Let UAC Ask for Administrator Password

[symple_box color=”red” fade_in=”false” float=”center” text_align=”left” width=””] Please read: Windows 7 Home Editions and Starter edition do not include secpol.msc and cannot use the first method. Please read method 2 if you are running a Starter or Home XXXX version.
[/symple_box]

Many Windows users use their Account with Administrator right almost the entire time, but forget that this is a quite dangerous thing to do.

Windows does prompt if you want to run a program in Elevated Prompt but that’s all (If you haven’t disabled it). There is no check if the person asking this is really you. This is making your system and especially your portable devices very vulnerable for exploiting. People can foe example do these things, if you ever forget to lock your system:

  • Change your password trough Elevated Command Prompt
  • Install key loggers with Administrator rights
  • Install malicious or illegal software.

The best thing to do is to let Windows ask for your Administrator account password before any changes can be made, you can enable this two ways. I suggest you use method 1.

 

Method 1: Enabling trough SecPol.msc

1. Press the Windows + R key’s on your keyboard at the same time.

2. A “Run” window will appear, type Secpol.msc in the box and hit enter.

If you get an error file not found then execute method 2.

3. Open Local Policies

4. Open Security Options

5. Double-click User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode and change it to prompt for credentials on the secure desktop

Secpol: Enable UAC Password
Secpol: Enable UAC Password

6. Close Secpol. The changes you made are applied instantaneously, all future Elevation requests will need you to enter an Administrator username and password.

The text under step 5 is different for Windows versions. Windows 8 and 10 show Enable instead of prompt for credentials on the secure desktop

Method 2: Enabling trough Windows Registry

[symple_box color=”yellow” fade_in=”false” float=”center” text_align=”left” width=””] WARNING: Changing Windows Registry settings can make your system unusable if done wrong. Please follow every step very carefully and stop if you believe you doing this wrong.
[/symple_box]

1. Press the Windows + R key’s on your keyboard at the same time.

2. A “Run” window will appear, type Regedit.exe in the box and hit enter.

3. Open the following folders: HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft, Windows, CurrentVersion, Policies, System 

4. Double-click on ConsentPromptBehaviorAdmin and change it’s value to 1.

5. Click on OK, the settings should have been applied instantaneously.

Registry: ConsentPromptBehaviorAdmin
Registry: ConsentPromptBehaviorAdmin

If you ever decide to want it disabled then change the value back to 5.

 

Yuri Pustjens
About the Author

2014, 2015, 2016, 2017 and 2018 Microsoft Most Valuable Professional Windows
Yuri specializes in troubleshooting (crash analysis and devices), system resource utilisation and system performance. He is also very interested in Customer Security. Yuri can be found as Windows Community Moderator and Wiki Author on Microsoft Answers and is active on different communities all across the web.

2 comments

  1. UAC PROMPTS ARE ON THE SECURE DESKTOP. NEıther malıcıous codes/progrrams nor useful codes/programs cannot access/approve to the secure desktop. only you (and -if you enable- remote desktop users) can access/approve to the secure desktop.

Leave a Reply

Your email address will not be published. Required fields are marked *