1 min read
Why local admin rights still matter
Ransomware and commodity malware love over-privileged users. How to shrink admin without breaking work.

Most malware only becomes a company-wide problem when it runs with local administrator rights.
The SMB pattern
Everyone is admin “so printers work.” Attackers love that default.
A saner model
- Standard users by default
- Separate admin accounts for IT (and use them rarely)
- Application control or just-in-time elevation for the few apps that need it
Expect some friction
The first week surfaces shadowed software and ancient installers. That discovery is the point.
Ready to remove standing admin rights? Submit a ticket.
