Windows 10 make UAC always require password

8

5

I want to make my UAC to always require admin password. I seen some tutorials for windows 7, and with gpedit, however I have home version and gpedit is not included and I couldn't find any tutorial without it. Is it possible to do it through regedit?

vakus

Posted 2016-06-05T15:42:56.017

Reputation: 360

Are you signed in as an admin? – TheKB – 2016-06-05T16:07:03.913

1Yes however I want to force asking for password even for admin because I am running teamviewer and I want to make sure that even in case someone would get into control he would need to know admin password – vakus – 2016-06-05T16:09:09.643

Have you tried the .reg files available here?

– TheKB – 2016-06-05T16:13:49.300

I didn't found this site before, but I checked it now and it's working – vakus – 2016-06-05T16:18:55.513

Do you mind if I post it as an answer? – TheKB – 2016-06-05T16:31:16.707

How you add gpedit to Home versions of Windows is well documented there is even a question with an answer that explains in detail how to do it. – Ramhound – 2016-06-05T17:19:59.057

Do you have secpol.msc ("Local Security Policy")? It contains the relevant portion of the Group Policy editor, but not most of the rest. It's present on Windows RT (the crippled ARM-only version of Win8); I'd be surprised if it's not on Win10 Home. – CBHacking – 2016-12-23T20:41:30.907

@CBHacking I just tried to run secpol.msc and I got message that it can not be found – vakus – 2016-12-23T23:08:27.470

Sad, guess it's missing from Home edition then. I'm mildly curious if it would work if you copied it from a higher edition (Pro, Education, Enterprise, anything Server, etc.) since I'm pretty sure Home has mmc.exe (and if it doesn't, maybe you could copy that...) but the direct registry edit works fine, too. – CBHacking – 2016-12-24T11:18:19.753

@CBHacking I believe it is possible, however I didn't wanted to modify system's files as the machine that I own is under warranty which disallows me to modify system files etc. – vakus – 2016-12-24T12:00:57.543

Copy unmodified files from one machine to another hardly counts as "modifying system files", and most warranties cannot prohibit you from such modifications regardless (at least in the US) but it sounds like you've solved the issue regardless. – CBHacking – 2016-12-25T09:53:37.423

Answers

18

This is controlled by the registry entry here:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

And you want the value of:

"ConsentPromptBehaviorAdmin"=dword:00000001

Source

ConsentPromptBehaviorAdmin's value reference

TheKB

Posted 2016-06-05T15:42:56.017

Reputation: 813

1

An even simpler or easier way is once you find the Value name: block, "ConsentPromptBehaviorAdmin" go to the block below which is Value data: and change the number to a "1". It gives you the same result.

ConsentPromptBehaviorAdmin

This key defines the User Account Control behavior for system administrators. The default value is set to prompt but do not require credentials to be entered. Here are all possible values:

  • 0: A value of 0 allows administrators to perform operations that require elevation without consent (meaning prompts) or credentials (meaning authentication).
  • 1: A value of 1 requires the admin to enter username and password when operations require elevated privileges on a secure desktop.
  • 2: The value of 2 displays the UAC prompt that needs to be permitted or denied on a secure desktop. No authentication is required.
  • 3: A value of 3 prompts for credentials.
  • 4: A value of 4 prompts for consent by displaying the UAC prompt.
  • 5: The default value of 5 prompts for consent for non-Windows binaries.

T. Jefferson

Posted 2016-06-05T15:42:56.017

Reputation: 21

1

You can paste this snippet into an Administrative PowerShell prompt:

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 1

The Set-ItemProperty command is essentially used to change values of registries. The rest of the parameters of the prompt are relatively intuitive, but I'll go through the rest.

As seen in other answers/responses, the path of the registry (can also be accessed with regedit) is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - but in this case HKEY_LOCAL_MACHINE is shortened to HKLM and appended with :. So in order to access the registry, we use the -Path option (or flag) to note that the following string (surrounded by quotes ") is the desired path of the registry we want to update.

The next option we need to pass is -Name. Which (you guessed it) is for the name of the value we want to update. So now naturally we pass in the value "ConsentPromptBehaviorAdmin". The quotes are necessary because the -Name option expects a string value.

Finally, we set the -Value value to 1. Which by the Windows 10 operating system interprets this as: "Let's basically just always ask for administrative permission for administrative tasks."

Or in their words:

This option prompts the Consent Admin to enter his or her user name and password (or another valid admin) when an operation requires elevation of privilege. This operation occurs on the secure desktop.

Source for registry details: Microsoft docs.

luckeyelijah

Posted 2016-06-05T15:42:56.017

Reputation: 31

This is basically a copy of the accepted answer but using Powershell. – CaldeiraG – 2020-01-16T13:14:58.233

1Similar content, yes. But definitely a different method to achieve the desired result. @CaldeiraG, I would suggest this is a fully appropriate answer since it contributes to the discussion. – luckeyelijah – 2020-01-16T14:51:30.587

Asked: 2016-06-05T15:42:56.017

Viewed: 12 233 times

Active: 2020-01-15T23:14:05.263