Microsoft has introduced Administrator Protection, a new feature of Windows 11 that allows regular users to request admin privileges to safely configure the system. This feature, while similar in appearance to the current User Account Control (UAC), verifies user identity through Windows Hello, using facial recognition, fingerprint, or a PIN specific to the device. However, the underlying mechanism of Administrator Protection differs significantly – Microsoft does not “upgrade” our user accounts to have admin rights, but rather creates a new user account that is hidden from view and generates a temporary admin token for system admin tasks. Once the task is completed, the system destroys the token to ensure admin privileges are not left lingering.
The advantage of this approach is that if a user account is infected with malware, the malware cannot access sessions that require admin privileges because technically they belong to different accounts. Coupled with Windows Hello for authentication, this makes it extremely difficult for malware to breach security boundaries.
This feature is currently available for Windows Insider users under Settings > Windows Security > Account Protection, and initially must be manually enabled. However, Microsoft has made it clear that the long-term goal is to have this feature enabled by default.
TLDR: Microsoft introduces Administrator Protection in Windows 11, allowing users to request admin privileges securely. This feature uses Windows Hello for user verification and creates temporary admin tokens for system tasks, enhancing security by preventing malware access to admin sessions.
Leave a Comment