EZ MSP Blog
Tip of the Week: Who Should Have Admin Accounts?
Depending on their work roles within your organization, your employees will either have an ordinary user account or an administrator account. This can be one of the more stressful parts of managing a network, as the answer for who gets administrator access isn’t always clear. We’ll explain what an admin account is and why it’s important to have restraint when looking at who should have an admin account.
Why is an Admin Account Such a Big Deal?
An administrator account is basically the highest level of privilege that you can give to someone on your network. Compared to the traditional user account, an admin account can do much, much more--and this isn’t necessarily a good thing. Keeping more traditional accounts than administrator accounts is a best practice because it minimizes risk to your network. This keeps an ordinary user from making drastic changes to a network, like installing software or moving important files around.
Admin accounts can perform just about any action they want on a computer. Think of it as the way IT accesses a computer, as they need these permissions to apply updates and administer general maintenance. Every computer needs to have at least one admin account on it, but untrained users should not have admin permissions, as this could result in file changes that prevent the computer from working as intended.
Why You Need to Limit Admin Account Use
It might make sense to have admin permissions for your own computer account, but it’s actually not in your best interest. This is because there are major security problems that come from using an admin account as your primary device account. If the device is compromised in some way, the account could install malware with administrator privileges or make changes to important files. Even if you think you’ll need the extra privileges, we assure you that you don’t in almost any circumstance--at any rate, the security detriment isn’t worth it.
Standard accounts will generally have more limited permissions, which means that a compromised account will only yield certain permissions, not the entirety of the computer. This is why we suggest limiting administrator accounts only to whoever is in charge of IT.
If your business needs someone to manage its IT solutions, EZ MSP can help. To learn more, reach out to us at (914) 595-2250.