Local Administrator Rights: How Much Power Do You Give Employees?

“With great power comes great responsibility.”

Any Marvel fans out there? Surely you recognize this nugget from Ben Parker, which inspired the heroic actions of Spiderman.

This sentence could also apply to local administrator rights in a small business. Local administrator rights refer to the level of access an employee has to his work computer.

There are two types of rights: user rights and administrator rights. If the employee has user rights, he can perform daily functions but can’t install updates or programs to the computer. However, if he has administrator rights, he has unrestricted access to every component of his computer.

Following the Spiderman theme, you might look at this as “With administrator privileges comes great responsibility.”

This is actually a fairly hot-button issue in the IT world. A quick scan of IT forums shows competing arguments.

For example, this user asked a question about local admin rights and received 194 responses. And even though the initial question was asked in 2012, it’s still generating responses as recently as a month ago.

And while this one didn’t generate quite the buzz, it still raised the same arguments.

The Two Sides to Local Admin Rights

In the debate about local administrator rights, people gravitate toward one of two camps. We’ll name the one camp “Nope” and the other “Yasss.”

Nope

via GIPHY

The “Nope” camp advises employees have User access. They believe only the IT person should have access to the login over all the devices.

The rationale is this: Administrator privileges are just too risky for employees. If an employee is negligent and something goes wrong, the IT person risks liability.

Of course, different IT technicians have different levels of “Nope.” Just because an employee only has User access doesn’t necessarily mean he’s totally locked out.

Yasss

via GIPHY

The “Yasss” camp gives local administrator rights to every employee. Usually, this comes with proper auditing, so the IT person can see who made what changes. From there, she can roll back changes if an employee performs an erroneous or risky action.

Why We at Techs Are Yasss People

In a larger company, you might expect an IT person on staff who works full-time. If you need access, you’d just have to walk down the hallway or dial his extension. There, it might be feasible for employees to have User access.

Most small businesses, however, can’t afford a full-time IT person for their staff. So they hire somebody outside to handle IT work for them.

At Techs, we’re all about empowering you. So we recommend the IT person has a login over all the devices using a password only they know, and employees have administrative access to their workstation to make small changes.

Read, this is not just the owner, it’s every single user.

Also read, this isn’t access over the entire server. It’s just administrative access over their work station.

Two Reasons We Believe Administrative Access Is a Best Practice

If only the IT person has administrative access, it can pose to problems.

1)     It can pose an interruption to the workflow.

Say a computer needs an update that requires administrative access. The small business would have to call their out-of-office IT person, who might be tied up with another client. Suddenly, work is at a standstill because of a simple routine/maintenance task.

Some of the simple tasks that can cause massive interruptions include:

1) Updates to Java. These updates usually come in the form of a box that has a Yes or No option. Without administrative access, you would have to enter a password to install the update.

2) To run a program. Sometimes, if a main application is written incorrectly, your operating system will prompt that you need administrative access every time you try to run it. This doesn’t happen often, but it happens with some organizations, especially those in Point of Sale using Customer Relationship Management systems.

3) Chrome browser updates. If you’re using Chrome (which we would recommend) and you don’t have administrative access, you’ll have to enter a password for every update.

4) Install a new program. You might buy a program from a reputable source to improve efficiencies around the office. But if you don’t have administrative access, those efficiencies might be put on hold.

Plus, it’s annoying to have to call your IT person every single time you have to make a change.

2)     It can pose an insecurity to the small business itself.

As an owner, if you don’t have administrative access over your infrastructure, you’re putting way too much power into the hands of your IT person. If something were to happen to her, this could cause serious problems for your company.

But There Is a Risk to This…

In most circumstances, this is never a problem. But, from a security standpoint, viruses generally creep in because of negligence on an employee’s part. For example, an employee might blindly click Yes to an update they aren’t familiar with.

At Techs, we feel this is an acceptable risk. If your IT person has done his part to educate the team, then the real security lies in the hands of the users.

Education consists of three components:

Creating a secure environment. From the get-go, IT establishes an infrastructure that is free of compromises.

Explaining what employees should and shouldn’t do. Has your IT person explained the basic protocols for computer usage?

If he hasn’t, these are the basics: Don’t assume everything’s OK. If a program is asking permission to run on your computer and it doesn’t have an owner with which you are familiar, like Microsoft Corporation — or if it isn’t something you are conscious of trying to install — don’t click it. When infections try to hit, a lot of times they start by asking for administrative access.

Being available to answer questions. If an employee is unsure about something, they should be able to contact the IT person. This can save your company a lot of heartache.

A small business environment is a trust environment. At Techs, we believe the best way to empower you is to trust you. Contact us if you have any questions.

Leave a Reply

Your email address will not be published. Required fields are marked *