Keeps computers in compliance with organizational policies – Local admin group policies take precedence over Group Policy. If the local administrative account is running malware, the malware has the ability to do the same thing! Helps maintain protections that are in place – Local administrators have the ability to turn off organizational protections that have been put in place, like your antivirus, firewall, encryption and Group Policy. If a malware infection occurs, the malware generally has the same rights as the person who is logged in which means that malware could be far more damaging if the person who is logged in has administrative permissions. Helps keep malware off computers – Our computers can’t differentiate between good and bad software, so the only way to prevent the installation of malware is to prevent installations in general. When standard users try to do something that they do not have permission to do, the computer requests the credentials for an account that has local admin rights. 
The alternative is a standard user account, which can use programs and change settings that do not affect the security of the computer. The risk of being a local administrator is that you can install programs on the computer without asking anyone’s permission. In fact, misuse of administrative privileges is such an important issue that the CIS (Center for Internet Security), in their latest release of the Critical Security Controls 6.0, moved it from 12th to 5th in order to make it a higher priority for organizations to address. The misuse of administrative privileges is a key method used by attackers to gain unauthorized access to our networks.
The Case for Removing Local Administrator Rights
0 kommentar(er)
