If you want a quick read on where Windows security is heading, look at what Microsoft is quietly tightening over time. One recent example: in newer Windows 11 updates, opening Storage settings can now trigger a User Account Control (UAC) prompt and require administrator rights.
That might sound like a small change, but it’s a useful signal: Microsoft is continuing to move Windows toward a world where “system settings and system files are not casual click-around areas for standard users.”
Why this matters to IT (and why users will notice)
For years, many organisations got used to two patterns:
- Everyone is an admin (because a few apps or workflows need it).
- Everyone is standard (and IT takes the hit for installs and fixes).
Changes like “Storage settings now needs admin” create friction if your environment hasn’t decided how to handle those in-between moments where a user needs something “admin-like” but shouldn’t be an admin all day.
Local admin is not a strategy
When Windows tightens permissions, the easy but risky answer is: “fine, just make the user local admin.” But that’s exactly what attackers hope for. If malware lands as a user who already runs as admin, it can often skip the privilege escalation step entirely.
The better long-term approach is to assume standard users are the baseline and build a predictable way to handle the exceptions.
What to do next (practical, low drama)
-
Set expectations with users.
Small Windows changes will increasingly trigger UAC prompts in places that used to “just work.” Let users know that these prompts are intentional and are part of protecting the machine. -
Decide how you handle “admin moments.”
For settings and maintenance tasks, define whether IT handles them, whether you use a privileged support workflow, or whether you use an approved self-service method. -
Fix the real reason users still have admin.
In many environments, the biggest blocker to removing local admin is not Windows Settings. It’s a short list of legacy or specialist Windows apps that break without admin rights.
Where Elevator fits
At UNYK, we built Elevator for Windows for that exact “real reason” problem: you want users to stay standard users, but you still have a handful of Windows apps that behave as if everyone is an admin.
- Keep users out of the local Administrators group.
- Allow only approved applications to run elevated.
- Keep everything else running as standard user processes.
- Log elevation events so you can see what still depends on admin rights.
If Windows is continuing to tighten admin boundaries (and it is), the question is not “will users hit UAC prompts?” It’s “do we have a clean, controlled way to handle the few things that truly need elevation?”
If you’d like to test Elevator with two or three of your own “problem apps”, start here:
Start Free 30-Day Trial Request Elevator Pricing
