Change How Windows Prompts for Admin Approval Mode

Windows 7, 8, and 10 user accounts that have administrative privileges function differently from previous Windows versions of admin accounts. Instead of giving full and unbridled access to all of the PC’s administrator accounts, these accounts behave as regular user accounts until an event that involves admin privileges pops up. The account is entering Admin Approval Mode at this stage, so that the user can authorize the action.

Windows 7/8/10 strikes a balance between security and usability, much improved over Windows Vista’s handling of admin approval. Fortunately, Microsoft allows to customize further how Admin Approval Mode operates on a PC.

You can upgrade or downgrade your PC security depending on where your computer is located and who uses it by changing how Windows 7/8/10 uses the Admin Approval Mode. You can read my post about how to turn off Admin Approval Mode, too.

Note: You must run a version of Pro or higher to access the Local Security Policy on a Windows computer. This will not work for editions running Windows Home, Home Premium or Starter.

Changing How Admin Approval Mode Works

To make changes to how the Admin Approval Mode operates on a Windows 7/8/10 PC, use an account with administrative rights to sign in to the operating system. Select Start – All Programs – Administrative Tools (Windows)-Local Security Policy.

Change How Windows Prompts for Admin Approval Mode

Test the Local Security Policy options window now.

Change How Windows Prompts for Admin Approval Mode

Click on the Local Policies tab in the left hand pane, and then on the Security Options folder. Locate a User Account Control option in the right pane: behavior of the Administrator Elevation Prompt in Admin Approval Mode.

Right click this option, then select Properties from the menu.

You will note that in the Properties window you have six choices in the drop down menu.

Below is a summary of every Admin Approval Mode elevation option.

Six Admin Approval Mode Options

Each of the six Admin Approval Mode options requires Windows to work differently when it comes to elevating the approval for applications and functions needing permission to run in the OS.

Notice that protected desktop is when the entire screen dims until the UAC prompt allows you to accept or reject the request. Check out my other article to see how UAC’s running.

Elevate Without Prompting

This choice is the most convenient but also the least secure. Whenever an application or function attempts to run that would normally require an administrator’s approval, the application or function would run automatically as if the approvals had already been provided to run.

This is not a wise choice, unless your PC is in a super secure location disconnected from the networks.

Prompt for Credentials on the Secure Desktop

The choice is better than the default setting. If an operation the needs an administrator’s permission comes up, Windows will automatically ask the user on the protected desktop for a username and password.

Prompt for Consent on the Secure Desktop

Windows would simply ask the user to authorize the action on the protected screen, rather than asking for a username and password like the option above.

Prompt for Credentials

This method works similar to the Secure Desktop’s Prompt for Credentials option above, except that the user types in the username and password without the secure desktop’s added security.

Prompt for Consent

Like the above option titled Prompt for Consent on the Secure Desktop, this option simply asks the user to authorize the action but does so without the secure desktop’s added security.

Prompt for Consent for non-Windows Binaries

This is the default Mode of Approval for Admin. Users are expected to agree to an action with this option only if it requires approval, and is not a checked or functional Windows action.

Binaries are merely executable code compiled associated with software or programs. Second only to the above option Elevate without Prompting, this is one of the most liberal choices in Admin Approval Mode.

Windows strikes a good balance between security and an uninterrupted desktop experience, but still allows you to further configure how you agree to acts requiring approval by the administration.

Through modifying the Admin Approval Mode options, you can create a personalized operating system environment that allows you to increase or decrease safety depending on your personal administrative security needs.


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button