User Account Control: Admin Approval Mode for the Built-in Administrator accountID: oval:org.secpod.oval:def:35276 | Date: (C)2016-06-10 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
The options are:
* Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
* Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
Counter Measure:
Enable the User Account Control: Admin Approval Mode for the Built-in Administrator account setting if you have the built-in Administrator account enabled.
Potential Impact:
Users that log on using the local Administrator account will be prompted for consent whenever a program requests an elevation in privilege.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account
(2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System!FilterAdministratorToken
Platform: |
Microsoft Windows 10 |