But I need to install software for my job!

You still can - just through our approval process. Request the software, we verify it's safe, and install or approve it. Most requests are handled within 15 minutes during business hours.

What if I need to do something urgent?

Call us. For genuine emergencies, we can provide temporary elevation or install software immediately. We're not here to block your work - just to do it safely.

Our old IT company let us have admin rights

Many do - it's easier for them but worse for you. We've seen businesses crippled by ransomware that exploited admin rights. The minor inconvenience of our approval process is nothing compared to a £200,000 ransom demand.

Do you have admin rights to our computers?

Yes - but only through separate, audited admin accounts. We don't browse the web or check email with admin privileges. Our access is logged and can be reviewed anytime.

Is this required for Cyber Essentials?

Yes. Cyber Essentials requires that users only have the access they need for their jobs. Blanket admin rights for all staff will fail certification.

Technology Explained

Why We Remove Local Admin Rights

We know it feels restrictive when you can't install that software yourself. But here's the reality: 94% of critical Microsoft vulnerabilities are mitigated by removing admin rights. It's one of the most effective security measures we can implement - and with our approval process, you barely notice the difference.

Talk to an Expert Call 01584 517 234

What is it?

Local admin rights let someone make any change to a computer - install software, modify system settings, disable security tools. It's the master key to the machine. The problem? If you have admin rights and click a malicious link, the malware also gets admin rights. It can install ransomware, disable your antivirus, and spread across your network. Your one moment of inattention becomes a company-wide crisis. By running with standard user rights, you create a safety net. Even if you're tricked into running malware, it can't do much damage without admin access. It's like the difference between dropping your house keys and dropping a key to every building in town. This is a core requirement for Cyber Essentials certification and a fundamental security best practice.

Business Benefits

Malware Can't Take Hold

Without admin rights, malware can't install itself properly, disable security tools, or persist after a reboot.

Fewer 'Oops' Moments

Accidental system changes, driver conflicts, and broken configurations become rare when users can't modify core system files.

Cleaner Systems

No more mystery toolbars, unwanted programs, or 'I don't know how that got there' software cluttering machines.

Compliance Ready

Required for Cyber Essentials certification and expected by most enterprise clients in their security questionnaires.

Risks Without It

Ransomware Execution

Admin rights let ransomware install, spread, and encrypt. One careless click can cost hundreds of thousands in recovery.

Disabled Security

The first thing sophisticated malware does is disable antivirus and security monitoring. Admin rights let it succeed.

Lateral Movement

Attackers use admin rights to steal credentials and spread across your network - turning one compromised PC into a company-wide breach.

Audit Failures

Most security frameworks require least-privilege access. Admin rights for all staff will fail Cyber Essentials, ISO 27001, and client audits.

How Fresh Tech Implements This

We use a combination of Microsoft Intune and privilege management tools to handle this properly. Here's how it works in practice: For software installation: When you need new software, submit a request through our helpdesk. We verify it's legitimate, then either add it to your approved applications or use elevation control to install it for you - often within 15 minutes. For genuine admin tasks: Some tasks genuinely need elevated rights. Our tools can grant temporary, logged admin access for specific actions without giving permanent admin rights. For IT staff: Users who genuinely need admin access (like your internal IT) get separate admin accounts for privileged tasks. They use standard accounts for email and browsing - keeping admin access away from everyday risks.