Yaksas CSC

Your Guardian in the Cyber World

Understand and restrict admin access in your organization

Leave a Comment

Understand and restrict admin access in your organization

In today’s time, providing users with unjustified administrator access on their work systems, could lead to significant business loss. A careless user may download a benign looking file and the next moment you may find yourself battling an organization wide ransomware attack. Here’s a quick guide for small business owners on how to tame this dragon:

The Dragon: Administrator Access

  • High privilege access to a system.
  • A user with this access can:
    • Add or remove programs from a system
    • Enable, disable or change system settings and services
    • Create, delete or modify users
    • Read, Modify or delete files for any user on the system
    • Disable or bypass security controls
    • In short, CAN DO ANYTHING on a given system

When to give Admin access?

  • When users are responsible for installing or uninstalling software from a system – Typically done by IT Support
  • For troubleshooting, enabling, modifying or disabling system settings and services – Typically done by IT Support
  • When a user needs to run certain software as administrator – must be provided on case by case basis
  • User is traveling or need it during a conference – must be provided on case by case basis, after duly understanding the business requirement, for a limited time period

When not to give Admin access?

  • To any user without any justified business requirement, this may include but not limited to:
    • Users having administrator access without the need of it
    • Users on shared machines
    • Users frequently attaching their machines to outside network (unless a justified business requirement is provided)
    • Users in senior management (unless a justified business requirement is provided)
    • Users responsible for sharing / transferring data (unless a justified business requirement is provided)

How to identify users with Admin access?

  • On Microsoft Windows:
    • Open a command prompt and type the following command:
      • net localgroup administrators (works on Windows XP and above)
  • On Apple MacOS:
    • Open the Apple menu
    • Select System Preferences
    • In the System Preferences window, click on the Accounts icon.
    • In the list of accounts on the left side of the Accounts window, locate your account
    • If the word Admin is immediately below an account name, then that user is an administrator on the workstation
  • On Linux:
    • Open a terminal window and type the following command:
      • grep ‘^sudo:.*$’ /etc/group | cut -d: -f4

Watch the video

Download the Request Administrator Access form by Yaksas CSC

Related Posts

Categories

Tags

(ISC)2 Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security command and control crte crtp cyber-warfare cybersecurity Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden ethical hacking forest enumeration hacker Information Security ISACA Kali Linux Mass Surveillance Mobile Security Narendra Modi offensive security Online Safety Password Penetration Testing pentest poshc2 powersploit Powerview privacy red team Risk Management Social Media user enumeration

Top Posts