none
Applocker and UAC RRS feed

  • Question

  • I have an application that with UAC 'ON' the user gets prompted for admin rights which is normal (which I don't want). One way to get around this is to turn UAC 'OFF'. Would Applocker work in the situation? I want to keep UAC 'ON' and NOT have the user prompted. I tried to setup Applocked but it didn't work, maybe I did something wrong or this will not work anyway...
    Friday, July 19, 2019 6:44 PM

All replies

  • This is a related article:

    https://oddvar.moe/2017/08/15/research-on-cmstp-exe/

    AppLocker and UAC


    S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP

    Saturday, July 20, 2019 12:27 AM
  • Hi,

     

    All UAC does is cause an administrator to login as a standard user and then be forced to elevate when administrative privileges are required. Turning UAC off does not allow users to install software.

     

    Applocker allows you to enforce what applications Administrators AND users can run. The default rules allow administrators to run installed software but you don't need to keep it that way.

     

    The install itself does not need UAC and as mentioned above, user based installers already understand that.

     

    Best Regards,

    Farena


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 22, 2019 2:39 AM
  • Hi,

     

    All UAC does is cause an administrator to login as a standard user and then be forced to elevate when administrative privileges are required. Turning UAC off does not allow users to install software.

     

    Applocker allows you to enforce what applications Administrators AND users can run. The default rules allow administrators to run installed software but you don't need to keep it that way.

     

    The install itself does not need UAC and as mentioned above, user based installers already understand that.

     

    Best Regards,

    Farena


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Not a true statement...Turning UAC OFF, the user CAN install software without being prompted, that is what UAC does...
    Monday, July 22, 2019 1:23 PM
  • Hi,

     

    UAC has a slider to select from four levels of notification.The slider will never turn UAC completely off.

     

    If you set it to Never notify(Disable UAC prompts), it will:

     

    Keep the UAC service running.

    Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.

    Automatically deny all elevation requests for standard users.

     

    For your reference:

    How User Account Control works

     

    Best Regards,

    Farena


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, July 23, 2019 6:59 AM
  • Hi,

     

    UAC has a slider to select from four levels of notification.The slider will never turn UAC completely off.

     

    If you set it to Never notify(Disable UAC prompts), it will:

     

    Keep the UAC service running.

    Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.

    Automatically deny all elevation requests for standard users.

     

    For your reference:

    How User Account Control works

     

    Best Regards,

    Farena


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Yes, but a 'Standard User' can NOT turn down the slider all the way, only an Admin can...
    Tuesday, July 23, 2019 12:25 PM
  • Hi,

     

    As you said, you must be logged as an administrator of this computer to select this setting.

     

    See also: Security considerations for AppLocker

     

    Best Regards,

    Farena


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 25, 2019 7:04 AM