department menu

What happened to Windows local admin privileges?

The vast increase in malware over the last few years has led to a number of different preventative strategies. It turns out that one of the most effective is for us to stop using an account with local admin privileges for our day-to-day work.

A study done by Avecto, a leading security research firm, found that most malicious software, or malware, requires elevated privileges, or administrator rights, to complete its malicious actions. Some forms of malware's sole purpose is to provide an unauthorized user account with administrator privileges so that a malicious actor can install spyware and other disruptive softwares, such as ransomware.

Statistical results of the Avecto 2016 Microsoft Vulnerabilities Study show that:

  • 94% of critical vulnerabilities discovered in 2016 could be mitigated by removing administrator rights
  • 66% of all vulnerabilities could be mitigated by removing admin rights
  • 100% of vulnerabilities in Microsoft Edge and Internet Explorer softwares could be mitigated by removing local admin rights
  • 99% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights
  • 93% of vulnerabilities affecting Windows 10 could be mitigated by removing local admin rights

Why is malware such a problem?

Early malware programs were written as experiments and/or pranks, where the malicious aspect of the software was often unintended.  Today, malware is used by hackers and governments to spy on people and businesses and in most cases, exfiltrate, or steal, sensitive or confidential information.  

For more information on malware, visit these webpages:

How does malware affect user productivity?

Some malware is designed to disrupt your computer use by opening numerous web pages, known as pop-ups, or by using the resources of your computer, such as its processing power and memory, so that you are not able to complete your computing operations.

Other malware is not designed to disrupt your computer use, but instead is designed to provide attackers with back doors in to systems, or let attackers exfiltrate data by constantly monitoring your computer use and collecting your passwords, sensitive data, or your browsing habits. In some cases, attackers have even used the data they gathered with the less intrusive malware to blackmail people.

In either of these cases, it is imperative that the malware infection be remediated as soon as possible to avoid any breach of data, which often means that you will be without your computer for at least several hours. We want to minimize both the disruptive effects of malware, and the disruption caused by the required malware cleanup, so to minimize cases of malware infection in the first place, local administrator rights are being removed.

Local administrative rights on campus computers

With the release of Window 10, the new Microsoft Windows operating system version, user accounts are not created with local administrator rights. We expect this to drastically reduce the time we spend repairing systems and prevent malware infections on campus.

There are two ways to install applications without local admin privileges. A new program has been installed on all Windows systems here on campus called "Software Center." Software Center allows users to install programs that have been proven to be legitimate. We are working tirelessly to ensure that all the software needed by our users has been made available through software center. For more information visit the "Installing Software through SCCM Software Center" web page. If you need to install a program that is not currently available, please contact helpdesk@csusm.edu. For faculty, who frequently travel or need to install applications on their systems, a separate local administrator account can requested by contacting helpdesk@csusm.edu.  For faculty, who frequently travel or need to install applications on their systems, a separate local administrator account can requested by contacting helpdesk@csusm.edu