Ask the Expert

Should an enterprise change administrator rights to accomodate new users?

Our organization is currently deciding whether a user should have admin rights. We typically give a new user admin permissions so that they can log on to the domain. Before we finalize our decision, what are the pros and cons of allowing users to have admin rights on their system?

    Requires Free Membership to View

When granting users access to your system, a good rule of thumb is the Principle of Least Privilege. This idea suggests that each user should only be granted the minimum system access rights necessary to do his or her job; in other words, access to the fewest applications and resources that their roles require them to use.

Consider these questions before making a decision: How many and what kinds of users will need access to your system? Are they non-technical people in finance and marketing that only need limited access to certain applications, files, spreadsheets or databases? Do they have access to customer information, company trade secrets or other high-risk data?

As the number of users grows, and the risk level increases, there is less reason to grant admin rights.

Using admin rights to open up your desktops, even if only for logging on to the domain, gives your users rights that you might not want them to have. With these privileges, users can change system resources to add unauthorized software and hardware, open USB ports to allow unauthorized uploading or downloading of data and make changes generally incompatible with the consistency of your enterprise system.

Enterprise desktop use should be based on standards agreed upon for the whole company. Once the setup policy is determined, it should be locked down and kept consistent.

However, it is sometimes necessary to grant admin rights. For example, today many commonly used Windows applications can only be run by those with administrator privileges. Fortunately, Microsoft plans to fix this with the release of the Windows Vista operating system.

More information:

  • Visit our resource center for news, tips and expert advice on improving Web access control.
  • Learn how to manage user permissions.
  • This was first published in December 2006

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: