Remove local admin: the MVP of simple IT security steps

Cybersecurity is a complex, ever-changing field branching into many intricate specialisms. Cybercrime, meanwhile, is a many-headed and increasingly sophisticated hydra.

Amid this end-to-end complexity, it can be comforting to know that some of the most effective IT security steps are surprisingly simple.

And the MVP of these simple but powerful IT security steps? Removing local administrator rights.

Here’s a closer look at why you should cut to the chase and remove local admin.

What do local admin rights permit?

First, let’s look at the privileges that come with local admin rights.

When a user is granted local admin rights, they have heightened control over their machine. They can install things and edit settings right away – no IT involvement required. A user with local admin rights, can, for example:

  • Add and remove software at will
  • Install (or uninstall) printers, hardware drivers, programs, etc
  • Delete system or network files
  • Disable antivirus/antimalware tools
  • Change computer settings like network configuration, power settings, etc
  • Have complete control over files, folders, services, and local user permissions management

As you can see, then, local admin rights give users the power to do almost anything to their workstations.

Why is this a problem?

A user being able to make changes to their machine might not seem like such a huge problem. After all, admin privileges make it much easier for the user to manage that machine. They don’t have to call someone over just to add a printer, or download an app, for instance.

So, why bother to remove local admin? (If, that is, it brings payoffs to the speed and convenience of workstation management?)

The unfortunate reality is that these slight payoffs are offset by substantial security risks.

Simply, cybercriminals thrive on the misuse of local admin rights. Or, to put it another way, every account with unnecessary permissions represents a potential opened door to malware.

Why you should remove local admin rights

When you remove local admin rights, you:

  • Prevent the installation of malicious apps / programs. Often, malware can have a deceiving appearance – and may appear to the user as a legitimate program, as a fun app, or as useful freeware.
  • Close the gap on any system vulnerabilities that can be more easily abused from a fully privileged account. (I.e., vulnerabilities yet to be discovered and patched, and so ripe for a hacker to exploit.)
  • Block third party access to a machine. Unwitting installation of malware gives cyberattackers a foothold into the company network. And from there, they can access your data and systems – making it possible to wreak all kinds of havoc.
  • Enforce cyberprotection. An admin user could disable your firewall, antivirus, encryption, and so on. By removing this option, you ensure machines are kept protected by company security measures.
  • Ensure compliance. With admin privileges, a user could fail to follow group policy – resulting in a potentially costly compliance failure.
  • Keep company machines running smoothly. A user without admin rights cannot write files or entries in places where admins can. Ultimately, this makes your PCs cleaner, more stable, and longer-lasting.
  • Minimise the impact of attacks. When a workstation has only limited permissions and access rights, bad actors are impeded. Meanwhile, the clean-up of the attack is made easier.

The clear takeaway is that removing local admin rights significantly reduces your security risks.

Remove local admin: a simple but essential step

Cybersecurity is daunting. But there are simple steps you can take to take to protect yourself and reduce risk. Of these, removing local admin is perhaps the quickest, easiest, and most effective of all.

Indeed, an Avecto study found that a staggering 94% of Microsoft vulnerabilities can be mitigated by turning off admin rights. So, what are you waiting for?

Further reading