From 2d199f225cd5ddb0797919cd1a9c047a57d626a4 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Sun, 19 Dec 2021 14:49:30 +0200 Subject: [PATCH] Windows: require admin password/pin for UAC --- Windows/UAC-ask-password.reg | 5 +++++ Windows/Windows.reg | 4 ++-- Windows/Windows.reg.markdown | 10 +++++----- 3 files changed, 12 insertions(+), 7 deletions(-) create mode 100644 Windows/UAC-ask-password.reg diff --git a/Windows/UAC-ask-password.reg b/Windows/UAC-ask-password.reg new file mode 100644 index 00000000..b4a1f928 --- /dev/null +++ b/Windows/UAC-ask-password.reg @@ -0,0 +1,5 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] +"ConsentPromptBehaviorAdmin"=dword:00000001 +"ConsentPromptBehaviorUser"=dword:00000001 diff --git a/Windows/Windows.reg b/Windows/Windows.reg index c4fd1b52..0648a904 100644 --- a/Windows/Windows.reg +++ b/Windows/Windows.reg @@ -1,8 +1,8 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] -"ConsentPromptBehaviorAdmin"=dword:00000002 -"ConsentPromptBehaviorUser"=dword:00000002 +"ConsentPromptBehaviorAdmin"=dword:00000001 +"ConsentPromptBehaviorUser"=dword:00000001 "dontdisplaylastusername"=dword:00000000 "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 diff --git a/Windows/Windows.reg.markdown b/Windows/Windows.reg.markdown index 2d7d1e67..cde4620d 100644 --- a/Windows/Windows.reg.markdown +++ b/Windows/Windows.reg.markdown @@ -3,14 +3,14 @@ This file is supposed to explain [Windows.reg](Windows.reg). ``` Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] -"ConsentPromptBehaviorAdmin"=dword:00000002 -"ConsentPromptBehaviorUser"=dword:00000002 +"ConsentPromptBehaviorAdmin"=dword:00000001 +"ConsentPromptBehaviorUser"=dword:00000001 ``` * Make the file Windows Registry Editor script -* Ask admins yes/no on UAC - * 1 would also ask for password, 0 disable entirely. -* prompt standard users for username and password. +* Ask admins for password/PIN in UAC + * 2 would ask for yes or no, 0 disable entirely (don't do that). +* prompt standard users for username and password. 2021-12-19: I don't understand this or the line below. * The other option (1) doesn't even give them UAC prompt so you must always login as admin to do anything.