How to Handle Admin Tasks with a Non-Admin Account?

It's generally considered more secure to use a dedicated Privileged Access Workstation (PAW) for tasks that require admin access. Most organizations opt for a hardened jump server as a middle ground, where you can run your tools.

For RSAT tools, just run them as your admin account when needed. If you have to log into specific servers for admin tasks, do it with your admin account and log off when you’re done. Today, a lot of admin work is done via web portals, so it’s a mix now. But really, try to be specific about your needs when asking for advice—that’ll help you get better answers!

You can use the 'run-as' feature to handle things when you need admin permissions. It helps keep your workflow organized without switching accounts all the time.

I keep three accounts: a domain admin for specific permissions, my admin account with everything I need for daily tasks, and my regular user account for day-to-day logins. I do all my admin work through a dedicated jump server—that keeps things streamlined and secure.

I’d say stick to using your admin account for administrative tasks, and save your regular account for daily activities. For example, I know someone in marketing who has a standard user account that can't access AD or shut down VMs. You want your regular account to work that way too!

Whatever you do, don’t perform admin tasks directly from your main workstation. It's risky and can lead to security issues. Stick to your dedicated spaces for that kind of work.