mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 20:33:42 +00:00
updated default value for Prompt for credentials
This commit is contained in:
Paolo Matarazzo
@ -1,60 +1,51 @@
|
||||
---
|
||||
title: Behavior of the elevation prompt for standard users (Windows 10)
|
||||
title: Behavior of the elevation prompt for standard users
|
||||
description: Learn about best practices, security considerations, and more for the policy setting, User Account Control Behavior of the elevation prompt for standard users.
|
||||
ms.assetid: 1eae7def-8f6c-43b6-9474-23911fdc01ba
|
||||
ms.reviewer:
|
||||
ms.author: vinpa
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: vinaypamnani-msft
|
||||
manager: aaroncz
|
||||
audience: ITPro
|
||||
ms.topic: conceptual
|
||||
ms.date: 10/11/2021
|
||||
ms.date: 01/18/2023
|
||||
ms.technology: itpro-security
|
||||
---
|
||||
|
||||
# User Account Control: Behavior of the elevation prompt for standard users
|
||||
|
||||
**Applies to**
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values, policy management and security considerations for the **User Account Control: Behavior of the elevation prompt for standard users** security policy setting.
|
||||
|
||||
## Reference
|
||||
|
||||
This policy setting determines the behavior of the elevation prompt for standard users.
|
||||
|
||||
### Possible values
|
||||
## Possible values
|
||||
|
||||
- **Automatically deny elevation requests**
|
||||
- **Automatically deny elevation requests**
|
||||
|
||||
This option returns an “Access denied” error message to standard users when they try to perform an operation that requires elevation of privilege. Most organizations that run desktops as standard users configure this policy to reduce Help Desk calls.
|
||||
This option returns an *Access denied* error message to standard users when they try to perform an operation that requires elevation of privilege. Most organizations that run desktops as standard users configure this policy to reduce help desk calls.
|
||||
|
||||
- **Prompt for credentials on the secure desktop**
|
||||
- **Prompt for credentials on the secure desktop**
|
||||
|
||||
This prompt for credentials is the default. When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
|
||||
When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
|
||||
|
||||
- **Prompt for credentials**
|
||||
- **Prompt for credentials**
|
||||
|
||||
An operation that requires elevation of privilege prompts the user to type an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
|
||||
An operation that requires elevation of privilege prompts the user to type an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. This is the default value.
|
||||
|
||||
### Best practices
|
||||
## Best practices
|
||||
|
||||
1. Configure the **User Account Control: Behavior of the elevation prompt for standard users** to **Automatically deny elevation requests**. This setting requires the user to sign in with an administrative account to run programs that require elevation of privilege.
|
||||
2. As a security best practice, standard users shouldn't have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials on the secure desktop** so that the users don't choose to always sign in with their administrator accounts, and they shift their behavior to use the standard user account.
|
||||
1. Configure the **User Account Control: Behavior of the elevation prompt for standard users** to **Automatically deny elevation requests**. This setting requires the user to sign in with an administrative account to run programs that require elevation of privilege.
|
||||
2. As a security best practice, standard users shouldn't have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials on the secure desktop** so that the users don't choose to always sign in with their administrator accounts, and they shift their behavior to use the standard user account.
|
||||
|
||||
### Location
|
||||
## Location
|
||||
|
||||
Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
|
||||
|
||||
### Default values
|
||||
## Default values
|
||||
|
||||
The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
|
||||
The following table lists the actual and effective default values for this policy. Default values are also listed on the policy's property page.
|
||||
|
||||
| Server type or GPO | Default value |
|
||||
| - | - |
|
||||
|
||||
Reference in New Issue
Block a user