2

I work as software engineer in a company. The IT deparment has decided to forbid powershell execution from our computers as part of the actions they are implementing to avoid Emotet malware. As software developer I use Powershell every day. From now on, they allow us to execute powershell only as Administrator, we can not use it as a regular users (if you try, an error message appears informing you that "this operation has been cancelled due to the restrictions specified for this computer").

In principle, I can always use Powershell as administrator in my every day routine but, coming from the Linux world where you are taught to avoid root shell unless strictly needed, I wonder... is running Powershell always as admin a good practice?

joanlofe
  • 131
  • 2

1 Answers1

2

is running Powershell always as admin a good practice?

Running anything with Administrator Privileges on Windows machines is generally not a good idea. With direct access to Windows API, ability to tamper with system files, registry, etc, an application with that kind of privileges is a serious security threat. Constrained language mode, turned on Applocker, or any other means to control the behavior of applications, logging, JEA, etc are a better way to control Powershell.

Since you did not clarify if there are any other methods of securing Powershell in your environment besides forcing it to launch in Admin mode, then the answer is NO, it is not a good practice to launch Powershell always as admin.

Rashad Novruzov
  • 658
  • 2
  • 13