If you haven’t read part 1 of this blog (The Double-Edged Sword of Local Admin Rights in Windows Environments), you can find it here.
If giving users admin rights is so dangerous, why does it still happen so often? IT professionals commonly face a few pitfalls and pressures that lead to over-privileging:
“We Need It for Productivity” – the Convenience Temptation: The number one reason organizations allow local admin access is to avoid hindering users. Developers and power users might need to install or update software tools frequently, and IT support may tire of fielding numerous helpdesk tickets for routine installs. Similarly, legacy applications might only run properly under an admin account, forcing IT into a corner. Granting admin rights can seem like the path of least resistance to keep the business moving. However, this short-term convenience creates a long-term security debt. Modern malware and attackers thrive in environments where “everyone is an admin.” It’s worth remembering that most employees do not actually need local admin privileges for day-to-day work – the apparent productivity boost can often be achieved in safer ways (addressed in the next section).
Legacy Habits and Inertia: In some companies, broad admin access is simply the status quo (“that’s how it’s always been”). This mindset can blind organizations to evolving threats. What might have been acceptable a decade ago is far riskier now, given the surge in ransomware and advanced threats targeting endpoints. As one security blog noted, IT must move beyond the complacency of “this is how we’ve always done it” because attackers certainly have not stood still. Sticking with old practices like ubiquitous admin rights can give hackers an easy path in.
Lack of Visibility and Control: A surprising number of organizations don’t actually know how many local admin accounts exist in their Windows environment. Without auditing, users may be added to the Administrators group ad-hoc, or local admin accounts might be left enabled on machines by default. This sprawl of privileged accounts goes unmanaged, which is a recipe for trouble. It only takes one forgotten account with a weak password to become an entry point for attackers. Regular audits of both domain and local group memberships are often neglected, meaning IT might be unaware of who has admin access on what systems.
Weak Password Practices (Shared Local Admin Passwords): A particularly dangerous pitfall is using the same local administrator password on every PC. This often happens with imaging or provisioning – a “golden image” is deployed to all machines with a generic local Administrator account/password for IT support convenience. The result is a security house of cards: if that password leaks or is cracked on one machine, an attacker now has administrative access to all those machines. Unfortunately, default passwords are rarely changed, and some organizations even follow easy-to-guess patterns for local admins. Attackers are well aware of these patterns. It’s akin to having one master key that opens every door – a single breach yields a systemic compromise.
Using the same local admin credentials on multiple PCs (often due to “golden image” deployment) creates a gaping security hole. If one machine is compromised, the attacker gains admin access to many. In this diagram, a cloned image with a default password (Password123) was deployed widely – meaning a leak of that password puts countless endpoints at risk.
User Backlash and IT Workload Fears: Another common challenge is the anticipated backlash from users – and increased workload for IT – if admin rights are removed. It’s true that suddenly stripping users of privileges can cause friction. Users may complain that they can’t install a needed printer driver or update an application without jumping through hoops. IT staff worry they’ll spend all day responding to elevation requests for minor tasks. In some cases, organizations have tried to lock down accounts, only to face so much pushback (and so many one-off support calls) that they reversed course and re-granted admin rights. This “failure” scenario often stems from not having a proper plan to accommodate user needs in a least-privilege model. It’s a real concern – but as we’ll discuss, modern endpoint management tools can mitigate this by allowing controlled, temporary elevation for approved tasks without making the user a full admin all the time.
Overconfidence in “Privileged” Users: Some administrators assume that certain users (e.g. developers or senior staff) can be trusted with admin rights and won’t do anything risky. While these users might be more tech-savvy or cautious, they are not immune to mistakes or targeted attacks. In fact, attackers often target IT-savvy users precisely because they have higher privileges. Even well-intentioned admins can accidentally misconfigure settings or click a bad link. No human is infallible. Principle of least privilege applies to everyone – not as a mark of trust, but as a safety net. As the saying goes, malware doesn’t discriminate; an exploit run under a developer’s admin account will do as much damage as under any other admin.
You can find Part 3 (Best Practices for Implementing Least Privilege on Windows) of this blog here.
