Skip to content

User Account Control | Harden System Security

User Account Control - Harden Windows Security


  • Blue Check mark denoting Group Policy Prompt for elevation of privilege on secure desktop for all binaries in Administrator accounts, which presents the sign-in UI and restricts functionality and access to the system until the sign-in requirements are satisfied. The secure desktop's primary difference from the user desktop is that only trusted processes running as SYSTEM are allowed to run here (that is, nothing is running at the user's privilege level). The path to get to the secure desktop from the user desktop must also be trusted through the entire chain. Rotating green checkmark denoting CSP CSP

    • Default Behavior: Prompt for consent for non-Windows binaries: When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.

    • Harden Windows Security Behavior: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.



  • Blue Check mark denoting Group Policy Rotating green checkmark denoting Subcategory Hides the entry points for Fast User Switching. Rotating green checkmark denoting CSP CSP

    • This policy will prevent you from using "Forgot my PIN" feature in lock screen or logon screen. If you forget your PIN, you won't be able to recover it.


  • Blue Check mark denoting Group Policy Sets the behavior of the elevation prompt for Standard users to Prompt for Credentials on the Secure Desktop. Rotating green checkmark denoting CSP CSP


  • Blue Check mark denoting Group Policy Configures the type of Admin Approval Mode to be Admin Approval Mode with enhanced privilege protection.