LKBEN10713: Howto disable user account control (uac) using group policies
Symptom
You do not centrally configure the user account control feature for your network
Cause
none
Solution
Windows Vista has a built-in feature to reduce the potential of attacs to the system. It does this by the User Account Control, also called UAC. This forces the users of the local administrator group to run programs as normal users with no administrative rights. This feature can be controlled by group policies and enabled or disabled for just a group of computers or for a complete domain at once.
To disable this feature you need to configure the policies for your domain or the local group policies.
Local group policies:
gpedit.msc -> (see AD group policies from here)
Active directory group policies:
gpmc.msc -> browse to the GPO (group policy object) that you want to change. (the Vista computers have to be in here!) In the group policy editor, select computer configuration, than windows settings, security settings, local policies, security options. In the right pane scroll to find the User Access Control policies. These are:
- User Account Control: Behavior of the elevation prompt... -> No prompt
- User Account Control: Detect application installations and... -> Disabled
- User Account Control: Run all administrators in Admin App... -> Disabled
The changes are applied after reboot.
Disclaimer:
The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!About the Author
Author: - Keskon GmbH & Co. KG
Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.