Least User Privilege (ed-lup-01)

Administrative Rights to Local Machines


What is Least User Privilege? (1)

the principle of least privilege reduces security risk by requiring all users, even those who have been granted administrator privileges, login with access only to the information and resources that are necessary for meeting a legitimate purpose. The principle of least privilege is widely recognized as an important design consideration in enhancing the protection of data and reducing risk across the enterprise.


Computer security is the primary driving force behind this change in user account management procedures. In recent years, malicious behavior (hackers) have significantly increased their ability to compromise systems, making these systems participants in illicit activities, and/or making them vulnerable to harvesting of institutional data or intellectual property. The majority of daily business related computer operations do not require administrator (privileged) account access because few individuals need to install or update applications every day. Furthermore, there are a significant number of administrative computing users that cannot point to any business reason for having administrator control of their computer.

Why the Change in Operating Philosophy?

It is true that most systems within the College were originally configured to allow all users to administer their computer, but this was in a time when computer hacker undertaking malicious behavior were not as sophisticated and able to remotely install detrimental software as easily as they can today. Unfortunately, even relatively benign and official/well-known web sites can unknowingly have been compromised and may contain malicious code that automatically downloads and installs when a user simply visits the site and selects what appears to be a valid web page link. The downloading and installation of malicious code happens in the background; so, unsuspecting users have no idea that their computer has been compromised. A compromise can be anything from installation of software that harvests data from a disk, monitors keystrokes, to enrolling the computer as a "BotNet" relay, and leveraging these captured devices to create a denial of service attack on key internet service providers, businesses and research institutions including Universities.

How does "Least User Privileges" Affect Daily Operations?

The short answer: very little. All users can perform their normal business functions without noticing anything different. However, a user cannot install software on their computer while operating in this mode; the benefit is that both hackers and users are prevented from inadvertently downloading and installing a malicious application from the web, infected USB devices and or Flashdrives, etc.

How may Individuals Install Software if Least User Privileges are enforced?

If an individual has a valid need to install software on their computer, there are generally two ways:

  1. If the user is approved to run a second local account with administrative privileges on College owned WinOS device 
  2. If the user has a valid license and uses a College owned MacOS device they can use the Managed Software Center
  3. Submit a Help Ticket 
  4. Request one of the information Technology Staff to remote in and assist. You must have a valid license.

It should be stressed that the use of Administrator Account privileges should be restricted to those individuals that require this type of access. Operating computers in a least privilege mode is a best practice for everyone; users should never routinely operate their computer in an Administrator Privilege mode. 

Are There any Issues with Migrating to a Least User Privileges Account?

Some applications may encounter problems when a system runs in the least privilege mode. Most of these problems have been successfully addressed by modifying the permissions for the folders used by these programs. For the very few programs that must run with administrative privileges, commercial utilities are available to allow these programs to run with system level privileges while the login account continues to run in Least User Privileges mode. Example: Managed Software Center for MacOS.

Final Observation:

While this change in computer operating procedures protects against many threats, users must still be diligent in how they manage their system because the hacker community continues to invent new and ingenious techniques to compromise existing security measures.

College of Education Policy on Least User Privilege:

It is the policy of the College of Education that all computer users log in for day-to-day access using accounts that do not have administrative privileges. Users who have a frequent need to install software or who daily engage in specialized activities that require administrative access may be assigned a different account with administrative privileges. This person must submit a user exemption form, including significant justification, to the Associate Dean for Research, Outreach, and Technology in the College of Education. The user exemption form can be found as a drop down option when submitting a help ticket for support. The user acknowledges and understands that performing higher level functions correlate with the added responsibility and accountability for related or associated security issues.

1 Source: 1 April 2009, Electronic and Computer Services, cdcadm/computing/090331 Least User Privileges.docx, College of Engineering, Authorized by: wjb, Rev. May 14, 2014, Rev. Nov. 3, 2016