Admin rights are the biggest Windows security problem


Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

Avecto has released an analysis of Microsoft’s security lapses and patches over the last few years.  It makes interesting reading even though the headline conclusion hasn’t been well understood.

Administrator Rights problem

Most media have focused on a quote from the report that says

“94% of Critical Microsoft vulnerabilities would be mitigated by removing admin rights across an organization”

Which suggests that removing administrator rights will solve many Windows and Office security problems.

Oh, how we wish it where that simple.

In medium and large organizations, the IT department can and should limit administrative level access to only those users who really need it.

But that’s often not practical for smaller firms, families and individuals.  Happily, Microsoft has protections in place to reduce the risk.

User Access Control

Many home and small business accounts have administrator access. That’s because you’re regularly installing/updating software or changing settings which need admin access.  Switching from a standard account to different Administrator account is a pain.

In years past, many people had Adminstrator access all the time.  With that came the real risk of being infected because any virus could immediately run with high level access.

The solution in modern Windows is User Access Control (UAC).   Even an administrator level account normally runs with Standard user permissions only.  When something with higher level access is required, you get a UAC prompt that the more risky access level will be used.

admin rights are the biggest windows security problem 12582 - Admin rights are the biggest Windows security problem

Over familiarity can become a problem. It’s a trap to simply click Yes every time you see a UAC prompt without considering what caused the prompt to appear.

For anyone who doesn’t need full admin access, consider making them a Standard user.  Go to Control Panel | User Accounts | Manage another account.  Select the user then ‘Change the account type’.

admin rights are the biggest windows security problem 12583 - Admin rights are the biggest Windows security problem

For users with administrative access, you can change when the UAC prompt appears.  At Control Panel |User Accounts choose ‘Change User Account Control settings’.

admin rights are the biggest windows security problem 12584 - Admin rights are the biggest Windows security problem

The default is to notify when programs try to make changes to the computer but not when you change Windows settings.

admin rights are the biggest windows security problem 12585 - Admin rights are the biggest Windows security problem

For better security, but more UAC prompts, raise the slider to the top ‘Always notify’ level.

admin rights are the biggest windows security problem 12586 - Admin rights are the biggest Windows security problem

This won’t protect you from Windows security problems, but it makes the hackers job a little harder.

 

subs profile e1563205311409 - Admin rights are the biggest Windows security problem
Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address