Over the years, user permissions have confused many people. This blog post will delve into what is standard and admin accounts? What are the differences between them?
What is a user?
A user is an identity that has been created on a computer or computing system for an individual. For example, any time you register for an online account creates a user within the 3rd parties system.
Not every user account created in a system has to belong to an individual. There are many different types of accounts:
- Service Accounts – used for running programs
- System Accounts – used for storing system files and processes
- Admin Accounts – used for System Administration
What is an admin account?
An admin account is created for system administration purposes where they require special additional permissions. For example; you don’t want to give just anyone in an organisation the ability to install software or access confidential files. An admin account setup should always be a thought process to ensure you are providing the correct level of permissions. Regularly auditing user accounts is good to practise. But more so the admin accounts, as these are the accounts with the keys to the kingdom!
What is the difference between Standard Accounts and Admin Accounts?
As mentioned in the above paragraph, admin accounts have the keys to the kingdom. What do I mean by this? Admin accounts have the privileges to do just about anything on a device. For example; suppose you think about the IT support team in your organisation who need to perform several different tasks such as installing new software and updating systems. Every system or device will have at least one admin account. But preferably two to prevent lockouts and a single point of failure.
A standard account is your base for any other user as these are much more limited in privileges. For example, standard accounts do not have the rights to install new software or carry out certain upgrades. These tasks for a typical user will always prompt credentials from an admin account to proceed. Whilst these account types are limiting, they are essential to keep your systems protected in the event of a security breach.
What type of account should I be using?
The choice between which account type to provide a user can be easily lead by the fact an admin account doesn’t have any limitations. We are all human, and we all like to have the power at our feet if it is available!
However, having access to an admin account comes with an added security risk. so these account types should be used lightly. This is because of the additional privileges granted to an admin user; if the account were to be compromised, the attacker would have far greater access and the ability to cause significant damage.
On the other hand, standard accounts are much more restricted with what a user can do but have greater security. If we go back to the compromised account situation as discussed earlier, this time using a standard users account. The attacker has far less access and the ability to cause damage. This is because the attacker is only able to access what the privileges of the account allow and therefore cannot make system-level changes.
Should admin accounts be used for day to day activities?
A user should not use an admin account for day to day activities such as checking email or browsing the web as it increases the risk of the account being breached. All system administrators should have a standard account to be used daily. A user should only use the admin account for tasks that require the added level of access rights.
Allowing a system administrator to use their admin account for browsing the web or viewing emails presents an easy target for attackers using phishing attacks to gain access to the account. Once an attacker has access to a system admin account, they can go anywhere and do anything they desire within the system.
If you would like to know more about user account types or how best to use them, then use our contact form to reach out to us!