• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 141
  • Last Modified:

Login to computer through Admin Priviligies

Hi all,
Just wanted a bit more insight on what are good and bads about logging into your work computer through admin privileges? means I know Admin account has lot of security privileges which can be exploited but is it really a big threat? I though having an Administrator user account (local/domain) is much bigger threat then this.
the reason to login to work computer with admin privileges is because to run applications like sccm, sql, sharepoint etc....
0
Leo
Asked:
Leo
2 Solutions
 
McKnifeCommented:
Please read my article https://www.experts-exchange.com/articles/24599/Free-yourself-of-your-administrative-account.html where I show a way out of this dilemma.
And please explain "I though having an Administrator user account (local/domain) is much bigger threat then this." - I don't understand what "this" should mean as "this" should be the same.
0
 
LeoAuthor Commented:
Thanks for that article, now if I want to run a security audit across the network, is there a tool which can be used?
0
 
McKnifeCommented:
What should that audit find out exactly?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LeoAuthor Commented:
Security holes in infrastructure , people who are using admin accounts to log on to there computers, any batch scripts which are running, service accounts whose passwords haven't been changed and general overall security health of infrastructure.
thanks.
0
 
McKnifeCommented:
Sorry, but this is really a totally different question, in fact, a set of questions. Please start new threads.
0
 
QlemoC++ DeveloperCommented:
Even if you leave attacks aside, you need to consider accidental actions like changing/deleting important files from protected areas. As non-admin you at least need another confirmation. On the other side, if you get conifrmation prompts for almost every action you have to take, they are useless ;-).
0
 
McKnifeCommented:
"As non-admin you at least need another confirmation" - as admin, too, at least when UAC is at default level.
0
 
Mike TLeading EngineerCommented:
Hi,

Short answer is that you need to ban logging in as the following on workstations:

domain admin
local admin

Users need restricted accounts. Power users need power accounts. No-one but no-one needs to be domain admin and logon to a workstation. Ever.
Even on servers limit it to a handful of trusted, authorised and competent (ideally certified) people. If they are not certified, go on training and get it. There's no excuse.

Always go for "least privilege" which means give people only enough permissions to do the things they are meant to be allowed and no more.

As for SCCM, well it does the permissions for you. You still don't need to logon as admin to make it work. In fact it's not going to help at all because it uses Local System which beats even domain admin anyway.

As for an auditing tool, create a new question and I'll try and remember what I've used in the past.

Mike
0
 
McKnifeCommented:
@Leo
I see you didn't ask any related questions, yet. You should. The additional questions reach far beyond this one.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now