I've seen it recommended numerous places that for security purposes your daily driver account in Windows you should be non-admin, with a separate admin account that you use only for specific tasks that require those permissions.
My question is, what does this accomplish that Windows UAC doesn't?
Whether your regular account is admin or not, if an application tries to do something that requires elevated permissions you'll get a pop up to confirm, the only difference is that with a non-admin account you need to enter a password. If you're the one trying to run that application you're just going to enter in the password anyway. I've recently changed my PC to use separate user and admin accounts, and the only practical difference I've found is that now I have to enter a password every time I want to launch HWiNFO64 or whatnot.
And to clarify, I'm not talking about securing your PC from other people who have who may have access to the 'daily driver' account but you want to restrict from messing around with any important settings that require admin privileges. Assume that you're the only person that has physical access to the PC for the sake of this question.
My question is, what does this accomplish that Windows UAC doesn't?
Whether your regular account is admin or not, if an application tries to do something that requires elevated permissions you'll get a pop up to confirm, the only difference is that with a non-admin account you need to enter a password. If you're the one trying to run that application you're just going to enter in the password anyway. I've recently changed my PC to use separate user and admin accounts, and the only practical difference I've found is that now I have to enter a password every time I want to launch HWiNFO64 or whatnot.
And to clarify, I'm not talking about securing your PC from other people who have who may have access to the 'daily driver' account but you want to restrict from messing around with any important settings that require admin privileges. Assume that you're the only person that has physical access to the PC for the sake of this question.