Accounts: User Account Control (UAC) must, at a minimum, prompt administrators for consent on the secure desktop

0b28a1d9-618b-45ce-8938-f73cc84fce81

UAC is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting configures the elevation requirements for logged-on administrators to complete a task that requires raised privileges.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode to "Prompt for consent on the secure desktop".

NIST 800-53: AC-6(8)
CAT: II
CCI: CCI-001084
CSCv6: 5.1
CMMC v2.1 L3: SI.L3-3.14.3e
RuleID: SV-225066r569186_rule, SV-88381r1_rule, SV-103613r1_rule, SV-205719r958518_rule, SV-254487r958518_rule, SV-253473r958518_rule, SV-220949r569187_rule
MITRE Att&k: T1087, T1087.001, T1087.002, T1546.011, T1548, T1548.002