Difference between separate admin/standard user and admin with UAC/password prompt?

Question

I just installed Windows 10 on a new PC and was wondering what is more secure. Assuming UAC is enabled on the highest setting and I'm the only one using the PC.

• a separate admin and standard account who gets prompted for the admin password if he wants to perform actions that require elevation
• an admin account with local security policy changed to prompt for a password instead of just confirming

So in both cases I'm asked on a secure desktop to provide the admin password if elevated rights are needed. Is there no difference in terms of security?

Answer 1

Both accounts (any local Administrator group user or your custom "Standard" user) will run in the "Standard" user context (the token they run with is "Standard" user) when used normally.

Explorer.exe is the parent process for which all applications run by the user will inherit the standard token used by Explorer.

When an action requires elevation the purpose of UAC is to ask for the additional "Administrator" token that will tell the OS you have proved you have the admin credentials to perform the desired action.

By you setting the local security policy to request a password for your custom admin user you have, essentially, made no difference in terms of the token mechanism, but you have reduced the impact of any malicious actions if you were to leave your computer unlocked and someone tried to perform some action that required administrative permissions.

In an enterprise environment it would probably be best to enable this local security policy by Group Policy so that all actions require a password - but the other side of this is to frustrate your IT staff who would have to enter their credentials for every admin action. It's weighing up the risk and the potential impact.

Microsoft "How User Account Control Works": https://technet.microsoft.com/en-us/library/jj574202(v=ws.11).aspx