May 17 · 4 min read
In the previous two parts (part 1 and part 2), we dealt with the importance of local admin accounts, the associated security risks, the need for managing them properly, and the risk mitigation strategies. In this part, let us analyze the pros and cons of eliminating local admin rights altogether.
One of the most effective approaches to reducing risks is eliminating the local admin accounts altogether and making everyone a standard user. But this approach leads to the introduction of the ‘request-approval’ concept, which is inefficient. Employees might have to wait for permissions resulting in delays, productivity loss, and frustrations.
This leads to the pertinent question: Is there a way to eliminate local admin accounts, overcome these hurdles and make the process seamless?
Local accounts with administrator privileges enable users to carry out software installations, change certain system settings and perform many other tasks without relying on help desk technicians and system administrators. When local administrator rights are removed, striking a balance between security and productivity becomes critical. This is where endpoint privilege management solutions come into the picture.
Endpoint privilege management basically relates to removing local administrator rights on Windows endpoints and elevating applications for standard users. The most important aspect here is that the privileges are NOT elevated for users; only the applications and processes are run with privileges. Users will always remain standard users.
While removing the local administrator rights forms just one part of the process, the other part relates to establishing a policy-based application control process. Administrators should be able to define and control which applications/processes can be run by standard users. This, in turn, leads to whitelisting trusted applications and preventing unapproved and malicious applications. This empowers standard users to seamlessly run approved applications (that would normally require admin rights) whenever needed.
There may be occasions when specific users would require broader privilege. There may be contingencies that would mandate full access to certain users. There should be provision for granting a time-limited, fully controlled, and comprehensively audited temporary administrator access on a need basis. Such access should be controlled by a well-defined workflow, which would take care of automatically revoking the access.
From an IT security perspective, eliminating local administrator rights on endpoints presents multiple benefits:
It is clear that eliminating local administrator rights is the best practice approach. How do we implement a least privilege model without impacting productivity?
This is where privilege management solutions like Securden Windows Privilege Manager come into the picture. Manual approaches could at best help you eliminate administrator rights. But only a policy-based, automated approach can help you achieve application control and ensure that user experience is not adversely impacted. Without the right tool, elevating applications, processes, scripts, and tasks for standard users could be counterproductive and frustrating.
Securden Windows Privilege Manager helps you to eliminate local admin rights without impacting productivity. It seamlessly elevates applications for standard users. Through robust workflows and policy-based controls, end-user experience remains the same even when administrator rights are removed. Securden makes the process seamless and scalable.
Granular application control, robust policy-driven approach
You can elevate administrator privileges to trusted applications for standard users through a fully policy-driven approach. Basically, you will whitelist applications, create policies and associate them with users and devices for seamless elevation on-demand. You will have granular control on which applications are to be elevated on specific endpoints, and by specific users or groups.
Seamless end user experience, various options
Even when local admin rights are removed, end users will be able to perform their activities without any interruption.
Continuous monitoring, complete control
One of the critical requirements mandated by various IT regulations is continuously monitoring the privileged access scenario. Even when the least privileges are enforced, organizations should be able to demonstrate the same. It requires continuously tracking and reviewing user access entitlements and auditing activities.
In summary, to reduce the risks associated with local admin accounts, you should carefully consider the mitigation strategies. The two options you have are: Eliminate the admin rights altogether or manage them properly. And whatever option you choose, you need the right solution. Check out Securden Windows Privilege Manager and Securden Unified PAM.
Ransomware attack on Colonial Pipeline: Executing cyberattacks, now a child's play!
With the easy availability billions of compromised credentials on the dark web, and the practice of password reuse rampant, hackers...
jun 7 · 5 min read
Eliminating Admin Rights and Controlling Applications (Part 3)
One of the most effective approaches to reducing risks is eliminating the local admin accounts altogether and...
May 17 · 4 min read
Looking for a Passwordstate alternative?
Passwordstate, an enterprise password manager developed by Click Studios, suffered a supply chain attack between...
Apr 30 · 3 min read
Local Admin Accounts Management: Microsoft LAPS Vs. PAM (Part-2)
In the previous post, we dealt with the importance of local admin accounts, the associated security risks, and...
Apr 06 · 3 min read
Top 10 password policy recommendations for sysadmins in 2021
Passwords are omnipresent in our personal and business digital environments. An average person has at least...
Apr 01 · 6 min read
Local Admin Accounts - Security Risks and Best Practices (Part 1)
We are all too familiar with the local administrator account that gets created automatically when installing a Windows...
Mar 19 · 4 min read
Poor password security practices cause massive security breaches
Weak passwords, password reuse, password sharing, hard-coded credentials, lax measures to storing credentials...
Mar 13 · 6 min read