Policy

Enumerate administrator accounts on elevation

Microsoft Windows

Back to Credential User InterfaceBack to main
Enumerate administrator accounts on elevation
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Credential User Interface
Supported on
At least Windows Vista

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application. If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password. If you disable this policy setting, users will always be required to type a user name and password to elevate.

Internal name
EnumerateAdministrators
Policy ID
c25a98e0c9c9
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
Value name
EnumerateAdministrators
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
Value name
EnumerateAdministrators
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.