Advice Request Does this policy harden against UAC bypasses?

  • Thread starter ForgottenSeer 77194
  • Start date

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 77194

Thread author
Generally standard user accounts have stronger mitigations from uac bypasses than admin accounts.
This policy ( User Account Control: Admin Approval Mode for the Built-in Administrator account ) from this site claims:
"When the Admin Approval Mode is enabled, the local administrator account functions like a standard user account, but it has the ability to elevate privileges without logging on by using a different account"

Does it treat local administrator account as standard user account? Can someone test for uac bypasses?
 
  • Like
Reactions: oldschool and Andy Ful
F

ForgottenSeer 92963

Thread author
As far as I know, it enables UAC for the build-in administrator (which Vista had), meaning that processes run Medium Integrity Rights (like a Standard User), but when doing tasks requiring higher rights (admin rights) it will confirm to UAC settings of admin (by default showing UAC prompt). At that time (Vista) it was good practice to enable it. Windows 7 had the build-in admin account disabled by default.
 
Last edited by a moderator:
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Azriel said:
Generally standard user accounts have stronger mitigations from uac bypasses than admin accounts.
This policy ( User Account Control: Admin Approval Mode for the Built-in Administrator account ) from this site claims:
"When the Admin Approval Mode is enabled, the local administrator account functions like a standard user account, but it has the ability to elevate privileges without logging on by using a different account"

Does it treat local administrator account as standard user account? Can someone test for uac bypasses?
Click to expand...
The short answer is No.(y)
This works like Standard User Account but not exactly the same.
One of the risks that the UAC feature tries to mitigate is that of malicious software running under elevated credentials without the user or administrator being aware of its activity. An attack vector for malicious programs is to discover the password of the Administrator account because that user account was created for all installations of Windows. To address this risk, the built-in Administrator account is disabled in computers running at least Windows Vista.
Click to expand...


Remark.
The built-in Administrator account is disabled by default (from Windows Vista) on the client machines. Microsoft decided to install by default the normal Administrator account which behaves similarly as the built-in Administrator account + Admin Approval Mode.
 
Last edited:
  • Like
Reactions: oldschool and Gandalf_The_Grey

Similar threads

Ink
    • Like
    • +Reputation
Ubisoft clarifies it will not delete inactive accounts
Replies
0
Views
392
News Archive
Ink
Ink
SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
10,346
Other security for Windows, Mac, Linux
Warencom
W
vtqhtr413
    • Like
    • +Reputation
Guide | How To Factory Reset Windows 11 without a Password from the Login Screen
Replies
5
Views
1,180
Guides - Privacy & Security Tips
nickstar1
nickstar1

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top