Hi,
I know that it is better for security to make a non-admin user on Windows and use that user for daily driving.
However i recently stumbled upon another solution - when using the admin account to need pin for the UAC - this setting is changed in Local Policies “User account control: Behavior of the elevation prompt for administrators in Admin Approval Mode” - “Prompt for Credentials on the Secure Desktop”
This will enable requiring a password on a UAC prompt for administrators
My question is - will this setting make my administrator account safe to use or should i stick to using non-admin accounts? Are there any security benefits of non-admin users in comparison to this solution?
My guess is, that from a security standpoint it’s Standard User + Admin in admin approval mode > Standard User + Admin > Admin in admin approval mode > Admin.
I don’t fully remember how admin approval mode handles admin token creation, but I’m sure windows docs or someone more knowledgable here can help you with that one.
The advantage of this is that you are a non-privileged user and while priviledge escalation is a thing, having to need 1 more exploit in a complex exploit chain will always be good. Because sometimes the exploit chain will not always work because because not all people have standard workflow and use case.
Just to get this out of the way, UAC provides no real security at all unless it is raised from its default level to “Always notify” in the control panel. Make sure you have done that:
To answer your question, the only real security benefit to requiring a password is that it makes accidental approvals less likely.
UAC is not as foolproof as using a standard account. If everything worked perfectly then UAC alone would be fine, but there are occasionally UAC bypasses, and historically they usually only work if your account is in the Administrators group, so it is still best practice to use a standard account.
I definitely would not trust Microsoft to make software where everything worked perfectly
