Why Can't I Have Local Admin Rights to My Desktop?
We often think of security in proactive and reactive terms. Both are needed, but proactive is always best. Examples of proactive measures include software whitelisting, content filtering, firewall rules, enforcing strong password requirements and managed security software.
Perhaps the most proactive measure is to not allow users to have local admin rights on the desktop. This prevents users from (accidentally or knowingly) accessing and changing certain settings within Windows, including firewall, anti-virus and anti-malware settings.
A common question asked in reference to not having local admin rights is “Why can’t I update my software?” Almost all software requires the logged in user to have local admin rights to perform updates. As your computer is unable to differentiate between good and bad software, the only way to prevent unauthorized software from being installed is to prevent installation of all software, good and bad, until your IT vendor can safely test and apply updates on your behalf.
The following excerpt is from the Microsoft Windows Security Resource Kit:
“Always think of security in terms of granting the least amount of privileges required to carry out the task. If an application that has too many privileges should be compromised, the attacker might be able to expand the attack beyond what it would if the application had been under the least amount of privileges possible.”
Following security best practices is important. Keeping your installed software updated and patched with vendor-supplied updates and security patches is a part of following these best practices.
It's For Your Own Good
Security is important, and you already know this. Proactively preventing unauthorized software, malware and viruses from entering our secure environment is our highest priority at CloudKoala. We are continually monitoring and upgrading software and hardware to protect your data and applications.
Our commitment to security goes beyond the financial investment in software and hardware as the best products are only as good as the deployment. I have personally used this recent COVID-19 quarantine time to begin studying and scheduling my next level of SonicWall Technical Certification, “SonicWall Network Security Professional (SNSP).”
Security and usability are not competing priorities, and the expertise of your IT vendor can help to balance risk and efficiency so your team is both protected and productive.
If you have questions about security settings in your current environment, give me a call at 704.293.8233 or email me at email@example.com.
Colin Schmitt is President and Founder of CloudKoala, a full-service IT solutions firm based in Charlotte, NC supporting small and midsize businesses across the US since 2002. For more information, visit www.cloudkoalatech.com or email firstname.lastname@example.org.