L1BIO 12.01.01ISO A.12.6.2CIS Windows - UAC admin prompt
Intune: UAC Elevation Prompt For Administrators
π 2025-10-30
β’
β±οΈ 3 minuten lezen
β’
π΄ Must-Have
πΌ Management Samenvatting
UAC elevation prompt voor administrators = require consent voor privileged operations - zelfs admins moeten elevation approve (defense against malware running as admin).
Aanbeveling
IMPLEMENT
Risico zonder
High
Risk Score
8/10
Implementatie
2u (tech: 1u)
Van toepassing op:
β Windows 10 β Windows 11
UAC elevation = malware defense: Scenario: Admin browses web β malicious site β drive-by download β malware. WITHOUT UAC prompt: Malware runs as Admin (full system access - game over), Malware installs: Rootkit, Schakel uit antivirus, Maak backdoor accounts. WITH UAC prompt: Malware requests elevation β UAC dialog appears β Admin sees suspicious request β DENY β malware blocked. Best practice: 'Prompt for consent on De secure desktop' (UAC dialog in isolated session - malware cannot click 'Yes').
PowerShell Modules Vereist
Primary API: Microsoft Graph API Connection:Connect-MgGraph Required Modules: Microsoft.Graph.DeviceManagement
Implementatie
UAC prompt modes: 'Elevate without prompting': NO prompt (INSECURE - niet aanbevolen), 'Prompt for credentials': Ask password (best for standard users), 'Prompt for consent': Ask yes/no (aanbevolen voor admins), 'Prompt for consent on secure desktop': Isolated UAC (BEST - prevents UI automation attacks). Secure desktop: UAC dialog on separate desktop (malware cannot interact).
Vereisten
Intune subscription
Windows 10/11
Admin accounts (local/domain)
Implementatie
Intune Settings Catalog: Local Policies Security Options β User Account Control: Behavior of De elevation prompt for administrators in Admin Approval Mode: 'Prompt for consent on De secure desktop' (most secure).
Compliance
CIS Windows Benchmark L1, Microsoft Security Baseline, BIO 12.01, ISO 27001 A.12.6.2.
Monitoring
Gebruik PowerShell-script elevation-prompt-admins.ps1 (functie Invoke-Monitoring) β Controleren.
Remediatie
Gebruik PowerShell-script elevation-prompt-admins.ps1 (functie Invoke-Remediation) β Herstellen.
Compliance & Frameworks
CIS M365: Control Windows - UAC admin prompt (L1) -
BIO: 12.01.01 -
ISO 27001:2022: A.12.6.2 -
Automation
Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).