Adjusting the User Account Control Settings for Non-Administrators in Windows 11

|

|

This article outlines how to modify the behavior of the elevated prompt for Standard users in Windows 11 using the User Account Control (UAC) feature. It provides methods to allow regular users to execute programs that require administrative privileges, including the use of the Local Security Policy Editor and the Windows Registry Editor. Different options…

This article explains how to change the behavior of the elevated prompt for Standard users in Windows 11.

Windows comes with User Account Control (UAC) feature that helps prevent potentially harmful programs from changing your computer. For example, suppose a user who is not an administrator tries to run a program requiring administrator privileges. In that case, it prompts the user to supply administrative credentials for the program.

As a security best practice, standard users shouldn’t know administrative passwords. However, you can allow regular users to run programs requiring administrative privileges in multiple ways; we will show you how to control that below.

As described above, Windows lets you change the behavior of the elevated prompt for standard users. Therefore, this policy determines the behavior of the elevation prompt for regular users.

Here are possible options you can select:

  • Automatically deny elevation requests
    • This option returns an Access denied error message to standard users when they try to perform an operation that requires elevation of privilege. Most organizations that run desktops as standard users configure this policy to reduce help desk calls.
  • Prompt for credentials on the secure desktop
    • When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different username and password. If the user enters valid credentials, the operation continues with the applicable privilege.
  • Prompt for credentials (default)
    • An operation that requires elevation of privilege prompts the user to type an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. This is the default value.

Change the behavior of the elevated prompt using the Local Security Policy Editor

Use the steps below to change the UAC behavior for standard users via the Local Security Policy (secpol.msc)

First, open the Local Security Policy Editor.

Then expand the following folders Local Policies -> Security Options.

Local Policies -> Security Options

Next, click on the Security Options folder on the left panel, and double-click the setting on the right called “User Account Control: Behavior of the elevation prompt for standard users” to open.

Windows allow domain users to use biometrics to log on

When the setting window opens, select one of the options:

  • Automatically deny elevation requests.
  • Prompt for credentials on the secure desktop.
  • Prompt for credentials.
Change the behavior of the elevated prompt for standard users in Windows 11
Windows allow domain users to use windows hello biometrics

Save your settings and restart your computer for the changes to apply.

Change UAC behavior for standard users via Windows Registry Editor

Yet another way to change the UAC behavior for standard users in Windows is to use the Windows Registry Editor.

If you can’t open the Local Security Policy Editor, use the Windows Registry editor instead.

Open the Windows Registry, and navigate to the folder key path below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

If you don’t see the System folder key, right-click on the Policies key, then create the subkey (System) folders.

Change the UAC behavior for standard users via registry
Windows allows the use of biometrics windows registry

Right-click the System folder key’s right pane and select New -> DWORD (32-bit) Value. Type a new key named ConsentPromptBehaviorUser.

Double-click the new key item name (ConsentPromptBehaviorUser) and make sure the Base option is Decimal, and then update the Value data, making sure you keep your existing value:

  • Automatically deny elevated requests. Type 0.
  • Prompt for credentials on the secure desktop. Type 1.
  • Prompt for credentials. Type 3
Change the behavior of the elevated prompt for standard users
Windows allows the use of biometrics windows registry value data updated

Save your changes and restart your computer.

That should do it!

Reference:

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users

Conclusion:

This post showed you how to change the behavior of the elevated prompt for standard users in Windows 11. If you find any errors above or have something to add, please use the comment form below.

Like this:



One response to “Adjusting the User Account Control Settings for Non-Administrators in Windows 11”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.