Let UAC Ask for Administrator Password

Please read: Windows 7 Home Editions and Starter edition do not include secpol.msc and cannot use the first method. Please read method 2 if you are running a Starter or Home XXXX version.

Many Windows users use their Account with Administrator right almost the entire time, but forget that this is a quite dangerous thing to do.

Windows does prompt if you want to run a program in Elevated Prompt but that’s all (If you haven’t disabled it). There is no check if the person asking this is really you. This is making your system and especially your portable devices very vulnerable for exploiting. People can foe example do these things, if you ever forget to lock your system:

  • Change your password trough Elevated Command Prompt
  • Install key loggers with Administrator rights
  • Install malicious or illegal software.

The best thing to do is to let Windows ask for your Administrator account password before any changes can be made, you can enable this two ways. I suggest you use method 1.


Method 1: Enabling trough SecPol.msc

1. Press the Windows + R key’s on your keyboard at the same time.

2. A “Run” window will appear, type Secpol.msc in the box and hit enter.

If you get an error file not found then execute method 2.

3. Open Local Policies

4. Open Security Options

5. Double-click User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode and change it to prompt for credentials on the secure desktop

Secpol: Enable UAC Password Let UAC Ask for Administrator Password Let UAC Ask for Administrator Password

Secpol: Enable UAC Password

6. Close Secpol. The changes you made are applied instantaneously, all future Elevation requests will need you to enter an Administrator username and password.

The text under step 5 is different for Windows versions. Windows 8 and 10 show Enable instead of prompt for credentials on the secure desktop

Method 2: Enabling trough Windows Registry

WARNING: Changing Windows Registry settings can make your system unusable if done wrong. Please follow every step very carefully and stop if you believe you doing this wrong.

1. Press the Windows + R key’s on your keyboard at the same time.

2. A “Run” window will appear, type Regedit.exe in the box and hit enter.

3. Open the following folders: HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft, Windows, CurrentVersion, Policies, System 

4. Double-click on ConsentPromptBehaviorAdmin and change it’s value to 1.

5. Click on OK, the settings should have been applied instantaneously.

Registry: ConsentPromptBehaviorAdmin Let UAC Ask for Administrator Password Let UAC Ask for Administrator Password

Registry: ConsentPromptBehaviorAdmin

If you ever decide to want it disabled then change the value back to 5.


What's your reaction?
Solved it!
Helped me
Didn't work
Inaccurate Information
About The Author
Yuri Pustjens
Yuri Pustjens
2014, 2015 & 2016 Microsoft Most Valuable Professional Windows Yuri specializes in troubleshooting (crash analysis and devices), system resource utilisation and system performance. He is also very interested in Customer Security. Yuri can be found as Windows Community Moderator and Wiki Author on Microsoft Answers and is active on different communities all across the web.
Leave a response
  • Yuri Pustjens
    January 22, 2015 at 10:23 pm


    Thats what we said in the article. We said for situations where you forget to lock your desktop. However we always appreciate comments.

  • visitor
    January 22, 2015 at 1:21 pm

    UAC PROMPTS ARE ON THE SECURE DESKTOP. NEıther malıcıous codes/progrrams nor useful codes/programs cannot access/approve to the secure desktop. only you (and -if you enable- remote desktop users) can access/approve to the secure desktop.

Leave a Response