Why don’t I have Administrator Credentials?! We’re asked this question from time-to-time, and the short answer is it is standard IT policy for any professionally managed IT network. If you’re keen to understand why this is the case then read on!
IT History – Standardisation
In any business or organisation, standardisation in your IT systems is an essential factor in ensuring smooth and efficient operation. Imagine a situation where every single device was set up in a bespoke manner. No standardisation, differing password policies, differing software, differing access rights to directories and so on. Every user of any device able to make amendments to their PC/laptop as they see fit.
Now try to imagine administering and managing such an IT system from an IT Management perspective. Any time a staff member had a problem, the IT technician would have to run a huge amount of diagnostics in order to figure out what may be going wrong. This is because each PC/laptop has a non-standard setup and settings may have been changed by the user since the last time the computer had an issue.
It shouldn’t be too difficult to realise that managing such a chaotic approach would make the IT management nigh-on impossible. This would lead to significant knock-on effects, not the least of which would be dramatically reduced inefficiencies in the workforce.
So, in keeping with any operation, standardisation is the watchword for efficiency. IT is no different.
That’s the backdrop for why standard IT policies are so important. To the specific issue raised in the blog-title, standard users don’t have the ability to change settings on their system or download software. The former is part of IT standardisation, the latter relates to cybersecurity, which I will come onto next.
Why do you need Administrator credentials?
If a user is insisting on Administrator credentials, the question you need to ask is ‘why do they need them?’ Most people leave car maintenance to the experts. In these days of electronic engine management, it takes an expert to conduct a full car service or repair.
In other words, just because you can drive the car, you don’t mess with what’s under the bonnet (the hood for our US readers). Just because you know how to use your PC/laptop – why do you want or need the ability to mess with ‘what’s under the bonnet’?
Administrator credentials are best left in the hands of professionals who, to be blunt, know what they are doing.
The Cybersecurity problem
Let’s say you, the user of your computer, have Administrator credentials. Let’s also say you don’t go near the operating system or settings. What you do, however, is download software. It may be perfectly legitimate software. So what’s the problem?
Imagine you click on a link in an email. The email looked legitimate. Nothing happened when you clicked the link. No foul no harm, right?
Wrong. The link has opened up a channel to a hacker, and because you are an Administrator, they too can download software to your computer. Be assured that the software they put on your device is not there to help you – it’s there to get your data and to steal funds.
I can provide numerous references of businesses who have fallen victim to cyberattacks that could have been avoided by the simple measure of removal of Administrative rights for all staff – including directors.
Still think you want Admin rights for your computer? Then don’t take my word for it – take a look at the National Cyber Security Centre website. It’s a standard recommendation. It’s worth noting your organisation will receive an immediate-fail on any Cyber Essentials assessment as well.
As we say to all our customers – please listen to our advice. We’re offering it in your own best interests!
PS – in case you’re wondering – I’m a standard user at Fresh Mango Technologies. Just because I’m the MD I neither want nor need ‘Admin rights’. If I need software to be installed on my computer, I do the same as we ask of our customers – I log a support request ????
