Why you can't have the Admin Password.

The Windows Admin Password is the last line of defence when protecting Windows computers from malicious programs. Once the Admin Password gets entered, it gives the program elevated privileges to make significant changes to the computer and other devices connected to the computer. Hackers put a lot of effort into tricking computer users into providing this password as it is vital for their attack to commence.

The UK's National Cyber Security Centre strongly recommends normal users don't have the Windows Admin password. And the Cyber Essentials certification requires normal users not to have access or knowledge of the Admin Password. That's why we set up subscribers with standard Windows accounts, which don't come with any administrative functions.

What to do if you need the Admin Password

Sometimes we get clients asking for the Admin Password. Typically because they have a bit of software, they need to install or update, and the Windows Admin Password is required.

Usually, subscribers will contact us when their computer requests the Admin Password. We always ask them why they need the password to check that they are not getting tricked into providing the password and letting hackers get in - maybe to deploy ransomware. 

Once we know the reason for the Admin Password, we will remote into the computer to take over the program's installation or upgrade. Kimbley IT will provide the password through confidential email when we cannot remote in. The password we provide is a use once password; once it has got entered, it can no longer function. During this process, the subscriber communicates closely with a Kimbley IT technician.

Most clients are happy for us to control the Administration aspect of their computers, as our reason for doing so is reasonable and understandable. While it might be a bit of a nuisance when you want to install a program or update, the trade-off for not getting hacked is well worth the minute or two needed to enter an Admin password.

It is rare for a subscriber to go against our advice. Those who decide to keep hold of the Windows Admin Password are putting their business at significant risk. And when they do get tricked and subsequently hacked, they may be surprised to discover that there is an additional charge to clear up the mess they created against our sound advice. If you're paying experts for advice, it is best to do what they recommend.