Ease-of-use vs. Security – Why local admin accounts are a bad idea

We recently wrapped up a Windows 10 upgrade project for a client, and during that project, had removed local admin rights for users as a security precaution. As a result, users began receiving prompts when they attempted to upgrade or install software, and unfortunately, this new behavior was not well received.

This client operates in an industry where software updates are at times received fast and furious, and the inconvenience of not being able to install them on the fly was deemed too great to handle. As a result, we were asked to restore setting up user accounts with local administrator privileges.

There have been many, many articles written about why local admin rights for your users is a bad idea as it’s an invitation for a user to inadvertently install potentially malicious items on their computer. Removing local admin rights is often cited as the most important step one can take to mitigate the risks of falling victim to ransomware. We worked to educate our client as to why their request was against best-practice, but they favored ease-of-use over security.

This is an example of the decisions users make every day regarding the balance between ease-of-use and security. What is important is that the user understands the risks they may be accepting, as well as the potential consequences.