Rather than giving administrative accounts complete and unbridled access to everything on the PC, these accounts operate as normal user accounts until an action requiring admin privileges pops up. If the user approves the action, then the account enters Admin Approval Mode. ..
Windows 7 and 8 offer a more balanced approach to security and usability, with the ability to customize how Admin Approval Mode works on a PC. This makes it easier for users to get the approval they need without sacrificing security. ..
Windows 7/8/10 uses Admin Approval Mode to upgrade or downgrade your PC security. You can turn this off by changing how Windows 7/8/10 uses it.
To access Local Security Policy on a Windows computer, you must be running a Pro version or higher. This will not work for Windows Home, Home Premium or Starter editions. To get Local Security Policy on your computer, you must first be running a Pro version of Windows.
Changing How Admin Approval Mode Works
In the Local Security Policy window, expand the System section and click on the Security tab. In the Security Settings dialog box, click on the Add button and enter “Admin Approval Mode” into the text field. Click on OK to add the new setting to the policy.
The Local Security Policy window is a tool that you can use to configure the security settings for your computer. This window includes options for setting up authentication and access control, as well as managing your computer’s security settings.
In the left hand pane, click on the folder titled Local Policies and then on the folder labeled Security Options. Locate an option in the right hand pane titled User Account Control: Behavior of the Elevation Prompt for Administrators in Admin Approval Mode. This policy setting determines how administrators are prompted for elevation when they attempt to perform an administrative task. The options are as follows:
- Do not prompt for elevation. This is the default setting.
- Prompt for elevation if required to continue. This is the default setting if you are logged on as a standard user.
- Always prompt for elevation. This is the default setting if you are logged on as an administrator or a member of the Administrators group. ..
Right-click on this option and choose Properties from the menu.
- Choose “My Documents” to open the default document library for your computer.
- Choose “My Pictures” to open the default picture library for your computer.
- Choose “My Videos” to open the default video library for your computer.
- Choose “My Music” to open the default music library for your computer.
- Choose “My Books” to open the default book library for your computer.
-The administrator can approve or deny requests for elevation. -If the administrator denies a request for elevation, the user cannot elevate their privileges. -If the administrator approves a request for elevation, the user is automatically elevated to the privileged role. ..
Six Admin Approval Mode Options
Each of the six Admin Approval Mode Options forces Windows to operate differently when it comes to granting approval for applications and functions that require approval to run in the operating system. ..
Secure Desktop is a feature that makes it difficult for unauthorized users to access your computer. This feature is available in Windows 10 and Windows 8.1. To use secure desktop, you must accept the UAC prompt.
Elevate Without Prompting
This is the least convenient option, but also most secure option. Whenever an application or function tries to run that would normally require approval from an administrator, the application or function will not run automatically, but will instead prompt the user for permission to run. ..
This is not a wise choice if your PC is connected to the internet.
Prompt for Credentials on the Secure Desktop
This setting is more secure than the default setting. Whenever an action pops up requiring approval from an admin, Windows will actually prompt the user for a username and password on the secure desktop.
Prompt for Consent on the Secure Desktop
If you approve the action, Windows will then ask for your username and password.
Prompt for Credentials
This option allows the user to input their username and password without having to worry about the security of the secure desktop.
Prompt for Consent
This option is similar to the one titled Prompt for Consent on the Secure Desktop, but it asks the user to approve the action without the added security of the secure desktop.
Prompt for Consent for non-Windows Binaries
This is the default Administrator Approval Mode setting. With this setting, users are required to consent to an action only if it requires approval and is not a verified Windows action or executable.
Binaries are simply compiled executable code, just like applications or programs. This is one of the most liberal Admin Approval Mode options, which allows binaries to be installed without needing administrator approval. ..
Windows strikes a good balance between security and an uninterrupted computing experience while still allowing you to further customize how you consent to actions that require admin approval. ..
By altering the Admin Approval Mode options, you can create a customized operating system environment that allows you to increase or decrease security depending on your personal need for administrative security.