Video Summary
Windows beta adds mandatory age verification (ID + face scan) to enable admin permissions.
Default implementation is flawed—Copilot-generated IDs and photos can bypass checks at low security levels.
A higher security level exists but still shows bugs and inconsistent face/ID matching.
If no camera is available, Microsoft account + Copilot phone app can be used; no camera + no internet can lock you out.
Disabling the feature is blocked by the User Choice Protection Driver (UCPD), though Task Manager and clipsvc-related commands provide practical workarounds.
The beta feature requires an ID scan plus a face scan (or alternatively using a Microsoft account and the Microsoft 365 Copilot phone app) to enable the admin 'Yes' button.
Yes — at the default security level the presenter generated a fake ID with Copilot and used a photo in front of the camera to bypass the face scan. Task Manager also does not prompt for admin and clipsvc commands can be used as workarounds.
Not easily. Attempts to delete or modify the IdentityVerify registry key fail because the key is protected by the User Choice Protection Driver (UCPD), which prevents unauthorized changes.
Users may need to provide sensitive ID data and use webcams or a phone app frequently to perform admin tasks, creating privacy risks and potential lockouts if neither camera nor internet access is available.
clipsvc is the Windows License Manager Service extended to enforce permission checks like age verification; UCPD (User Choice Protection Driver) is a system component that blocks changes to certain OS defaults and protected registry keys.
"Windows is no longer yours. In the latest build, Microsoft has finally locked the 'Yes' button in the Admin dialog behind an ID and face scan."
Microsoft has implemented a new feature that requires users to verify their age through an ID and face scan to access administrative privileges.
This feature is currently in beta testing and is not yet widely available, but it is expected to be rolled out soon amidst global discussions on identification laws.
Upon attempting to use Admin features, users will face an age check, where the 'Yes' button is disabled unless proper identification is provided.
"Surprisingly, the default implementation is flawed; I have generated a not even realistic-looking ID using none less than Copilot himself."
The age verification process requires both an ID scan and a face scan to proceed with administrative actions.
An amusing flaw was highlighted where an unrealistic ID could be created using Microsoft's own AI assistant, Copilot, suggesting that the current security measures are not robust.
Users can bypass the face scan by using a picture of another person, exposing weaknesses in the system's verification process.
"Now comes the tricky part - I need a face scan. Sadly, I can't steal Enderman's face since I'm not Koh the Face Stealer."
Higher security levels in the verification process increase the difficulty of bypassing age checks, as they are designed to be more competent in identifying valid IDs.
The need for both an ID and a real face scan could become mandatory in future updates.
Current implementation still presents bugs, as the verification system inconsistently recognizes faces or allows mismatched IDs to gain access.
"Now, even with camera and internet... you will absolutely hate having to have your ID at hand every time you need admin."
The mandatory ID checks could lead to privacy concerns, as users would need to frequently provide sensitive information for everyday tasks.
The system allows for an alternative login through a Microsoft account if a camera is unavailable, but this can still lead to lockouts if neither option is accessible.
Disabling the age verification feature is not straightforward, as the operating system prevents users from easily modifying relevant registry keys.
"Despite Microsoft adding age verification to almost every system entry point, they left the back door wide open."
Interestingly, Task Manager does not prompt for admin permissions, allowing users to circumvent the age verification process entirely utilizing a known loophole.
A command can be executed to inform the clipsvc service to disable the age check, easing access to admin privileges post-reboot.
Microsoft’s extensive focus on blocking potential vulnerabilities, while leaving obvious avenues open, raises concerns about the stringency and effectiveness of their security measures.
