Advice Request Does this policy harden against UAC bypasses?

  • Thread starter ForgottenSeer 77194
  • Start date

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 77194

Thread author
Generally standard user accounts have stronger mitigations from uac bypasses than admin accounts.
This policy ( User Account Control: Admin Approval Mode for the Built-in Administrator account ) from this site claims:
"When the Admin Approval Mode is enabled, the local administrator account functions like a standard user account, but it has the ability to elevate privileges without logging on by using a different account"

Does it treat local administrator account as standard user account? Can someone test for uac bypasses?
 
  • Like
Reactions: oldschool and Andy Ful
F

ForgottenSeer 92963

Thread author
As far as I know, it enables UAC for the build-in administrator (which Vista had), meaning that processes run Medium Integrity Rights (like a Standard User), but when doing tasks requiring higher rights (admin rights) it will confirm to UAC settings of admin (by default showing UAC prompt). At that time (Vista) it was good practice to enable it. Windows 7 had the build-in admin account disabled by default.
 
Last edited by a moderator:
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,499
Azriel said:
Generally standard user accounts have stronger mitigations from uac bypasses than admin accounts.
This policy ( User Account Control: Admin Approval Mode for the Built-in Administrator account ) from this site claims:
"When the Admin Approval Mode is enabled, the local administrator account functions like a standard user account, but it has the ability to elevate privileges without logging on by using a different account"

Does it treat local administrator account as standard user account? Can someone test for uac bypasses?
Click to expand...
The short answer is No.(y)
This works like Standard User Account but not exactly the same.
One of the risks that the UAC feature tries to mitigate is that of malicious software running under elevated credentials without the user or administrator being aware of its activity. An attack vector for malicious programs is to discover the password of the Administrator account because that user account was created for all installations of Windows. To address this risk, the built-in Administrator account is disabled in computers running at least Windows Vista.
Click to expand...


Remark.
The built-in Administrator account is disabled by default (from Windows Vista) on the client machines. Microsoft decided to install by default the normal Administrator account which behaves similarly as the built-in Administrator account + Admin Approval Mode.
 
Last edited:
  • Like
Reactions: oldschool and Gandalf_The_Grey

Similar threads

SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
13,794
Other security for Windows, Mac, Linux
Warencom
W
Trident
    • Like
    • +Reputation
    • Hundred Points
Serious Discussion Harmony Endpoint by Check Point
Replies
685
Views
58,651
Other security for Windows, Mac, Linux
simmerskool
simmerskool
Trident
    • Like
    • Applause
    • +Reputation
  • Poll
Serious Discussion Pre-execution vs post-execution protections explained
Replies
6
Views
1,054
General Security Discussions
Trident
Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top