A recent survey of more than 600 IT security professionals, conducted by privilege management provider Viewfinity, found that the majority of respondents — 68 percent — do not know who in their organizations has local administrator rights.
Following the 68 percent who did not know who had local administrator rights, 20 percent said that between 15-30 percent of their user base still had administrator rights on their Windows-based endpoints. “Admin rights” can be used by malware to install malicious software on local computers through the administrator account.
You need to know who has admin rights and limit those who have admin rights. If you are doing server administration, you need to setup a separate account for administering servers from your everyday user account. But not knowing who has admin rights is just plain wrong.