In today’s time, providing users with unjustified administrator access on their work systems, could lead to significant business loss. A careless user may download a benign looking file and the next moment you may find yourself battling an organization wide ransomware attack. Here’s a quick guide for small business owners on how to tame this dragon:
The Dragon: Administrator Access
- High privilege access to a system.
- A user with this access can:
- Add or remove programs from a system
- Enable, disable or change system settings and services
- Create, delete or modify users
- Read, Modify or delete files for any user on the system
- Disable or bypass security controls
- In short, CAN DO ANYTHING on a given system
When to give Admin access?
- When users are responsible for installing or uninstalling software from a system – Typically done by IT Support
- For troubleshooting, enabling, modifying or disabling system settings and services – Typically done by IT Support
- When a user needs to run certain software as administrator – must be provided on case by case basis
- User is traveling or need it during a conference – must be provided on case by case basis, after duly understanding the business requirement, for a limited time period
When not to give Admin access?
- To any user without any justified business requirement, this may include but not limited to:
- Users having administrator access without the need of it
- Users on shared machines
- Users frequently attaching their machines to outside network (unless a justified business requirement is provided)
- Users in senior management (unless a justified business requirement is provided)
- Users responsible for sharing / transferring data (unless a justified business requirement is provided)
How to identify users with Admin access?
- On Microsoft Windows:
- Open a command prompt and type the following command:
- net localgroup administrators (works on Windows XP and above)
- Open a command prompt and type the following command:
- On Apple MacOS:
- Open the Apple menu
- Select System Preferences
- In the System Preferences window, click on the Accounts icon.
- In the list of accounts on the left side of the Accounts window, locate your account
- If the word Admin is immediately below an account name, then that user is an administrator on the workstation
- On Linux:
- Open a terminal window and type the following command:
- grep ‘^sudo:.*$’ /etc/group | cut -d: -f4
- Open a terminal window and type the following command:
Watch the video
Download the Request Administrator Access form by Yaksas CSC
Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.
