There are several reasons why it is considered a best practice to not allow all users to have permanent administrative privileges:
Firstly, granting permanent administrative privileges to all users can significantly increase the risk of unauthorized access and data breaches. Admin-level permissions give users the ability to make system-wide changes, which can lead to unintended consequences, such as accidental deletion of critical data or the installation of malicious software. Limiting administrative privileges to only those who require them for specific tasks can help to reduce the risk of such incidents.
Secondly, limiting administrative privileges can also help to reduce the impact of successful cyber attacks. If an attacker gains access to an account with administrative privileges, they can potentially cause extensive damage to the system or steal valuable data. By limiting the number of accounts with admin-level permissions, organizations can reduce the number of potential targets for attackers and limit the damage that can be caused if an account is compromised.
Finally, WSSU has obligations to comply with Cyber Insurance requirements, which includes measures to mitigate the risk of cyber attacks. Limiting administrative privileges is one such measure that can help to reduce the likelihood and impact of successful attacks, and failure to implement such measures may result in decreased coverage or even denial of claims.
In summary, limiting administrative privileges to only those who require them for specific tasks is considered a best practice to reduce the risk of unauthorized access and data breaches, limit the impact of successful cyber attacks, and comply with Cyber Insurance requirements. WSSU is evaluating each privilege access request on a individual basis depending on the justification provided.
________________________________________________________________________________________________________________________________________________________________________________________________________
If you believe your job function requires permanent Administrative Privileges use the below RAMTech ticket in order to request this:
*Be sure to be detailed in your description of your job role, then why and how often you require administrative privileges*
RAMTech Ticket Form
If you require temporary Administrative Privileges to manage/update applications or any other tasks that require elevated privileges follow the below steps to request this through CyberArk:
Click the up arrow on the right side of your taskbar and right-click the CyberArk Endpoint Privilege Manager button as depicted above.
Select "Open CyberArk EPM Control Panel" from the options after right-clicking.
Select "Request Administrative Privileges" from the window that opens.
Enter your detailed justification and need for the Administrative Privileges and click OK.