用户帐户控制: 以管理员批准模式运行所有管理员User Account Control: Run all administrators in Admin Approval Mode

04/19/2017

本文内容

适用于Applies to

Windows 10Windows10

本文介绍用户帐户控制的最佳做法、位置、值、策略管理和安全注意事项 ： "在管理员批准模式下运行所有管理员" 安全策略设置。This article describes the best practices, location, values, policy management and security considerations for the User Account Control: Run all administrators in Admin Approval Mode security policy setting.

参考Reference

此策略设置确定整个系统的所有用户帐户控制(UAC)策略的行为。This policy setting determines the behavior of all User Account Control (UAC) policies for the entire system. 这是打开或关闭 UAC 的设置。This is the setting that turns UAC on or off.

可能值Possible values

已启用Enabled

管理员批准模式和所有其他 UAC 策略都依赖于启用此选项。Admin Approval Mode and all other UAC policies are dependent on this option being enabled. 更改此设置需要重新启动系统。Changing this setting requires restarting the system.

DisabledDisabled

管理员批准模式和所有相关的 UAC 策略均已禁用。Admin Approval Mode and all related UAC policies are disabled.

备注

如果将此安全设置配置为 "已禁用"，则安全中心会通知用户操作系统的整体安全性已减少。If this security setting is configured to Disabled, the Security Center notifies the user that the overall security of the operating system has been reduced.

最佳实践Best practices

启用此策略以允许所有其他 UAC 功能和策略正常工作。Turn on this policy to allow all other UAC features and policies to function.

位置Location

电脑 Configuration\Windows Settings\Security Settings\Local Policies\Security 选项Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

默认值Default values

下表列出了此策略的实际和有效的默认值。The following table lists the actual and effective default values for this policy. 默认值也在策略的属性页上列出。Default values are also listed on the policy’s property page.

服务器类型或 GPOServer type or GPO

默认值Default value

默认域策略Default Domain Policy

未定义Not defined

默认域控制器策略Default Domain Controller Policy

未定义Not defined

独立服务器默认设置Stand-Alone Server Default Settings

已启用Enabled

DC 有效的默认设置DC Effective Default Settings

已启用Enabled

成员服务器有效的默认设置Member Server Effective Default Settings

已启用Enabled

客户端计算机有效的默认设置Client Computer Effective Default Settings

已启用Enabled

策略管理Policy management

本部分介绍可帮助你管理此策略的功能和工具。This section describes features and tools that are available to help you manage this policy.

重启要求Restart requirement

必须重新启动计算机，此策略才有效，此策略在本地保存或通过组策略分配时才有效。The computer must be restarted before this policy is effective when changes to this policy are saved locally or distributed through Group Policy.

组策略Group Policy

所有审核功能都集成在组策略中。All auditing capabilities are integrated in Group Policy. 可以在组策略管理控制台或域、网站或组织单位的本地安全策略管理单元中配置、部署和管理这些设置。You can configure, deploy, and manage these settings in the Group Policy Management Console or Local Security Policy snap-in for a domain, site, or organizational unit.

安全注意事项Security considerations

本部分介绍攻击者如何利用一项功能或其配置，如何实施对策，以及对策实施可能产生的负面后果。This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.

漏洞Vulnerability

此设置启用或禁用 UAC。This setting turns on or turns off UAC. 如果未启用此设置，则不会使用 UAC，并且依赖于 UAC 的任何安全好处和风险缓解功能在计算机上都不存在。If this setting isn't turned on, UAC isn't used, and any security benefits and risk mitigations that are dependent on UAC aren't present on the computer.

对策Countermeasure

打开用户帐户控制：作为标准用户设置运行所有用户，包括管理员。Turn on the User Account Control: Run all users, including administrators, as standard users setting.

潜在影响Potential impact

用户和管理员必须了解如何使用 UAC 提示和调整其工作习惯，以使用最少的权限操作。Users and administrators must learn to work with UAC prompts and adjust their work habits to use least privilege operations.

相关主题Related topics