Policy
Enumerate administrator accounts on elevation
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application. If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password. If you disable this policy setting, users will always be required to type a user name and password to elevate.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerDo not display the password reveal buttonAt least Windows Server 2012, Windows 8 or Windows RT or at least Internet Explorer 10
- UserDo not display the password reveal buttonAt least Windows Server 2012, Windows 8 or Windows RT or at least Internet Explorer 10
- ComputerPrevent the use of security questions for local accountsAt least Windows Server 2016, Windows 10 Version 1903
- ComputerRequire trusted path for credential entryAt least Windows Vista