems a day and some systems may require different login credentials anyway, so one more login will not affect their productivity significantly.

The time and money it could save in dealing with attacks or mistakes made while using an administrator account would be less than a minor inconvenience in the short term that will become second nature in the long term.

They may also say it is impossible to do certain tasks, but that is not an excuse to always use administrative accounts for all activities. In fact, Microsoft introduced the “run as Administrator” option way back in Windows XP. It is still a feature in Windows 11, and it has been expanded upon to increase the protections around Administrator accounts.

Many administrators just want more control of their systems. However, the systems belong to the organization they support and need to be protected in the same way as a server especially since the administrator has direct access to more sensitive components on the network and using the same username and password combination weakens any security that is in place.

The idea of least privilege is not new; it is a requirement of FISMA 800-53a (AC-6) and considered an industry best practice by SANS, US-CERT and the NSA. So don’t delay.

Start moving to the use of non-privileged accounts for all users, not just your standard employees, as soon as possible.

Many of the companies who turn to LBMC for penetration testing also take advantage of one or more of our other information security services—fromrisk assessmentstointrusion detection and prevention. By sharing information across functional areas, we are able to ensure that our testers stay on top of the latest attack techniques, emerging threats, and creative defenses, which improves our assessment and testing techniques and the quality of the resulting threat intelligence we provide to our clients.

To learn more about why we’re your choice for the best penetration testing company, contact us or call 1-844-526-2732.

Don’t miss out on latest security news from our LBMC team.