Advice Request SuRun - anyone use it?

[ParaXY]

Maybe it is because I set UAC to high when it was still an admin account, and only later, I changed the account to standard user.

I tried creating a new account as an admin and then setting a PIN for the account. I then removed it from the admin group but every time I try to run something as an admin I am prompted for the password by default.

As far as i know, there's no safe way to do that just yet. I've heard of a workaround (if this is your case), to disable automatic login, and supposedly it will ask for a PIN and not a password, but i never tried it as it sounds strange. You could try, if it applies to you

P.S. Sorry i was replying to shmu26's message, and extending it by adding complexity to the PIN using the method from the link.

I wasn't referring to logging in with a PIN. I am trying to get UAC to (by default) always prompt me for a PIN so I don't have to click "More options" and then click the PIN option every time UAC prompts me. ;-)

Having UAC prompt me for a PIN by default would be AWESOME!!

Thanks for the link BTW, it is helpful!

 

[shmu26]

I tried creating a new account as an admin and then setting a PIN for the account. I then removed it from the admin group but every time I try to run something as an admin I am prompted for the password by default.



I wasn't referring to logging in with a PIN. I am trying to get UAC to (by default) always prompt me for a PIN so I don't have to click "More options" and then click the PIN option every time UAC prompts me. ;-)

Having UAC prompt me for a PIN by default would be AWESOME!!

Maybe ask on a Microsoft forum how to do it? I can't figure it out.
And let us know if there is an answer!

 

[Amelith Nargothrond]

I
I wasn't referring to logging in with a PIN. I am trying to get UAC to (by default) always prompt me for a PIN so I don't have to click "More options" and then click the PIN option every time UAC prompts me. ;-)

Having UAC prompt me for a PIN by default would be AWESOME!!

Thanks for the link BTW, it is helpful!

Well what do you know... It works, i just tried it. So this is what i did:
1. Created a user without admin privileges
2. Disabled automatic windows login
3. Logged in to this new user
4. Right-clicked in something, "run as admin"
5. It asked for the PIN, not the password (by default)

Is this what you are looking for?

 

[Amelith Nargothrond]

To disable automatic login:

1. press WINkey + R, type in "control userpasswords2" and hit ENTER
2. Make sure "User must enter a user name and password.." is ticked
3. Hit OK and log-in to the newly created user

 

[ParaXY]

Well what do you know... It works, i just tried it. So this is what i did:
1. Created a user without admin privileges
2. Disabled automatic windows login
3. Logged in to this new user
4. Right-clicked in something, "run as admin"
5. It asked for the PIN, not the password (by default)

Is this what you are looking for?

So just to clarify, you could enter the PIN without having to click "More choices" and then select the PIN method?

So when I am prompted:

This is what I am promtped with by default so I have to click "PIN" and then I get this:

and only now can I enter my PIN.

So the steps I have to go through to enter my PIN with UAC are as follows:

1. Run program as administrator
2. Click "More choices"
3. Click PIN
4. Then enter PIN and click ok

I am trying to configure it so that I am prompted for a PIN by default so I don't have to enter the steps above each and every time.

Hopefully that makes sense!

 

[Amelith Nargothrond]

So just to clarify, you could enter the PIN without having to click "More choices" and then select the PIN method?

So when I am prompted:

View attachment 144319

This is what I am promtped with by default so I have to click "PIN" and then I get this:

View attachment 144320

and only now can I enter my PIN.

So the steps I have to go through to enter my PIN with UAC are as follows:

1. Run program as administrator
2. Click "More choices"
3. Click PIN
4. Then enter PIN and click ok

I am trying to configure it so that I am prompted for a PIN by default so I don't have to enter the steps above each and every time.

Hopefully that makes sense!

It does, and yes, i am prompted for a PIN by default, not a password, IF you follow the steps from my previous post

 

[ParaXY]

To disable automatic login:

1. press WINkey + R, type in "control userpasswords2" and hit ENTER
2. Make sure "User must enter a user name and password.." is ticked
3. Hit OK and log-in to the newly created user

I already have this option set:

Is that what you were referring to in for your previous post?

 

[Amelith Nargothrond]

I already have this option set:

View attachment 144321

View attachment 144322

Is that what you were referring to in for your previous post?

OK, un-tick the option (enable it), restart, disable the option, log-in to the non-admin user, run as admin an app -> asks for a PIN. It works here.

 

[ParaXY]

OK, un-tick the option (enable it), restart, disable the option, log-in to the non-admin user, run as admin an app -> asks for a PIN. It works here.

Ok, tried that. Unticked options, rebooted and tried again but still got prompted for password by default even after selecting PIN every time I was prompted by UAC. I then ticked the options again, rebooted and tried again but still got prompted for password by default.

Glad it's working for you but no luck on this side so far! Will keep trying...

 

[Amelith Nargothrond]

Ok, tried that. Unticked options, rebooted and tried again but still got prompted for password by default even after selecting PIN every time I was prompted by UAC. I then ticked the options again, rebooted and tried again but still got prompted for password by default.

Glad it's working for you but no luck on this side so far! Will keep trying...

OK, another possible difference.. my main account is a microsoft account, is yours local?

This is how my default UAC prompt looks like (edited the account with More choices expanded - the second option edited as well):

 

[ParaXY]

Yes, I do use a local account so maybe thats why its working for you. Maybe the PIN as a default will only work for Microsoft accounts and not local accounts. Damn.

Thanks for checking this!

 

[Amelith Nargothrond]

Yes, I do use a local account so maybe thats why its working for you. Maybe the PIN as a default will only work for Microsoft accounts and not local accounts. Damn.

Thanks for checking this!

I'm not saying this is the reason it works here, just that this might be another difference that could count.

 

[ParaXY]

I'm not saying this is the reason it works here, just that this might be another difference that could count.

I've just done a test that confirms my suspicion! I added my Microsoft account to my local admin account and now when I login with my SUA account and run a program as an administrator I prompted (by default) to enter a PIN:

So maybe you just can't use a PIN as a default when logging in as a local account?

 

[Amelith Nargothrond]

I've just done a test that confirms my suspicion! I added my Microsoft account to my local admin account and now when I login with my SUA account and run a program as an administrator I prompted (by default) to enter a PIN:

View attachment 144323

So maybe you just can't use a PIN as a default when logging in as a local account?

There's your answer. Glad i could help.

 

[ParaXY]

While on the topic of authentication, has anyone used Windows 10 Hello? I am thinking of getting the Logitech Brio camera to use with Hello.

Can Hello be used with UAC? So can I use my face/Hello when prompted with UAC for admin credentials?

 

[Amelith Nargothrond]

While on the topic of authentication, has anyone used Windows 10 Hello? I am thinking of getting the Logitech Brio camera to use with Hello.

Can Hello be used with UAC? So can I use my face/Hello when prompted with UAC for admin credentials?

From SuRun, then PIN auth, and then Logitech Brio for Hello, neah, you're right on topic

 

[ParaXY]

From SuRun, then PIN auth, and then Hello, neah, you're right on topic

Heh! I have a test VM running currently so am experimenting with many options for my new secure build which will hopefully happen next month. Testing all this in a VM is so much easier than doing it on a rebuilt machine.

Windows 10 Hello has fascinated me from day one and now there seems to be a camera available that works with this feature so I am interested in finding out more about it, especially when it comes to UAC!

I am hoping to avoid using SuRun since I now have the PIN as an option when UAC prompts me. Also, this keeps things "third party free" which is one of my goals with this secure build. I'm aiming for a lean mean minimalistic build so the less I can install the better.

 

[shmu26]

There's your answer. Glad i could help.

I also use a microsoft account -- thanks, now I know why the PIN option works for me. Good to know.
I guess that is one of the little ways that M$ uses to push users into using a microsoft account.

 

[Amelith Nargothrond]

I also use a microsoft account -- thanks, now I know why the PIN option works for me. Good to know.
I guess that is one of the little ways that M$ uses to push users into using a microsoft account.

I didn't knew either, but was also curious
I actually like it. I have certain amount of PCs, it would be a pain to maintain each of them the same way, and the sync feature, using a MS account rocks. There are other advantages too, as well as disadvantages, like you just uploaded yourself to the cloud

This is a nice article about MS accounts: The Pros and Cons of Using a Microsoft Account with Windows