One of the IT security best practices in desktop usage is to run a computer on the least privilege required. This means, an end user should log into his PC / laptop as a standard user and not as an ‘administrator’. This is applicable to both, home and enterprise environment. The advantages of such least privilege computing are listed below.
1. Malware protection
Most malware fail in their goal of creating havoc to the PC / network, as they do not have ‘Administrator’ privilege to get installed.
2. License Compliance
Users cannot install unlicensed software with out administrator privilege. This preventive control is better than a detective control of auditing for unlicensed software periodically.
3. IS Policy Compliance
Information Security Policies of enterprises require certain configuration settings to be made on the computers to secure the enterprise IT assets. These configurations may relate to password settings, anti-virus settings, audit trails etc. If end users have admin privileges, they may change the computer configuration settings to their likes and thereby open the enterprise to security risks and IS Policy non-compliance.
4. Fewer Helpdesk Calls
By avoiding malware installation and computer mis-configurations through ‘admin’ privilege restriction, the support calls logged to IT Help Desk drop dramatically whereby the IT team can focus on more productive initiatives. In case a user needs an elevated privilege for any particular purpose, he may request the IT team for a limited release of ‘Admin’ privilege under IT supervision.