Technical talk – How we deal with local admin permissions at Riihicloud
How does your organization deal with local admin accounts and give users more permissions in the age of Zero Trust?
One of the guiding principles of Microsoft’s Zero Trust is using the least-privileged access possible, limiting the user’s access to when they need it and giving them only just enough access.
At Riihicloud, we have several Smart Packages in our arsenal to help you achieve your goals related to local admin accounts. One of our most popular and ordered Smart Packages is the Add Admin Rights to User package which gives the user local admin permissions for the requested time. Most commonly for either 5 or 60 minutes. The user can easily install this Smart Package from the Company Portal when needed and a small pop-up is shown when the admin rights have been granted. During this time the user may install an application or make a small modification to Windows.
Using this Smart Package takes the pressure off IT support and gives them time to work on more important tasks, saving time and generating more value. It is also included in our service free of charge unlike Microsoft Intune’s Endpoint Privilege Management (EPM), which must be purchased separately for each user either as a standalone or as part of Intune Suite. EPM must also be configured and managed, taking away those precious resources.
Another common Smart Package is our Remove Users from Local Admin Group, which makes sure that the client doesn’t have any local accounts with admin privileges, as these may pose a security risk.
With the help of our Endpoint Analytics service organizations can look at many important metrics related to their endpoint client’s health and security. One metric that can be seen is the amount of local admin accounts on the client. This data can be used in making a decision and rectifying the situation with the above-mentioned Smart Package.
Sometimes local admin accounts are appropriate, and we make plenty of partner and customer-specific Smart Packages to address that need. One option is to use Windows Local Administrator Password Solution (LAPS), this requires effort from the organization’s IT, once again diverting resources elsewhere.