Least Privilege: Stop Browsing the Web as an Administrator
Least privilege is one of the most effective security controls for SMBs. Learn why removing daily admin rights dramatically reduces malware risk and how to implement it step-by-step on Windows.
The Problem
When a user logs into a computer with Administrator privileges, every program they run—including malware—inherits those same elevated rights. A single click on a malicious link or attachment can grant an attacker immediate control over the system with no barriers.
This is not a theoretical risk. The Essential Eight from the Australian Cyber Security Centre identifies restricting administrative privileges as one of the most effective mitigations against cyber threats.
Why This Matters
Malware and ransomware rely on elevated privileges to:
- Install persistent backdoors that survive reboots
- Disable security software including antivirus and endpoint detection tools
- Spread laterally to other systems on the network
- Access and encrypt sensitive files without triggering access controls
When you browse the web, open emails, or work on documents as an Administrator, you are handing attackers the keys to every room in your house before they have even picked the lock.
For small and medium businesses, a single compromised workstation can lead to network-wide ransomware encryption, data exfiltration, and days of operational downtime.
What Good Looks Like
A properly implemented least privilege environment looks like this:
- All staff, including owners and IT personnel, use Standard User accounts for daily work
- A separate, dedicated Administrator account exists for each person who needs one
- Administrator credentials are used only when explicitly required—installing software, changing system configurations, or troubleshooting
- Users are never inconvenienced because the elevation prompt makes legitimate admin tasks easy to approve
How to Implement It
Step 1: Create a Dedicated Administrator Account
Do not simply demote your existing account. Create a dedicated administrator identity:
- Open Settings → Accounts → Family & other users
- Select Add someone else to this PC (or Add account in Windows 11)
- Create a local account named something clear, such as
TechAdminorOpsAdmin - Once created, select the account and choose Change account type → Administrator
- Set a strong, unique password at least 16 characters long
Store this password securely—not on a sticky note or in an unencrypted document.
Step 2: Demote Your Daily Account to Standard User
- Log in using your new Administrator account
- Navigate to Settings → Accounts → Family & other users
- Select your regular daily account
- Choose Change account type → Standard User
- Log out of the Administrator account and return to your daily account
Repeat this for all users in your organisation. No one should use an Administrator account for email, web browsing, or day-to-day work.
Step 3: Adopt the Elevation Workflow
Once you are running as a Standard User, Windows will prompt you for Administrator credentials whenever a privileged action is required:
- Installing or updating software
- Changing system settings
- Running certain administrative tools
This prompt appears as a User Account Control (UAC) dialog. Simply enter your TechAdmin credentials, and the task proceeds. This takes roughly ten seconds and blocks the majority of automated malware attacks.
If a UAC prompt appears unexpectedly—without you attempting to install or configure something—stop and investigate. Unexpected elevation requests are a warning sign.
Considerations for Managed Devices
If your computers are managed through Microsoft Entra ID (formerly Azure AD) or a similar directory service, your IT provider or internal team can enforce least privilege centrally through:
- Group Policy for on-premises Windows environments
- Microsoft Intune for cloud-managed devices
Centralised management removes the need for users to self-manage their accounts and provides audit logs showing who elevated privileges and when.
Addressing Common Objections
”It’s too inconvenient.”
The elevation prompt adds approximately ten seconds to administrative tasks. Compare this to the days of downtime, data loss, and cleanup that follow a ransomware incident. The inconvenience is minimal; the protection is significant.
”Our software requires admin rights to run.”
Some legacy or poorly designed software does require Administrator privileges. Where this cannot be avoided, consider:
- Running the software in a dedicated virtual machine
- Isolating the machine from sensitive network resources
- Replacing the software with a modern alternative
Applications requiring permanent administrative access are a security liability and should be documented and reviewed regularly.
”I’m the owner—I should have full access.”
Administrator rights are not a status symbol; they are a risk. If your credentials are compromised, the attacker gains whatever access you had. Owners and executives are frequently targeted in Business Email Compromise attacks precisely because of their assumed authority.
Running as a Standard User protects the business, including the owner’s personal liability.
How This Aligns with Security Frameworks
| Framework | Relevant Control |
|---|---|
| ACSC Essential Eight | Restrict Administrative Privileges |
| NIST CSF 2.0 | PR.AA – Identity Management, Authentication, and Access Control |
| CIS Controls v8 | Control 5 – Account Management |
These frameworks consistently place administrative privilege restrictions among the highest-impact controls available.
Action Item: This week, create a dedicated Administrator account on one workstation and demote your daily account to Standard User. Use it for a full workday to experience the workflow before rolling out to the rest of your team.