No!  You cannot have admin access!

Every IT administrator has been asked by users "can't you just give me admin access", and any admin worthy of their title should have replied "No!". 

But why?  Why can't everyone just be an admin on their own system?  What's the difference between an admin account and an standard user account?

Admin vs. User Account - Important Differences you need to understand

Administrator accounts (or admin accounts) are basically the most powerful account type on a computer. They have permission to do just about everything on a machine – think of the IT guys at the office whom you have to ask before installing applications, updating software, and other operations. Every computer needs to have at least one admin user somewhere.  If you have a system and have never created a separate're most likely using the admin account as your daily everyday normal account, and this is a bad thing.

A standard user account is typically a bit more limited in capabilities. The ways in which they are limited can vary depending on your operating system. Typically, standard accounts can’t install new software or access critical system files. They can access user files and do most of the typical day-to-day work, but as a rule, standard accounts are prohibited from making serious or permanent changes to the computer system.

Non-admin accounts can be locked down in a variety of ways. With user controls, administrators can place much more severe restrictions on these accounts. This runs the gamut from prohibiting certain applications and URLs to setting a daily time limit.

Hint to parents - this time limit can come in handy with kids playing games.


Why User Accounts are actually SAFER than admin accounts

The most important reason you shouldn't be using an admin account for your regular everyday duties is because the standard account is actually safer and more secure than the admin account. Seriously!  Admin accounts have absolute permission to do whatever they want on a system. And as the business owner or the primary user of a system, it might make sense to use an admin account as your main account. But this has some serious security risks associated with it. If malware is installed under your administrative user account, the malware can do anything that you can do. So the more permissions your user account has, the greater damage the attacker can do.

Regular non-admin accounts don’t have as much authority. Malware installed under a non-admin account can’t make many if any damaging changes to the system files. And attackers that gain access to a standard non-admin account can only access that user’s files. As a result, the restrictions of standard accounts work in your favor should an attacker or malicious program gain access to your account.


STOP 90% of Microsoft vulnerabilities with User Accounts

Did you know that nearly 90% of all Microsoft vulnerabilities can be mitigated by not having your users be admins?  Depending on the version of your Microsoft system (Windows 7, Windows 8, Windows 10, etc.) there are plenty of sources to prove this.  Just do a search for "removing admin rights mitigates Microsoft" and you'll see what I mean.

Look, I fully understand it is annoying to have to switch between accounts, but the security benefits should prove to be well worth it.  Isn't your business worth it?