Microsoft is working on a major security update for Windows 11 that could change how we interact with our PCs. They are testing Administrator Protection in the latest Windows 11 Insider builds. The idea is to improve security by limiting the constant availability of admin privileges, which hackers and malicious software often exploit.
What’s Changing?
If you’ve ever installed software or made changes to your computer’s settings, you’ve probably seen a prompt asking for administrator permission. This is part of Windows’ User Account Control (UAC), which helps prevent unauthorized changes. But Microsoft is taking it further with “Adminless” Windows 11.
Instead of users always having full admin rights, these privileges will only be granted when needed temporarily. You’ll be asked to verify your identity with a PIN, fingerprint, or another Windows Hello method when admin access is required. This feature makes it harder for hackers or malware to use admin privileges against you.
Why Does It Matter?
The goal of “Adminless” Windows 11 is to stop unauthorized apps and scripts from receiving admin access, a common method hackers use to gain control over systems. Admin access will only be available when it’s necessary, and will automatically be turned off after that. This is similar to how macOS and Linux handle admin privileges, where users are prompted to enter a password or use another form of authentication to make changes.
This update could protect personal PCs from security risks and is part of Microsoft’s broader efforts to tighten security, especially after recent high-profile cyberattacks, like the breach of Microsoft Exchange Online in 2023.
How It Works
The new feature is part of the Windows 11 Canary build, an early version available to testers. It isn’t enabled by default yet, but users can turn it on manually through the Group Policy settings. Here’s where to head next:
Note: Group Policy Editor (gpedit.msc) is not available on Windows 11 Home Edition.
- Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
- Open User Account Control: Configure type of Admin Approval Mode and then under the Local Security section tab, select the Admin Approval Mode with Administrator protection option from the dropdown menu.
- Once done, restart your PC.
Now whenever you open tasks that used to trigger a UAC prompt like installing software or opening system tools will now require PIN or fingerprint verification instead.
While power users might find this new system a bit more cumbersome, the trade-off is better security for everyone. By removing the constant availability of admin privileges, Microsoft is making it harder for bad actors to compromise your computer. We will get to learn more about this feature in Microsoft’s upcoming Ignite event on November 22, 2024, in Chicago, Illinois.
(Source)
