How does your organization handle local admin accounts and grant users’ additional permissions in the age of Zero Trust?

One of the guiding principles of Microsoft’s Zero Trust is using the least-privileged access possible, limiting the user’s access to when they need it and granting only minimal required access.

At Plentics, we offer several Smart Packages to help achieve your goals related to local admin accounts. One of our most popular and requested Smart Packages is the Add Admin Rights to User package, which grants local admin permissions to the user for a specified time—typically for either 5 or 60 minutes. The user can easily install this Smart Package from the Company Portal when needed, and a small pop-up notifies them when admin rights are granted. During this time, the user can install applications or make small modifications to Windows.

Using this Smart Package reduces the burden on IT support, allowing them to focus on more critical tasks, ultimately saving time and generating greater value. This service is included at no additional charge, unlike Microsoft Intune’s Endpoint Privilege Management (EPM), which must be purchased separately for each user, either as a standalone or as part of the Intune Suite. EPM also requires configuration and management, further diverting valuable IT resources.

Another common Smart Package is our Remove Users from Local Admin Group, ensuring that client devices do not have any local accounts with admin privileges, as these may pose security risks.

With the help of our Endpoint Analytics service, organizations can monitor important metrics related to endpoint client health and security. One such metric is the number of local admin accounts on client devices. This data supports decision-making and helps rectify the situation using the above-mentioned Smart Packages.

In some cases, local admin accounts are necessary, and we create many partner- and customer-specific Smart Packages to meet those needs. One option is to use the Windows Local Administrator Password Solution (LAPS), though this requires effort from the organization’s IT team, once again diverting resources.