Question Admin PW works for login but not for UAC confirmation

Tomas1020

Reputable
Oct 2, 2015
79
0
4,630
0
Hi all,

so we experienced an attack within our company recently, so we are working on some IT security improvements. Our IT contractor told me that it's always best to use the computers without admin rights.

Since we'll start using Open VPN for remote access shortly, I want to configure even my home desktop to be more secure (working on this now). Therefore I want to use it without admin rights and enter admin password when I want to install some software or make imporant changes.

I activated the Windows pre-created "Administrator" profile and set a password to it. Then I changed my account from admin to user.

I am able to log into the Administrator account with the password that I created. But when I log into my personal account without admin rights and try to install something, the same password doesn't work. It says incorrect admin password. But I tried it dozens of times, checked Caps lock, Num lock...

Are these the same passwords or 2 different ones?

Thanks for the help.

Tomas
 
when you are a user, you can run the setup as admin and use your admin acct.

but just create your own admin and leave the built in disabled

ideally, you should need DOMAIN admin to do anything on a box. IMO, users should never be allowed to install software or make system changes.
 

Tomas1020

Reputable
Oct 2, 2015
79
0
4,630
0
when you are a user, you can run the setup as admin and use your admin acct.

but just create your own admin and leave the built in disabled

ideally, you should need DOMAIN admin to do anything on a box. IMO, users should never be allowed to install software or make system changes.
Thanks, I will create my admin and disable the built in. But will that help with my password problem?

Also - what is a domain admin if I may ask? I am the only one using this particular PC and it's at a secured location. I want to use "non admin" account for internet security purposes and to, say, double confirm when I want to change/install stuff.
 

lindstrom

Distinguished
Sep 20, 2010
65
1
18,665
8
Thanks, I will create my admin and disable the built in. But will that help with my password problem?

Also - what is a domain admin if I may ask? I am the only one using this particular PC and it's at a secured location. I want to use "non admin" account for internet security purposes and to, say, double confirm when I want to change/install stuff.
Domain Admin is the user account with full permissions on servers and have permissions to modify Active Directory, this account should be highly restricted to only those who need access to manage AD and even then it should be setup as a secondary account with no other permissions. Here is some information on best practices https://activedirectorypro.com/active-directory-security-best-practices/

If some of the users need to install software they can be added to the Local Administrators group. Here are instructions to add a user to the local admin group https://www.howtogeek.com/79890/add-a-user-to-administrator-group/
If you have created a local admin account on your personal device and only want to use it for installing software you can hold Shift and right click, the "Run as different user"

How many workstations do you have in your company, are your computers domain joined?
 

ASK THE COMMUNITY