About your device's administrator account

On a computer, an administrator account or group has complete access to make system changes on that computer. You should use the administrator account only when it's required for certain tasks, such as modifying other user accounts on the device, installing software, and changing network settings.

You need to know the administrator password on your computer to make such changes.

On this page:


The account named "Administrator" has all possible rights, as does everyone in the Administrator local security group, while other users have some minor administrative rights (e.g., they can modify anything in their home directories). A computer must have at least one administrator account.

Indiana University policy Security of Information Technology Resources (IT-12) requires that you normally refrain from running your Windows computer as an administrator. For more, see What is the principle of least privilege?

To use administrative rights:

  • You will be prompted for an administrator account name and password when needed; this feature is called User Access Control, and it is enabled by default. UITS recommends you leave it enabled. If you do disable it, you can re-enable it by following instructions from Microsoft's TechNet.
  • If a particular software program on your computer requires you to be logged in as an administrator, right-click it from the Start screen or menu, and select Run as administrator.

Unix, Linux, BSD, Solaris, and Mac OS  X

Unix computers and Unix-based operating systems typically have one unrestricted account, normally called "root" or the "superuser". The root user has full access to all files and directories on a Unix system, and many low-level tasks must run as root. In addition to the root user, some Unix implementations have a group of administrative users, sometimes called the "wheel" group. Administrator accounts do not have full access to the operating system, but can escalate their status to root to perform certain tasks.

Because the root user has such unrestricted access, administrators typically do not log into it or operate as root continuously. Instead, they assume root-level access using the sudo command. At a command prompt, permitted users can enter sudo and their password, and then execute the command they normally don't have access to. Alternatively, if administrators need to operate for a period of time with root privileges, at a command prompt they can enter sudo -s and their password, and then function as root within the terminal window for as long as they need to.

Normal users on a Unix system do not have access to sudo and cannot perform system-related tasks. However, they still have the ability to install some software and customize their environment. Each user has a home directory in which to save documents, install programs, and maintain personal preferences.

This is document aorq in the Knowledge Base.
Last modified on 2018-01-22 16:04:15.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.