When users have local admin rights, they have the power to do almost anything they want to their workstations. They can download any application, use any program, and even ignore or undo anything IT administrators do to their devices. Many users don't want to feel handcuffed, so admins sometimes let users be the masters of their own devices.
Granting local admin rights risks the installation of unapproved software, breaking business-critical applications and causing disruption and downtime. Administrative rights are dangerous to the health and well-being of your network. The misuse of administrative privileges is a key way in which attackers are gaining access to our networks.
Endpoints are where many of the greatest risks to enterprise security lie, and giving users control over those endpoints only opens networks to more risk. Malware is around every corner. Regular Web browsing and email phishing put Windows workstations at constant risk. If users have local admin rights, the risk is even greater because they can veto IT's security measures.
IT administrators should not let rampant local administrator rights put their organization at risk, and they cannot give users all the power and then wonder why they still face Windows security issues in the enterprise. Removing local administrator rights is a guaranteed way to improve Windows security.
How to Find Users with Local Admin Rights?
With Lansweeper, you have a super easy method of finding local administrators across your network close at hand. The Reports tab of the Lansweeper web console includes a built-in report called Computer: Unauthorized Administrators that lists unauthorized members of your computers' local administrator group.
By default, all local and domain users that are members of the local admin group on your computers are added to this report. You can then mark certain users as authorized to narrow down the report results and find users who should not, in fact, be administrators on their computers.
If you haven't already, download a free trial of Lansweeper to run the report and identify all local admins across your network.