One of the limitations of Windows is that it requires an Administrator account for installing many popular Win32 applications, perform some OS-level operations and even changing some basic system settings. However, having an Administrator account also increases the security risk of your Windows device, as it exposes a larger surface area for privilege escalation attacks. Ideally, you would want to remove the Administrator account from your device, but that is not feasible on Windows.
At the BlueHat conference yesterday, David Weston, VP of OS Security and Enterprise at Microsoft, announced that Microsoft is working on a new feature that will enable Admin-less support on Windows. This feature will be part of a future Windows release.
The Admin-less user will differ from the current standard non-admin user available in Windows in the following ways:
- The Admin-less user will not have persistent admin rights and cannot log in as admin.
- The Admin-less user will be able to elevate to admin rights just in time when needed.
- The elevation to admin rights will require passwordless strong authentication using Windows Hello.
This feature will protect the device from malware and other automated security threats that rely on administrator rights. However, it will not prevent user errors. For example, a user can still elevate to admin rights and install a malicious application. In such cases, Windows Smart App Control can provide an additional layer of protection.
The feature will work as follows when an Admin-less user tries to install a Win32 application:
- The application will request elevation with a secure passwordless experience (Windows Hello authentication).
- A least privilege admin account will be used for the elevation.
- The user will return to the least privilege mode after the task is completed.
In the future, Microsoft might offer Admin-less as an option for users during the installation of Windows. Users who value security can opt for this feature. Microsoft is aware that some common Windows settings currently require admin privileges (for example, changing color profile), and they are working to address such issues. Microsoft is also collaborating with third-party developers to ensure compatibility with the Admin-less feature.