none
UAC Not Working on Windows 10 -- Should I advise Not To Upgrade? RRS feed

  • Question

  • This is a duplicate since no one from Microsoft replied to the original thread and this is a significant security problem.

    I have a number of clients trying to decide whether or not to move to Windows 10 and this problem indicates it would not be good from a security standpoint.

    Surface Pro 2 512GB Running Windowsn10 Pro x64

    I normally run as a standard (non-administrator) user.  I noticed that I was not getting a UAC prompt when I started Computer Management.  I checked the Application log and found:
     Fault offset: 0x0000000000002dc1
     Faulting process id: 0xbf0
     Faulting application start time: 0x01d1f7de3fe96154
     Faulting application path: C:\Windows\system32\MusNotificationUX.exe
     Faulting module path: musdialoghandlers.dll
     Report Id: fd2b159e-211d-492d-a600-7859cdbfdb10
     Faulting package full name:
     Faulting package-relative application ID:
     Event Xml:
     <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
       <System>
         <Provider Name="Application Error" />
         <EventID Qualifiers="0">1000</EventID>
         <Level>2</Level>
         <Task>100</Task>
         <Keywords>0x80000000000000</Keywords>
         <TimeCreated SystemTime="2016-08-16T20:38:59.616877800Z" />
         <EventRecordID>31747</EventRecordID>
         <Channel>Application</Channel>
         <Computer>NYW10X64-0014</Computer>
         <Security />
       </System>
       <EventData>
         <Data>MusNotificationUX.exe</Data>
         <Data>10.0.10586.494</Data>
         <Data>5775e919</Data>
         <Data>musdialoghandlers.dll_unloaded</Data>
         <Data>10.0.10586.494</Data>
         <Data>5775e9ee</Data>
         <Data>c0000005</Data>
         <Data>0000000000002dc1</Data>
         <Data>bf0</Data>
         <Data>01d1f7de3fe96154</Data>
         <Data>C:\Windows\system32\MusNotificationUX.exe</Data>
         <Data>musdialoghandlers.dll</Data>
         <Data>fd2b159e-211d-492d-a600-7859cdbfdb10</Data>
         <Data>
         </Data>
         <Data>
         </Data>
       </EventData>
     </Event>


    What is going on?


    <a href="http://www.saberman.com">http://www.saberman.com</a>

    Monday, August 22, 2016 6:21 AM

Answers

  • Hi Saberman,

    Thank for your feedback on this issue.

    I have also check by accesschk tool and see that whether I run it directly or run As admin, the privileges are the same, it doesn't like what I have done for notepad:

    Accesschk v5.11 - Reports effective permissions for securable objects
    Copyright (C) 2006-2012 Mark Russinovich
    Sysinternals - www.sysinternals.com
    
    [312] mmc.exe
      High Mandatory Level [No-Write-Up, No-Read-Up]
      RW BUILTIN\Administrators
      RW NT AUTHORITY\SYSTEM
    [3000] mmc.exe
      High Mandatory Level [No-Write-Up, No-Read-Up]
      RW BUILTIN\Administrators
      RW NT AUTHORITY\SYSTEM
    
    
    [4336] notepad.exe
      Medium Mandatory Level [No-Write-Up, No-Read-Up]
      RW FAREAST\v-katl
      RW NT AUTHORITY\SYSTEM
    [244] notepad.exe
      High Mandatory Level [No-Write-Up, No-Read-Up]
      RW BUILTIN\Administrators
      RW NT AUTHORITY\SYSTEM
    

    I will feedback this issue also in our platform.


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 25, 2016 11:38 AM
    Owner

All replies

  • What is your build number? In 1607 / 14xxx there are some major changes to UAC. So if you´re now using 1607, go and test this in 1511 (ver 10586).

    Also, how did you configure UAC? What are the GPO settings for that? I assume everything works with Win7, using same GPOs?

    Monday, August 22, 2016 6:46 AM
  • Build is 10586

    Only policy set is:
    GPEDIT.MSC
     "Computer Configuration\Administrative Templates\Control Panel\Personalization"
      Enable the GP "Force a specific default lock screen image"

    Other Windows 10 Pro x64 machines' UAC working with the above.

    There isn't a domain controller -- just a router.


    <a href="http://www.saberman.com">http://www.saberman.com</a>

    Monday, August 22, 2016 4:05 PM
  • I normally run as a standard (non-administrator) user.  I noticed that I was not getting a UAC prompt when I started Computer Management. 

    As I know, Win10 has no serious changes in UAC configuration, compared to Win7. Maybe you could re-enabled it. I found these command lines, maybe they will work in Win10 too?

    http://www.howtogeek.com/howto/windows-vista/enable-or-disable-uac-from-the-windows-vista-command-line/

    Monday, August 22, 2016 7:16 PM
  • It is set to always notify.

    Besides, I do get a UAC prompt for other things like running regedit.


    <a href="http://www.saberman.com">http://www.saberman.com</a>

    Monday, August 22, 2016 8:49 PM
  • I normally run as a standard (non-administrator) user.  I noticed that I was not getting a UAC prompt when I started Computer Management. 

    As I know, Win10 has no serious changes in UAC configuration, compared to Win7. Maybe you could re-enabled it. I found these command lines, maybe they will work in Win10 too?

    http://www.howtogeek.com/howto/windows-vista/enable-or-disable-uac-from-the-windows-vista-command-line/

    In Windows 7 you could disable UAC, you can't do that in Windows 10 anymore as it breaks the AppStore (and apps), that is at least one important change...

    Jack

    Monday, August 22, 2016 8:54 PM
  • I am not trying to turn it off -- I am trying to find out why it is broken.  Still waiting for a Microsoft response.

    <a href="http://www.saberman.com">http://www.saberman.com</a>

    Monday, August 22, 2016 9:07 PM
  • Yes, I can see this behavior too - computer management console opens without UAC prompt for a standard user. Why this is bothering you? :)
    Tuesday, August 23, 2016 3:52 AM
  • Why this is bothering you?
    1. It only happens on one machine where C:\Windows\system32\MusNotificationUX.exe is aborting
    2. There are things in Computer Management that non administrators should not have access to.
    3. No one from Microsoft is concerned about this security breach.  This implies that Microsoft is no longer interested in security.

    The third item is the worse. It appears that in the rush to have Windows as a service Microsoft is willing to have all of its current customers hacked.


    http://www.saberman.com

    Tuesday, August 23, 2016 6:28 AM

  • 2. There are things in Computer Management that non administrators should not have access to.

    I recall, that even in Windows 7, user is able to access Device Manager, but he can´t do anything there, only view. If a user is opening Computer Manager, he will get UAC prompt, and without admin password, he still be able to open the console. This is default behavior, even with UAC.

    You can check, if you would be update drivers as a user - I doubt you can.

    Sure I might be wrong, but this is how I recall the behavior...

    Tuesday, August 23, 2016 7:19 AM
  • >If a user is opening Computer Manager, he will get UAC prompt,
    The problem is there isn't any UAC prompt.  This also means that to actually make changes I have to log into the machine with an account that is a member of the Administrators group which I do not like to do.  With the UAC prompt I can simply select an Administrator account, supply the password and make changes.

    The point still is UAC is aborting on the machine and no one from Microsoft seems to care.


    http://www.saberman.com

    Tuesday, August 23, 2016 7:17 PM
  • You might want to check the Application log for MusNotificationUX.exe aborting.

    http://www.saberman.com

    Tuesday, August 23, 2016 7:22 PM
  • This also means that to actually make changes I have to log into the machine with an account that is a member of the Administrators group which I do not like to do. 

    So will the "Menu" -> "Run ad admin" - menu work for you then?
    Tuesday, August 23, 2016 8:33 PM
  • >So will the "Menu" -> "Run ad admin" - menu work for you then?
    I am not sure what you mean.  If I right click on the Widows icon and then right click on Computer Manager it opens without displaying the option to run as an administrator.

    I still don't understand why no one from Microsoft is interested in this.  I guess Microsoft is not interested in security issues in Windows 10.


    http://www.saberman.com

    Wednesday, August 24, 2016 5:21 AM
  • On every icon you have in start menu or desktop, you have the option to run as administrator. You should see it. It´s behind "More" node.
    Wednesday, August 24, 2016 5:44 AM
  • > It´s behind "More" node.
    I don't have a "More" node.  Please provide a screen shot for Computer Management.

    http://www.saberman.com


    • Edited by saberman Wednesday, August 24, 2016 6:05 AM
    Wednesday, August 24, 2016 6:04 AM
  • Wednesday, August 24, 2016 6:29 AM
  • That is a workaround for avoiding having to log in with an administrator userid.  However, the bug is still there and Microsoft doesn't care.

    BTW, did you check the Application log to for MusNotificationUX.exe aborting?


    http://www.saberman.com

    Wednesday, August 24, 2016 6:48 AM
  • Hi Saberman,

    Thank for your feedback on this issue.

    I have also check by accesschk tool and see that whether I run it directly or run As admin, the privileges are the same, it doesn't like what I have done for notepad:

    Accesschk v5.11 - Reports effective permissions for securable objects
    Copyright (C) 2006-2012 Mark Russinovich
    Sysinternals - www.sysinternals.com
    
    [312] mmc.exe
      High Mandatory Level [No-Write-Up, No-Read-Up]
      RW BUILTIN\Administrators
      RW NT AUTHORITY\SYSTEM
    [3000] mmc.exe
      High Mandatory Level [No-Write-Up, No-Read-Up]
      RW BUILTIN\Administrators
      RW NT AUTHORITY\SYSTEM
    
    
    [4336] notepad.exe
      Medium Mandatory Level [No-Write-Up, No-Read-Up]
      RW FAREAST\v-katl
      RW NT AUTHORITY\SYSTEM
    [244] notepad.exe
      High Mandatory Level [No-Write-Up, No-Read-Up]
      RW BUILTIN\Administrators
      RW NT AUTHORITY\SYSTEM
    

    I will feedback this issue also in our platform.


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 25, 2016 11:38 AM
    Owner