Enable or Disable Administrator Protection with Windows 11 Hidden Toggle

Microsoft aims to make Windows 11 the most secure release of its operating system, which is why it introduced the requirement for TPM 2.0. However, there’s more on the horizon. The tech giant has been experimenting with a new feature called Administrator Protection in its preview versions.

This Administrator Protection feature in Windows 11 has the potential to restrict administrator access to specific events instead of keeping it constantly active. Currently, this capability is accessible within the Windows Security application, but it is hidden by default.

By force-enabling this feature, we uncovered a new Administrator Protection option within the Windows Security app. Below is a screenshot taken from one of our test devices:

At present, the Administrator Protection feature does not have any functionality, but future updates could enable it to grant temporary administrator rights when needed. This enhancement includes an added layer of authentication through integration with Windows Hello.

Therefore, to authorize admin rights, users will have to enter their PIN or utilize their preferred authentication method.

This feature could conceal the administrator profile, making it less accessible. When a task that requires administrative privileges is initiated, the operating system generates a temporary admin token solely for that action.

Once the task is finished, Windows will automatically delete the temporary token and prevent any further access to the administrator profile.

Although having unrestricted admin rights can simplify tasks by reducing popup prompts, this feature introduces a vital security layer. It’s particularly effective at shielding users from malware and other threats seeking vulnerabilities.

Steps to Activate Administrator Protection in Windows 11

The simplest method to enable this feature is through the Windows Security app. Simply open the app, navigate to the Account Protection section, scroll down to the Administrator Protection option, and toggle it on.

If the Windows Security app isn’t functioning properly or you wish to apply this feature for all users on your system, you can also leverage the Group Policy Editor. Here’s how to proceed:

1. Launch Windows Search, type gpedit.msc, and hit Enter.
2. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
3. Locate and double-click on the User Account Control: Configure type of Admin Approval Mode policy.
4. In the drop-down menu, select Admin Approval Mode with Administrator Protection and hit Apply.

   

5. Next, open the User Account Control: Behavior of the elevation prompt for administrators running with Administrator Protection policy.
6. Select Prompt for credentials and click Apply, followed by the OK button.

   

7. Close the Group Policy Editor and restart your PC.

That’s how you can manage the Administrator Protection feature on your computer. We anticipate that Microsoft will enable it by default in future updates.

While this feature adds an additional step to obtain admin rights, we recommend keeping it active for enhanced security.