Administrative access is the 4-wheel privilege of personal computers.
When you need the capabilities and increased power of a 4-wheel drive vehicle, it is a real confidence boost to know you have it. When you need to install or configure software and some hardware, having administrative access to the computer also instills confidence of success. In both cases, this confidence can come at a price. Increased purchase and maintenance costs and additional complexity may be the outcome with the truck. There can be unintended consequence involving admin access on personal computers.
Depending on which expert you listen to, between 75% and 98% of all known computer security compromises would be prevented by limiting or restricting accounts with administrative access. For instance, most Trojan or worm based viruses need to be installed or make registry edits, which can’t happen if the account logged on, when exposed to the virus, is not an administrative account.
Improvements in operating systems, specifically User/Group definitions and right assignments; service and support resources (think IT helpdesks, internet group forums, etc.); compromised/misused accounts (with admin access), and; computer industry and cybersecurity best practices have all had impacts, both good and bad, on the practical determination of whether it is appropriate for an account or user have administrative rights to their computers.
Security best practices, published by most computer, operating system and software manufacturers now strongly suggest a computer owner/techie have two accounts on their computers; one non-administrative user account for almost all-normal interaction with the computer, and; one administrative account for “Run As” functions, such as software installations.
Operating systems now, for the most part, provide for account/user or groups to have access to perform some essential functions, such as setting up printers, and remotely accessing the computer using non-administrative accounts with an appropriate group membership.
If administrative access is required on a UTMB desktop/laptop computer, the Helpdesk (call ext. 25200) can provide temporary admin privileges to install or configure software and provide assistance troubleshooting other issues possibly pertaining to access permissions. If persistent administrative access to a UTMB resource is required, please complete and submit the Special Access Request form, available online at https://www.utmb.edu/infosec/FormsLibrary, for review and approval by the Office of Information Security.