This article explains how to change the behavior of the elevated prompt for Standard users in Windows 11.
Windows comes with User Account Control (UAC) feature that helps prevent potentially harmful programs from changing your computer. For example, suppose a user who is not an administrator tries to run a program requiring administrator privileges. In that case, it prompts the user to supply administrative credentials for the program.
As a security best practice, standard users shouldn’t know administrative passwords. However, you can allow regular users to run programs requiring administrative privileges in multiple ways; we will show you how to control that below.
As described above, Windows lets you change the behavior of the elevated prompt for standard users. Therefore, this policy determines the behavior of the elevation prompt for regular users.
Here are possible options you can select:
- Automatically deny elevation requests
- This option returns an Access denied error message to standard users when they try to perform an operation that requires elevation of privilege. Most organizations that run desktops as standard users configure this policy to reduce help desk calls.
- Prompt for credentials on the secure desktop
- When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different username and password. If the user enters valid credentials, the operation continues with the applicable privilege.
- Prompt for credentials (default)
- An operation that requires elevation of privilege prompts the user to type an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. This is the default value.
Change the behavior of the elevated prompt using the Local Security Policy Editor
Use the steps below to change the UAC behavior for standard users via the Local Security Policy (secpol.msc)
First, open the Local Security Policy Editor.
Then expand the following folders Local Policies -> Security Options.
Local Policies -> Security Options
Next, click on the Security Options folder on the left panel, and double-click the setting on the right called “User Account Control: Behavior of the elevation prompt for standard users” to open.
When the setting window opens, select one of the options:
- Automatically deny elevation requests.
- Prompt for credentials on the secure desktop.
- Prompt for credentials.
Save your settings and restart your computer for the changes to apply.
Change UAC behavior for standard users via Windows Registry Editor
Yet another way to change the UAC behavior for standard users in Windows is to use the Windows Registry Editor.
If you can’t open the Local Security Policy Editor, use the Windows Registry editor instead.
Open the Windows Registry, and navigate to the folder key path below.
If you don’t see the System folder key, right-click on the Policies key, then create the subkey (System) folders.
Right-click the System folder key’s right pane and select New -> DWORD (32-bit) Value. Type a new key named ConsentPromptBehaviorUser.
Double-click the new key item name (ConsentPromptBehaviorUser) and make sure the Base option is Decimal, and then update the Value data, making sure you keep your existing value:
- Automatically deny elevated requests. Type 0.
- Prompt for credentials on the secure desktop. Type 1.
- Prompt for credentials. Type 3
Save your changes and restart your computer.
That should do it!
This post showed you how to change the behavior of the elevated prompt for standard users in Windows 11. If you find any errors above or have something to add, please use the comment form below.