Evolving the Windows User Model – Introducing Administrator Protection

By /

Listen to this Post

Microsoft has introduced a new feature called Administrator Protection to enhance the security of Windows users. This feature is designed to mitigate risks associated with running applications with elevated privileges, which is a common attack vector for malware and other security threats. By limiting unnecessary administrative access, Windows aims to reduce the attack surface and improve overall system security.

You Should Know:

1. Enable Administrator Protection:

  • Open the Local Security Policy editor by typing `secpol.msc` in the Run dialog (Win + R).
  • Navigate to Local Policies > Security Options.
  • Look for the policy named “User Account Control: Run all administrators in Admin Approval Mode” and ensure it is enabled.

2. Create a Standard User Account:

  • Go to Settings > Accounts > Family & other users.
  • Click Add someone else to this PC and follow the prompts to create a standard user account.
  • Use this account for daily tasks to minimize the risk of accidental administrative actions.

3. Use PowerShell to Check Admin Privileges:

  • Open PowerShell as an administrator and run the following command to list users with administrative privileges:
    Get-LocalGroupMember -Group "Administrators"
  • This command will display all users who have admin rights on the system.

4. Audit Admin Access with Event Viewer:

  • Open Event Viewer (eventvwr.msc).
  • Navigate to Windows Logs > Security.
  • Filter the logs for Event ID 4672 to monitor when administrative accounts are used.

5. Restrict Admin Access with Group Policy:

  • Use the Group Policy Management Console (gpmc.msc) to restrict administrative access to specific users or groups.
  • Navigate to Computer Configuration > Windows Settings > Security Settings > Restricted Groups to configure these settings.

6. Enable Windows Defender Application Guard:

  • For additional protection, enable Windows Defender Application Guard to isolate browsing sessions in a virtualized environment.
  • This can be done via Turn Windows features on or off in the Control Panel.

What Undercode Say:

Administrator Protection is a significant step forward in securing Windows environments. By reducing the reliance on administrative privileges, organizations can better defend against privilege escalation attacks. Implementing the steps above, such as creating standard user accounts, auditing admin access, and using tools like PowerShell and Group Policy, will further strengthen your security posture. Always remember, the principle of least privilege is key to maintaining a secure system. For more details, visit the Microsoft Community Hub.

References:

Reported By: Florian Hansemann – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: