Announcement

Collapse
No announcement yet.

Disable UAC for standard users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Disable UAC for standard users

    Hi

    Is there some way of disabling UAC for standard users in 2012? So far, I have not found it. I have a couple of apps that i want to use on an RDS that the 3rd party software vendor that UAC is off for all users.

    Or can you make some software exempt from UAC?

  • #2
    Re: Disable UAC for standard users

    I'm unable to test it since I've to run but as a quick reply, try this:

    Create or edit a GPO
    Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Local Policies --> Security Options


    Disable the following option: User Account Control: Turn on Admin Approval Mode
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Disable UAC for standard users

      Ok, will give that a go.

      Comment


      • #4
        Re: Disable UAC for standard users

        Create or edit a GPO
        Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Local Policies --> Security Options

        Hmm, I was getting excited there. But it seems that this policy and others like are only options that affect administrators accounts.

        Here is the 2008 GPO options. The 2012 s much the same.

        http://technet.microsoft.com/en-us/l...(v=ws.10).aspx


        In 2008, I would disable UAC as admin on an RDS and it would do it for all users. If I do it now on 2012, it only disables it for administrator account.

        If I make standard users administraors, turn off UAC, then move them back to standard users, the damn UAC reverts to being on! Arrgh.

        Comment


        • #5
          Re: Disable UAC for standard users

          Btw, I was at a small Microsoft conference the other day and the speaker said to everyone that UAC should never be disabled, because it protects the system against unwanted attacks.

          The lecture erupted with most people unanimously saying that their clients software wont work unless UAC is off. The lecturer replied with the typical corporate answer, "well that is their problem for not making their software compatible" .

          Yes, that is true, but it doesn't help. As the 3rd party software vendors are not about to do anything about it. Ive encountered many times software vendors specifically asking for UAC to be turned off. Here is one example I had this week.

          http://www.quicken.com.au/kb/issue_view.asp?ID=4897

          Comment


          • #6
            Re: Disable UAC for standard users

            I don't have a box handy to test but this looks about right

            http://www.computerperformance.co.uk...erver-2012.htm

            Comment


            • #7
              Re: Disable UAC for standard users

              I don't have a box handy to test but this looks about right

              http://www.computerperformance.co.uk...erver-2012.htm
              Yes, thats one of the pages I have encountered. There is also another one that mentions a registry fix that doesnt work.

              If you have a look at that link you sent me, it mentions turn off the prompt for administrators .

              Then down further it makes mention of "behavior of the elevation prompt for standard users". Which sadly, give us only these options. All which don't help.

              User Account Control: Behavior of the elevation prompt for standard users
              The User Account Control: Behavior of the elevation prompt for standard users policy setting controls the behavior of the elevation prompt for standard users.
              The options are:
              Automatically deny elevation requests. When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.

              Prompt for credentials on the secure desktop. (Default) When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.

              Prompt for credentials. When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.

              Comment


              • #8
                Re: Disable UAC for standard users

                The EnableLUA key?

                Has worked on every machine I've tested it on.

                Comment


                • #9
                  Re: Disable UAC for standard users

                  The EnableLUA key?
                  In 2012, that registry entry is already set to 0. Which is the supposed entry to disable UAC.

                  Must not be referenced in 2012.

                  Comment


                  • #10
                    Re: Disable UAC for standard users

                    Ok, in absence of a better solution, this work around appears to work.

                    http://www.sevenforums.com/tutorials...dard-user.html

                    I have more testing to do, but it seems to have got me to where I want to be. Good solution for an SMB. Nightmare solution for a many seat SME. But buy me some time for now.

                    Comment

                    Working...
                    X