Don’t let privilege creep be the downfall of a project to secure your company’s IT systems.
What is Privilege Creep?
Despite the work Microsoft has done to make Windows easier to run with standard user access, some Windows features and legacy applications still require administrative privileges. When users experience an issue, the first step that the helpdesk often takes is to grant administrative privileges to check that the problem isn’t caused by a lack of access rights.
Even if the problem turns out not to be caused by standard user permissions, administrative privileges are often deliberately left in place so that the user doesn’t continue to call the helpdesk, or the privileges are simply forgotten and never removed. This phenomena of moving from standard user privileges to administrative rights is referred to by system administrators as privilege creep.
What are the Reasons for Privilege Creep?
The motives for granting users administrative privileges vary from one environment to another, some of the most common are:
- The ability to connect hardware, such as printers and scanners
- To install new programs or update software
- Problems associated with legacy applications
- Access to Windows tasks or features that require administrative privileges
- Addressing support issues when users take notebooks out of the office
- Pressure from end users on helpdesk staff
The Consequences of Privilege Creep
While administrative privileges will both solve some issues in the short term and appease users, problems will occur further down the line as a direct result of granting these rights. When users are given administrative-level access to Windows without the assistance of a 3rd-party privilege management solution, the elevated rights cannot be rationally limited to just one task or application. Administrator rights give users, or malicious processes running in the security context of the user, the opportunity to compromise the system and any data processed therein.
Moreover, users can circumvent other controls, such as Group Policy settings, allowing changes to critical system configuration that might render PCs unstable or insecure. Logging in to Windows with administrative privileges also significantly increases the risk that vulnerabilities can be exposed in applications or the operating system, and reduces the overall reliability and stability of Windows, leading to a higher total cost of ownership.
In managed environments where organizations distribute customized Windows images, any configuration work undertaken as part of that process can easily be reversed by administrative users, including the ability to install unlicensed software. It is important to maintain a stable and known configuration to ensure that IT can provide adequate support, comply with regulatory mandates, and secure desktops so that users have a consistent and dependable computing experience.
Avoiding Privilege Creep
- Understand how privileges are used across your network before admin rights are removed: in the long run, you’ll experience fewer problems with users logging tickets to the helpdesk because they are unable to run applications or complete tasks that require privileged access.
- Use a third party privilege management solution to allow granular privilege control. Microsoft’s built-in tools do not allow IT to elevate privileges for end users in a way that enables them to carry out the tasks necessary while still providing a secure computing experience.
- Don’t forget the notebook users. They’re harder for IT to provide support to due to the more infrequent availability of remote access. Do you have the provision to grant your remote users temporary access to a given task or application, without granting full administrative privileges?
Be Secure and Flexible
Whilst some users may be able to support themselves when given administrative privileges, this increases the potential for damage and also prevents organizations from meeting the requirements of industry standards or regulatory compliance mandates, demonstrating poor governance. As such, it is always prudent to remove administrative privileges and implement a 3rd-party solution to give standard users the flexibility to perform the tasks required for their everyday duties.
Russell Smith, IT Consultant & Security MVP
Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.
Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.