locked
Get UAC level of all computers in domain RRS feed

  • Question

  • Hello...

    In my domain, it appears that on some of the boxes, the UAC level is turned to not notify.  I want to find all computers in the domain that have that setting so I can change the setting to conform to what the rest of the domain is set to.

    I can figure out how to tell if the uac is enabled or not, but I need to see what level the computer is set to...

    Is there a way to get all UAC settings on all computers (running a remote command)?

    Thank You

    Terry

    Wednesday, November 14, 2018 6:54 PM

All replies

  • That is done through group policy.  Ask your AD admins to set the policy in the Default Domain Policy or in a new separate policy then it will never get set back.


    \_(ツ)_/

    Wednesday, November 14, 2018 7:18 PM
  • Yes, I have tried that approach and it set all computers in the domain to the wrong setting.  In the GP there are several settings to set and if you don't get each of them set correctly, you get the wrong setting... and it did cause an issue for a while.. so i turned the GP off, and added the proper setting to my imaging script.  Which works fine..

    However I still have 10 or 15 out there that the setting is turned off.  I do have a script that will set the setting exactly where I want it; but I just need to know which computers need to be changed.

    I'm wanting to get the settings set to "Notify me only when apps try to make changes to my computer (default)"

    Thank you

    Terry

    Wednesday, November 14, 2018 7:49 PM
  • You will have to scan all computers and test the setting.

    The GP will set this correctly.  You just need to post your issue in the GP forum for help in using GP.

    Here are the settings for Level 3 which is the default.

    Admin Approval Mode for the Built-in Administrator account = Disabled
    Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled
    Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt
    Behavior of the elevation prompt for standard users = Prompt
    Detect application installations and prompt for elevation = Enabled
    Only elevate executables that are signed and validated = Disabled
    Only elevate UIAccess applications that are installed in secure locations = Enabled
    Run all administrators in Admin Approval Mode = Enabled
    Switch to the secure desktop when prompting for elevation = Enabled
    Virtualize file and registry write failures to per-user locations = Enabled
    

    Setting the policy will assure that local admins and malware do  not change it.


    \_(ツ)_/

    Wednesday, November 14, 2018 8:02 PM
  • Hi,

    Thanks for your question.

    Please refer the link below to solve your question.

    https://gallery.technet.microsoft.com/scriptcenter/Get-UACSetting-Query-UAC-7afae0de

    https://gallery.technet.microsoft.com/How-to-switch-UAC-level-0ac3ea11

    Best Regards,

    Lee


    Just do it.

    Thursday, November 15, 2018 9:38 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    LEE


    Just do it.

    Tuesday, November 27, 2018 2:39 AM