About your device's administrator account


Overview

On a computer, an administrator account or group has complete access to make system changes on that computer. You should use the administrator account only when it's required for certain tasks; at such times you'll need to know the administrator password. At IU, many tasks, including the following, require use of the administrator account:

  • Create, modify, or delete accounts on the computer

    If you share your computer with others, you will need an administrative account to manage the individual accounts. You'll use it to create account passwords for others on the computer, and to change account names, pictures, passwords, and types.

  • Install and/or uninstall certain programs

    Sometimes you must log into the local account to install or uninstall programs. Make sure you are logged in with administrator privileges when you install or uninstall any programs so everyone who logs into the computer will have a working copy of the software.

  • Remove a virus or log into Safe Mode to remove a virus

    Some virus removal tools and manual removal instructions require you to log in as an administrator to properly remove the virus. Also, if the manual removal instructions require you to go to Safe Mode, you will need full access so the virus protection can completely scan the computer.

  • Unlock the computer regardless of who is logged in

    If someone else is logged into the computer or forgets the password, knowing the local administrator password will allow you to log in with that account and reset or unlock the computer.

  • Connect to IU's Active Directory Services (ADS) domain

    For more, see:

If you have forgotten your administrator password, follow the directions in Set or reset a Windows administrator password.

Windows

The account named "Administrator" has all possible rights, as does everyone in the Administrator local security group, while other users have some minor administrative rights (for example, they can modify anything in their home directories). A computer must have at least one administrator account.

Note:
Security of Information Technology Resources (IT-12) requires that you normally refrain from running your Windows computer as an administrator. For more, see About the principle of least privilege.

To use administrative rights:

  • You will be prompted for an administrator account name and password when needed; this feature is called User Access Control, and it is enabled by default. UITS recommends you leave it enabled. If you do disable it, you can re-enable it by following instructions at Use Msconfig to Disable and Enable UAC.
  • If a particular software program on your computer requires you to be logged in as an administrator, right-click it from the Start screen or menu, and select Run as administrator.

macOS, Linux, BSD, and Solaris

Unix computers and Unix-based operating systems typically have one unrestricted account, normally called "root" or the "superuser". The root user has full access to all files and directories on a Unix system, and many low-level tasks must run as root. In addition to the root user, some Unix implementations have a group of administrative users, sometimes called the "wheel" group. Administrator accounts do not have full access to the operating system, but can escalate their status to root to perform certain tasks.

Because the root user has such unrestricted access, administrators typically do not log into it or operate as root continuously. Instead, they assume root-level access using the sudo command. At a command prompt, permitted users can enter sudo and their password, and then execute the command they normally don't have access to. Alternatively, if administrators need to operate for a period of time with root privileges, at a command prompt they can enter sudo -s and their password, and then function as root within the terminal window for as long as they need to.

Normal users on a Unix system do not have access to sudo and cannot perform system-related tasks. However, they still have the ability to install some software and customize their environment. Each user has a home directory in which to save documents, install programs, and maintain personal preferences.

Related documents

This is document aorq in the Knowledge Base.
Last modified on 2022-01-03 11:40:42.