Dangerous Elevated Access

Free tips and tricks:
Dangerous Elevated Access in your Organization

From Microsoft’s help site:
Standard User Account is more secure and recommended for everyday tasks like launching and using apps, browsing the web. An Administrator account is best as a backup account for Administrative task like installing applications, updating the system

If you’ve used Linux or UNIX, you may have already heard of sudo. In Linux and UNIX in general, there is a concept of using a non-privileged user for most general tasks. You only elevate your privilege to admin level when you need it via a command called ‘sudo’. This even extended to software you need to install on the system. If you have a service running, you don’t want to run it as root (admin) if you can help it. You want to run it with the least amount of privilege that you can.

Unfortunately, most computer operating systems get you going by starting you out with an admin level user. This means that you can install anything on your computer. This is not always to your benefit. You might want to be warned that what you are about to do requires elevated privileges, and be prompted for the login / password of a more privileged account.

How do I check to see if I have this problem?

Microsoft has a more in-depth step by step located here:

Here’s a quick summary. On Windows, go to “Settings” then “Accounts”.
Look for the account you are currently logged in with.

Here is an example of a “Standard user” from Microsoft’s support website. In Windows 10 this is sometimes called a ‘Local user’. As long as you don’t see ‘Administrator’ like the above, you are ok.

If your system looks like this and doesn’t say “Administrator”, you are GOOD!

An Easy Fix:

One of the biggest gains in security for any organization is to eliminate working under a privileged account. It is easy to resolve for anyone. Look no farther, here are the steps for you to follow. It is all about the logic of doing this in order. Follow the steps, and you’ll be fine. So starting from the above where we have an “Administrator” level account appropriately called “admin”, this is all we have to do!

  1. Add another “Administrator” level user to your machine. You want TWO Admin accounts.
    1. If you need a step by step on how to add a user, click here for a link from Microsoft.
  2. Log out of your current account.
  3. Log into the NEW administrator level user account.
  4. Select “Change Account Type”
  5. Demote the old account you are currently using to being a “Standard user”.

This is the best way to preserve all your settings and work that you have done so far. In the future, you will be prompted for elevated privileges when you need them. This way, elevated privileges are not on all the time!

Going forward, when you need to install or update a program, supply the admin credentials you just created. It is as simple as that!

We hope you found this helpful!
Feel free to share our tips and tricks with your friends and colleagues.