IT Professionals

User Account Control Group Policy Settings In Windows 7

Posted by on Nov 19, 2009 | No Comments

User Account Control in Windows 7 includes enhancements designed to improve the functionality. One of the enhancements is the inclusion of Group Policy settings. More specifically, there are 10 Group Policy settings that can be used to configure the behaviour of UAC.

  • Admin Approval Mode for the built-in Administrator account (disabled by default) — Determines whether the built-in Administrator account uses Admin. Approval Mode. If enabled, any operation requiring elevation of privilege results in a prompt to approve the operation.
  • Allow UIAccess application to prompt for elevation within using the secure desktop (disabled by defaults) — Determines whether any User Interface Accessibility (UIA) programs can automatically disable the secure desktop for elevation prompts.
  • Behaviour of the elevation prompt for administrators in Admin Approval Mode — Determines the behaviour of elevation prompts for Administrators (there are several options available; the default is Prompt for consent for non-Windows binaries)
  • Behaviour of the elevation prompt for standard users — Determines the behaviour of elevation prompts for users. (there are several options available; the default is Prompt for credentials on the secure desktop)
  • Detect application installations and prompt for elevation (enabled by default in Home edition; disabled by default in Enterprise edition) — Determines whether application installations require elevation of privilege
  • Only elevate executables that are signed and validated (disabled by default) — Determines whether PKI signature checks are required for interactive applications.
  • Only elevate UIAccess applications that are installed in secure locations (enabled by default) — Determines whether UIAccess applications must reside in a secure location.
  • Run all administrators in Admin Approval Mode (enabled by default) — Determines whether Admin Approval Mode and UAC are required.
  • Switch to the secure desktop when prompting for elevation (disabled by default) — Determines whether the elevation request prompts are displayed on the interactive user’s desktop or secure desktop.
  • Virtualize file and registry write failures to per-user locations (enabled by default) — Determines whether application write failures are redirected to a defined location.

[awsbullet:microsoft windows 7]