Windows DatabaseebooksStatistical Information

LWE10155 : Howto disable user account control (uac) using group policies

Symptom:

You do not centrally configure the user account control feature for your network

Cause:

none

Solution:

Windows Vista has a built-in feature to reduce the potential of attacs to the system. It does this by the User Account Control, also called UAC. This forces the users of the local administrator group to run programs as normal users with no administrative rights. This feature can be controlled by group policies and enabled or disabled for just a group of computers or for a complete domain at once.

To disable this feature you need to configure the policies for your domain or the local group policies.

Local group policies:

gpedit.msc -> (see AD group policies from here)

Active directory group policies:

gpmc.msc -> browse to the GPO (group policy object) that you want to change. (the Vista computers have to be in here!) In the group policy editor, select computer configuration, than windows settings, security settings, local policies, security options. In the right pane scroll to find the User Access Control policies. These are:

- User Account Control: Behavior of the elevation prompt... -> No prompt
- User Account Control: Detect application installations and... -> Disabled
- User Account Control: Run all administrators in Admin App... -> Disabled

The changes are applied after reboot.


Disclaimer:

The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!
Copyright © 2004-2011 Lubby (V3.0.10 Aug 2011)
Sponsored by Keskon.
Statistical information by Google Analytics