Sunday, 9 August 2009

Disabling UAC via 2008 Group Policy (on a Domain)

I run a small 2008 Active Directory for my Data Warehouse network.
The only people who access it via Remote Desktop (RDP) are 2 administrators.
I have no standard 'users' to worry about :)

Anyway, here is how I've disabled group policy for my domain.

On a Domain Controller (or other server with Policy Management tools installed) >
  1. Navigate to Start > Administrative Tools > Group Policy Management
  2. Find the domain policy (in my case 'Default Domain Policy'), right click and 'edit'.
  3. Navigate to the UAC settings located here -
    Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options
  4. Change settings as follows >

User Account Control: Admin Approval Mode for the Built-In Administrator Account > Enabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode > Elevate without Prompting
User Account Control: Detect application installations and prompt for elevation > Disabled
User Account Control: Run all users in Admin Approval Mode > Disabled

No comments: