Running a Windows OS with administrator rights allows you to install, uninstall, and make other changes to your computer.
You may ask, “Why is this not a good practice?”
Leaving your computer in admin mode opens you up to many security risks including viruses and malware that can potentially damage your business.
You’d think that running your PC with administrative rights would be the most secure way to operate. After all, you seemingly have total control over your system, with the ability to make changes and updates that others are unable to perform. However, running your computer as a member of the administrator's group actually opens your network up to Trojans and other cyber security risks.
How Are You Vulnerable as an Admin?
Think about everything you do on your PC. You surf the web, check your emails, work on projects, and access your confidential data. However, do you really know the security of the sites you’re visiting or the emails you’re opening?
Trojans can infiltrate during the simple act of visiting an unfamiliar site or opening a questionable email attachment. If you’re working as an Administrative group member, you’ve unknowingly given Administrative access to any Trojans or any other cybersecurity risks you may have picked up.
What Damage Can Trojans Inflict?
Once in, these threats gain the ability to reformat your hard drive, delete your important files, or create a whole new account with Administrative privileges, hijacking your entire system.
What’s more, if you’re a part of the Domain, Enterprise, or Schema admins group, an infiltrating Trojan gains the ability to create a new domain user with admin rights, putting your schema, configurations, or domain data at risk!
How Can I Mitigate Trojans and Other Cybersecurity Risks?
Intelligent Technical Solutions recommends adding your domain user account to the Users group only and not to the Administrative group to run your routine tasks. This includes running programs and surfing the web.
If you need to perform admin tasks, use “Run as” to start the program you need administrative credentials for. Doing this allows you to complete any administrative tasks without putting your data or system at risk.
The only things you should do as the administrator are performing operating system upgrades or configuring your system parameters. In this case, it’s recommended that you log completely off and then log in again as an administrator, complete the tasks, and then log completely out again.
Other Options to Improving Your Cybersecurity
The team at ITS is well versed on how to keep your systems completely secure and protected against unwanted Trojans and other nasty threats waiting to destroy your system. We can configure your accounts for you, so you won’t have to worry about setting up your Administrative accounts properly to mitigate your cybersecurity risks. We also run assessments to see where your network is most vulnerable to threats and help you close the gaps that leave you unprotected. With ITS managing your security, you’ll rest easy knowing your data is safe and in the best hands for your business.
FAQs
Trojans can infiltrate during the simple act of visiting an unfamiliar site or opening a questionable email attachment. If you're working as an Administrative group member, you've unknowingly given Administrative access to any Trojans or any other cybersecurity risks you may have picked up.
Why shouldn't you run your computer as an administrator? ›
Because administrative accounts are granted the ability to do essentially anything on the computer, every computer has one, and the majority of users use one as their sole/primary account, many forms of malware depend on using these accounts to wreak havoc.
What are the risks associated with users having administrator rights on a PC? ›
A user with local admin rights, or an attacker impersonating the user, can: Change boot and hardware configurations (enable/disable devices, change CPU and memory voltage and frequencies, etc.) Modify or delete storage volumes. Radically simplify malware techniques, such as code injection and DLL hijacking.
Is it safe to run things as an administrator? ›
Running a program as an administrator will guarantee that the program has full rights to do anything it needs to do on your computer. As this can be risky, Windows operating systems remove these privileges by default.
Can running a computer in administrative mode prevent attacks and viruses? ›
Expert-Verified Answer
The statement "Running a computer in administrative mode can prevent attacks and viruses" is FALSE. When running a computer in administrative mode, the user has full access to the computer, which means they can modify or delete system files.
Should developers have administrator permissions on their PC? ›
Developers work with a variety of tools, often experimenting with multiple things. They would need to upgrade their OS, change settings to replicate bugs, downgrade/update software, and even build their own tools. Most of these actions require programmers to have local admin rights or root access on their systems.
What are the disadvantages of administrator? ›
There are some aspects of working in admin that can put you off the job. These include: * Larger task load: As the admin person, you'll have the largest workload of anyone in the office. Maybe you can delegate some tasks to others, but you'll always be working under a demanding caseload.
Does malware need admin rights? ›
Research from CyberArk found that while many types of malware need local administrator rights to execute properly, 90 per cent of ransomware strains do not require them.
What security issues exist when an administrator logs in with an admin account? ›
Risk of malware entry
Most of the malicious software generally runs with the same rights as the user who is logged on. Local admin rights allow the code to be run on local machines with full privileges without user notifications exposing the organization to a broader attack.
Should I give users local admin rights? ›
While giving users these rights can be convenient, it creates serious security gaps. First of all, the users themselves can intentionally install unapproved applications or modify settings to streamline their work, without sufficient understanding of the security risks they might be introducing.
An administrator is someone who can make changes on a computer that will affect other users of the computer. Administrators can change security settings, install software and hardware, access all files on the computer, and make changes to other user accounts.
What can a system administrator do to protect against them? ›
How can you avoid security risks as a System Administrator?
- Update and patch regularly. ...
- Use strong passwords and encryption. ...
- Implement access control and authentication. ...
- Monitor and audit your systems. ...
- Backup and restore your data. ...
- Educate and train yourself and others. ...
- Here's what else to consider.
If you want to run a program with your admin token then you can use “run as administrator”, any programs you open that way will inherit your admin token and any programs that they open will inherit it from them. So if you open an admin command prompt, any program you launch from there will run with admin rights.
What are two ways to protect a computer from malware? ›
How to prevent malware
- Keep your computer and software updated. ...
- Use a non-administrator account whenever possible. ...
- Think twice before clicking links or downloading anything. ...
- Be careful about opening email attachments or images. ...
- Don't trust pop-up windows that ask you to download software. ...
- Limit your file-sharing.
While the best way is antivirus software, operating systems already come with programs like Windows Defender and Windows Security. There are also other, free programs like Avast and Kaspersky.
Why run as administrator if I am an administrator? ›
User Account Control (UAC) limits the permissions that applications have, even when you launch them from an administrator account. When you use "Run as Administrator," UAC gets out of the way, and the application is run with full administrator access to everything on your system.
Why do I have to run as administrator when I am an administrator? ›
While you are logged as admin, the programs you execute do not run with the fullest privileges possible. This is a security measure, as most people run Windows under administrator accounts and this was meant to diminish the risk associated with that, albeit just by a small amount.
What is the benefit of running IT as an administrator? ›
Benefits of adding another user as an administrator: * Full control: An administrator account has full control over the system, which means that the user can install software, change system settings, and access all files and folders.
What permission does a computer administrator have? ›
An administrator is someone who can make changes on a computer that will affect other users of the computer. Administrators can change security settings, install software and hardware, access all files on the computer, and make changes to other user accounts.
