Generally, when customers purchase personal computers for their homes, they frequently configure Windows to have administrator levels of privilege when they log in. This indicates that whoever has administrative rights is free to adjust their systems. Users are accustomed to having these capabilities and being able to install, update, or remove anything they want from their computers.
However, if Infiniwiz manages a computer, what we do for our clients' users, even if they are managers, is provide users with standard user privileges that stop them from accidentally damaging their devices and network.
Malicious or incompatible applications
Users frequently ask us for administrative rights to avoid requesting authorization to download desired applications. However, there are drawbacks to giving users administrative privileges. If a standard user has admin access, the entire company could be jeopardized if they are hacked while connected to the company's network. Let me explain.
Users may believe that the software they want to install on their devices is safe and available to use. However, there can be some difficulties in installing the software a user may wish.
- The software package can be out-of-date to the point where it is incompatible with the tools or applications we use for our clients or what the client's company uses for its operations.
- It's possible that the program won't properly work with that particular device.
- The software can be infected with a virus or be a virus disguised to look like the desired software.
Because of these potential problems, this could bring major issues for both the device and the company's network. We do not let users make changes independently. Therefore, users should contact Infiniwiz if they want to make any changes to their system so that we can ensure the right software or application is installed. Once contacted and the correct software/application is chosen, Infiniwiz will enter administrative credentials during installation when requested by the software.
Malicious links
Another risk with having administrative privileges that many users do not realize presents itself when reading emails or researching on the Internet. Some of those links we click in emails or search results via a browser may be malicious and could attempt to install a virus on the user's computer. With standard user privileges, the user will be prompted to enter administrative credentials. If, however, the user has administrative rights, there will be no password prompt or any indication of installation. The virus will install itself in the background. At best, the user will see a quick window flash before their eye.
We follow the same best practice
Therefore, it is one of our best practices to take away administrative privileges from users. This is practiced not only with clients but also internally within Infiniwiz staff.
Why can't you give me an admin password so I can enter it myself?
This is a logical question that begs itself, and there are two primary reasons.
Responsibility
Since we manage clients' IT environments, Infiniwiz takes responsibility for its actions and for any potential issues that may come up. Only one set of administrative credentials is used for the entire network/domain. Suppose the client and the company use it, and there is an issue. In that case, it is more difficult to determine the cause of it, and it often needs to be clarified whether it was made by the client or by Infiniwiz. Therefore, it is impossible to determine who is to take responsibility for it.
Consequences
No matter who caused the issue, it will need to be remedied. Some such solutions may be very labor intensive. For example, in case of ransomware infection, it may take hundreds of hours for Infiniwiz engineers to rectify a problem that a client user caused. This would create a resource burden for Infiniwiz or a financial obligation for a client. Thus, not sharing administrative credentials becomes easy to avoid sticky situations and promote mutually beneficial client-vendor relationships.
Managing your data
For example, individuals in charge of administration may need to remember their passwords or inadequately safeguard their login information, making it possible for hackers to access exposed or compromised data. One of our best practices is to keep a record of any administrative credentials related to your network environment if you are one of our customers. We store your passwords using our secure documentation software.
Client Documentation Release
I want to be clear that we do not hold any information hostage and will provide any credentials to export all technical documentation for a client upon request. However, this request must be approved by a designated client administrator.
Infiniwiz's overarching objective has always been to guarantee that clients have the right security tools and monitoring so that organizations may continue to succeed. Therefore, we do not want to jeopardize that due to a human error of a user having complete or co-managed admin control that could endanger a system. We will ensure that business information is adequately secured, monitored, and managed by IT specialists who want the best for your business process. If you have any questions, feel free to contact us!