Should my IT provider be able to run commands without asking?

Only inside a boundary you set. The healthy model is owner-governed: routine, safe fixes happen automatically inside a list you authorized, anything outside it needs a human decision, and every action is logged. The issue is not whether they ever act, but who sets the boundary and whether you can see what was done.

Why is standing admin access by a vendor risky?

It is exactly what an attacker wants - if the vendor account is compromised, the attacker can run commands on your systems too. Ungoverned access is also unaccountable: without a log, "what changed?" has no answer. And a bad command run everywhere is far worse than one that was gated and logged.

How do I set boundaries on what my IT provider can do?

Ask what they can run on your systems without asking, what is automated and whether you approved it, and where the log of their actions lives. Then move to an allowlist you authorize, automation off by default, and full logging. A glass-box provider already operates this way.

Should your IT provider run commands on your computers without asking?

6 min read · Published 2026-06-29 

remote accesspermissionsvendor controlsecuritydental it

Should your IT provider run commands on your computers without asking?

Not without a boundary you set. Most IT providers hold standing administrative access that lets them run essentially anything on your systems, at any time, often without a record you can see. The better model is owner-governed action: routine, well-understood fixes happen automatically inside a list you authorized, anything outside that list requires a human decision, and every action is logged. The question is not "should they ever act" - it is "who sets the boundary, and can you see what happened."

The default most practices live with

The unspoken default is a vendor with always-on admin rights and broad remote access, free to execute commands on your server and workstations as they see fit. Sometimes that is fine and convenient. The problem is that it is ungoverned and invisible: you did not define what they may do, and you cannot easily see what they did. That is a lot of standing power over the systems that hold your patient data.

Why ungoverned remote execution is a risk

Security. Standing admin access is exactly what an attacker wants. If the vendor's account is compromised, the attacker can run commands too. (See is my IT vendor my biggest security risk?)
Accountability. If no one logs what was run, "what changed?" has no answer but the vendor's memory.
Scale of mistakes. A bad command run across every machine is a bad day; the same command gated and logged is a caught mistake.

The better model: owner-governed action

Action is not the enemy - ungoverned action is. A healthy setup looks like this:

An allowlist you authorize. Specific, safe actions are permitted - for example, "may restart the Dentrix service" - and sensitive systems are excluded.
Off by default. Nothing automated happens until you turn it on. (See why auto-remediation should be off by default.)
Everything logged. Every action is recorded, attributable, and visible to you. (See how to audit what your IT company can see.)
Humans for the rest. Anything outside the authorized scope is a decision, not a default.

How to set the boundary with your provider

Ask: what can you run on my systems right now, without asking? What is automated, and did I approve the list? Where is the log of what you have done? If the honest answers are "anything," "nothing is written down," and "there is no log," that is the boundary to fix. A glass-box provider already works this way. (See what glass-box IT means.)

Should your IT provider run commands on your computers without asking?

The default most practices live with

Why ungoverned remote execution is a risk

The better model: owner-governed action

How to set the boundary with your provider

Related