Multi-factor authentication for Windows UAC

What is Windows UAC?

User Account Control (UAC) is a foundational security component in the Windows operating system. It allows users to log on to their computers and perform tasks using the standard user access rights. When certain applications need more than the standard user rights to run, the UAC allows users to run them with their administrator token.

With the built-in UAC elevation component, standard users can easily perform administrative or elevated tasks by entering valid credentials of a local administrator account. However, verification with just a username and password for such privileged actions could make the system vulnerable to exploitation by threat actors.

Enable MFA or 2FA for UAC through ADSelfService Plus

ADSelfService Plus provides MFA for Windows UAC to secure elevated system activities performed on standard user accounts. When this feature is enabled, MFA will be prompted for all UAC credential prompts, and the user will be able to perform the administrative action only upon successful identity verification. ADSelfService Plus offers multiple authentication factors to secure Windows UAC.

Supported Windows versions

The Windows UAC MFA feature of ADSelfService Plus is compatible with Windows 7 and above, and Windows Server 2008 and above. It is supported by ADSelfService Plus' Windows login agent version 5.10 and above.

Benefits of enabling MFA for Windows UAC using ADSelfService Plus

• Security for administrative actions
  With MFA for UAC, ensure that critical system activities are not exploited, even when administrator credentials get compromised.
• Wide variety of authenticators
  Choose from multiple authentication factors that ADSelfService Plus offers to provide MFA for Windows UAC credential prompts.
• Different authenticators for different users
  Configure MFA based on users' OUs, groups, and domain memberships. This way, users with different privileges can be authenticated with different authentication factors.