[/symple_box]
Many Windows users use their Account with Administrator right almost the entire time, but forget that this is a quite dangerous thing to do.
Windows does prompt if you want to run a program in Elevated Prompt but that’s all (If you haven’t disabled it). There is no check if the person asking this is really you. This is making your system and especially your portable devices very vulnerable for exploiting. People can foe example do these things, if you ever forget to lock your system:
- Change your password trough Elevated Command Prompt
- Install key loggers with Administrator rights
- Install malicious or illegal software.
The best thing to do is to let Windows ask for your Administrator account password before any changes can be made, you can enable this two ways. I suggest you use method 1.
Method 1: Enabling trough SecPol.msc
1. Press the Windows + R key’s on your keyboard at the same time.
2. A “Run” window will appear, type Secpol.msc in the box and hit enter.
If you get an error file not found then execute method 2.
3. Open Local Policies
4. Open Security Options
5. Double-click User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode and change it to prompt for credentials on the secure desktop
6. Close Secpol. The changes you made are applied instantaneously, all future Elevation requests will need you to enter an Administrator username and password.
The text under step 5 is different for Windows versions. Windows 8 and 10 show Enable instead of prompt for credentials on the secure desktop
Method 2: Enabling trough Windows Registry
[symple_box color=”yellow” fade_in=”false” float=”center” text_align=”left” width=””] WARNING: Changing Windows Registry settings can make your system unusable if done wrong. Please follow every step very carefully and stop if you believe you doing this wrong.[/symple_box]
1. Press the Windows + R key’s on your keyboard at the same time.
2. A “Run” window will appear, type Regedit.exe in the box and hit enter.
3. Open the following folders: HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft, Windows, CurrentVersion, Policies, System
4. Double-click on ConsentPromptBehaviorAdmin and change it’s value to 1.
5. Click on OK, the settings should have been applied instantaneously.
If you ever decide to want it disabled then change the value back to 5.
2 Comments