Serious Discussion What Are the Advantages of Standard Account Over Administrator Account?

[Victor M]

I use SpynetGirl's tool instead of WDAC Wizard. Earlier versions has a problem generating the cip when used repetitively, such that you need to quit the app and restart it. But in the later versions I did not encounter that again. I would say it is a good tool. It is under constant development as of now, whereas Wizard has not seen development in 2 months. It is much much faster than Wizard at generating cip files.

The dynamic code feature is included in the xml files generated by SpynetGirl's app, so I did not see it before. It was transparent to me.

 

[Parkinsond]

The dynamic code feature is included in the xml files generated by SpynetGirl's app, so I did not see it before. It was transparent to me

It is the first time to include it in the policy; was skipping before, to avoid any potential conflicts.
But I thought it may help with dll sideloading; however, Andy told me it will not.

 

[Victor M]

@Parkinsond Well, every xml generated by her app includes that option. So I was using it all along with out knowing. You should try it.
Since her tool is much much faster than Wizard, it won't take half an hour to redo your policies. Plus folder scans work correctly, unlike Wizard.

 

[Parkinsond]

@Parkinsond Well, every xml generated by her app includes that option. So I was using it all along with out knowing. You should try it.
Since her tool is much much faster than Wizard, it won't take half an hour to redo your policies. Plus folder scans work correctly, unlike Wizard.

I may try this tool.
Wizard is not slow; if I exclude the blocklists from the policy, it creates it in few seconds, but this leaves the policy bypassable.
Years ago, it was running fine and including the blocklists without failure.

 

[DDE_Server]

Can they if the user of standard account responded to the prompt after run as admin by ok after filling the password?

if you are using Microsoft Baseline, this functionality is disabled by the GPO setting (below is an example I have tried to run CMD using run as administrator using my standard account)

 

[Andy Ful]

So when the user of standard account do that, it is like doing the same from admin account!

It is not. Many UAC bypasses did not work on SUA and did not trigger the UAC prompt.
The most restrictive UAC setting on SUA can prevent even the UAC credential prompt and allows process elevation only on the Admin accounts.

 

[lokamoka820]

Can I fully manage my device and apps from SUA, or do I need to switch to an administrator account for some tasks?