User Account Control – Behavior of the Elevation Prompt for Standard Users

This is the same idea as our previous setting, but now we are talking about affecting UAC permissions for the majority of your users—anyone who is a Standard User. Default behavior is to prompt the user for administrative credentials, as we saw when I tried to open an elevated PowerShell window.

Here you will also find an option that says Prompt for credentials on the secure desktop. This setting changes the look and feel of the UAC prompt to something that is Windows-specific. This allows you to give a sense of assurance that the UAC prompt is really from Windows, and is not a fake prompt being presented by a malware application. The third option here is to Automatically deny elevation requests—if your intentions are to build a secure, locked-down desktop where users should not have to make system changes or install software, why even allow the prompt at all? Just default-deny anything that the user tries to do outside the scope of their standard user rights.

Let's give this one a shot and see what happens. I have incorporated Automatically deny elevation requests into my GPO and assigned it to my LAPTOP1 computer. When I log back in as a standard user and attempt to open that same elevated PowerShell prompt, I no longer receive the prompt for admin credentials. Instead, I get a message informing me that I have been blocked:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.91.196