Say Hello to Windows 11 Administrator Protection: Secure Your Admins!
We all know admin rights are essential, but they’re also one of the biggest security risks. With Windows 11 introducing Administrator Protection in Canary Build 27718, we now have a smarter way to manage elevated privileges.
Instead of permanent admin accounts with too many privileges that hang around long after they’re needed, this new approach uses a System Managed Admin Account, AKA Super Admin account, that dynamically handles privileges only when they’re needed.
Traditionally, when a user is given admin rights on a Windows device, whether it’s a local account or a Microsoft account, those privileges are always active, making the device an attractive target for attackers. If the account is compromised, attackers can immediately use those rights to install malware or gain even more control over the system.
That’s where the good old User Account Control (UAC) tries to add some protection. When a user with admin privileges signs in, UAC creates a “split token” for the session. This split token divides the user’s identity into two separate parts: a standard user token and an admin token.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25535558/STK160_X_TWITTER_2__A.jpg)
