Solved No PIN option on the UAC prompt when elevating as Admin rights

win11freak · Apr 8, 2026

I am running as a Standard Local Account and whenever I need to elevate as an Administrator, the UAC prompt does not show the choice to select using Windows Hello PIN. Only password.

Even when I signed in to my local Administrator account profile and setting up the Hello PIN from that account, it still doesn't show the option to use the PIN from the UAC prompt when performing the Run As Administrator whenever I need to perform some tasks that needs Administrator rights under my Standard Local Account.

My Standard Local Account has a PIN setup as well.

See image attached as to what I am referring to. I don't see this option to enter a PIN.

pseymour · Apr 8, 2026

For the first part, that's correct behavior. You can only use a PIN if you're logged in interactively with the account that has admin rights. When you're logged in with a standard account and try to elevate with an admin account, that is a credential switch and a PIN can't be used.

win11freak · Apr 8, 2026

So what would be the solution? I use a really long complex password for both local accounts.

A PIN would be the easiest option to enter

glasskuter · Apr 8, 2026

win11freak said:
So what would be the solution

There is not one... other than switch from standard user to administrator account. It is a hard boundary of windows and is a security requirement, not a bug.
Windows Hello PINs are not universal credentials. They are per-user, per-device authentication methods tied to the currently signed‑in user.

When you try to elevate from a Standard account:

You are not elevating your account
You are switching credentials to a different account (the Administrator)
Windows Hello cannot be used for cross‑account authentication....period
Therefore, Windows falls back to the admin password only

win11freak · Apr 8, 2026

Perhaps i will just convert to Administrator account as I am the only one using the computer. And I am super extra vigilant when it comes to security measures.

pseymour · Apr 8, 2026

Some options, in no particular order and of varying quality.

Use a password.
Setup a scheduled task to run the elevated thingy. This is pretty much only useful if you have a small set of processes to run.
Make your daily account an admin. If you do this, higher UAC settings are better than lower.
Use fast user switching to just jump back over to the admin account, although you seem to have PIN issues there also.

oldschool · Apr 8, 2026

pseymour said:
When you're logged in with a standard account and try to elevate with an admin account, that is a credential switch and a PIN can't be used.

glasskuter said:
There is not one... other than switch from standard user to administrator account. It is a hard boundary of windows and is a security requirement, not a bug.
Windows Hello PINs are not universal credentials. They are per-user, per-device authentication methods tied to the currently signed‑in user.

In my experience, I can use a PIN on SUA if signed into my MS account on my Administrator Account. When I use a local account to sign into my Adminstrator Account, i.e., when logged out of my MS account, then I must use my password to elevate on SUA.

oldschool · Apr 8, 2026

win11freak said:
Perhaps i will just convert to Administrator account as I am the only one using the computer. And I am super extra vigilant when it comes to security measures.

I'm the sole user on this device and I still use SUA for daily driving.

Have you tried logging into your MS account on your Administrator Account? You should be able to elevate with PIN on SUA.

pseymour · Apr 8, 2026

oldschool said:
In my experience, I can use a PIN on SUA if signed into my MS account on my Administrator Account. When I use a local account to sign into my Adminstrator Account, i.e., when logged out of my MS account, then I must use my password to elevate on SUA.

I can't make heads or tails of what this says.

win11freak · Apr 8, 2026

pseymour said:
Some options, in no particular order and of varying quality.

Use a password.

Setup a scheduled task to run the elevated thingy. This is pretty much only useful if you have a small set of processes to run.

Make your daily account an admin. If you do this, higher UAC settings are better than lower.

Use fast user switching to just jump back over to the admin account, although you seem to have PIN issues there also.

Thanks, I will just use a password as I don't really need to elevate on a daily bases only when I need to.

oldschool · Apr 8, 2026

pseymour said:
I can't make heads or tails of what this says.

What don't you understand?

win11freak · Apr 8, 2026

oldschool said:
I'm the sole user on this device and I still use SUA for daily driving.

Have you tried logging into your MS account on your Administrator Account? You should be able to elevate with PIN on SUA.

No, I don't want to have a MS Account only Local Account.

oldschool · Apr 8, 2026

win11freak said:
No, I don't want to have a MS Account only Local Account.

Then you must use a password to elevate on SUA.

pseymour · Apr 8, 2026

oldschool said:
What don't you understand?

It's a labyrinth of standard user account, administrator account, Microsoft account. I don't know what's happening.

win11freak · Apr 9, 2026

Will this also work AND be more secure if?

1. Set my local Administrator to use the UAC prompt in Security Settings to: UAC-Prompt for Credentials on the Secure Desktop instead of Prompt for Consent?

Would this be sufficient?

This way I do see the PIN option on the UAC prompt.

And I had read that this would or should be a bit more secure than the Prompt YES/NO actions.

On a side note: MS unfortunately has no plans to roll out the Administrator Protection feature.

That would solve this issue for good.

pseymour · Apr 9, 2026

Prompt for credentials is always more secure than prompt for consent. All of the bypasses I know for UAC rely on the consent dialog; I’ve not seen one for the credentials dialog.

Administrator Protection is not abandoned. They’ve had some issues in the testing phases. Fine with me, by the way. Get the issues worked out; it’s important.

win11freak · Apr 9, 2026

pseymour said:
Prompt for credentials is always more secure than prompt for consent. All of the bypasses I know for UAC rely on the consent dialog; I’ve not seen one for the credentials dialog.

Administrator Protection is not abandoned. They’ve had some issues in the testing phases. Fine with me, by the way. Get the issues worked out; it’s important.

So if I just only use my Local Administrator account and set the UAC to prompt for Credentials (not consent), would this be sufficient and more secure?

Anyways, I'm very vigilant when it comes to online security and only install apps which I need and that's all.

pseymour · Apr 11, 2026

win11freak said:
So if I just only use my Local Administrator account and set the UAC to prompt for Credentials (not consent), would this be sufficient and more secure?

Anyways, I'm very vigilant when it comes to online security and only install apps which I need and that's all.

Yes, that's safer than prompt for consent. Not technically as safe as being a standard user, but in a home environment, it's probably fine. I would also turn the UAC slider all the way to the top, so you get prompted for Windows binaries as well.

Solved No PIN option on the UAC prompt when elevating as Admin rights

Well-known member

Attachments

My Computer

putting the mental back in experimental

My Computer

Well-known member

My Computer

aka Mama Glass

My Computers

Well-known member

My Computer

putting the mental back in experimental

My Computer

Well-known member

My Computer

Well-known member

My Computer

putting the mental back in experimental

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

putting the mental back in experimental

My Computer

Well-known member

My Computer

putting the mental back in experimental

My Computer

Well-known member

My Computer

putting the mental back in experimental

My Computer

Similar threads