none
Active Directory clients cannot use some software (Run as Administrator Issue)

    Question

  • Hi Experts,

    We have an Domain controller (Windows 2008 R2)  installed with all AD group policy implemented. We are facing an weird issue that as we use SQL or Visual Studio 2012 or later one, these all software require option "Run As Administrator" to run all options incorporated in them. Now as AD Client there are some specific rights restriction due to Group Policy. Also whenever we run these software in administrator mode, it asks for the Domain Admin permission. How can this issue be resolved as we cannot convert all users to admin mode. Any help will be really appreciable. Thanks in advance.

    Regards,

    Mandeep Sahani


    Thursday, September 17, 2015 7:17 AM

Answers

All replies

  • It looks like the UAC Group Policy Settings are not properly defined in your environment.
     
    Take a look at this TechNet article which has a detailed description of each UAC Group Policy Setting and make updates according to your needs:
     
    https://technet.microsoft.com/en-us/library/dd835564%28v=ws.10%29.aspx
     
    Hope this helps.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Friday, September 18, 2015 7:27 AM
    Moderator
  • Update the settings to a non "Prompt for credentials " option.

    Friday, September 18, 2015 7:45 AM
  • Hi Ethan,

    Thanks for the help, but wouldn't this option will make all programs to run in admin mode and make Virus or spyware program to run automatically in admin mode?

    Please assist if i am wrong.

    Regards,

    Mandeep

    Friday, September 18, 2015 10:56 AM
  • I assume you mean Admin Approval Mode, it will actually help prevent malicious programs from silently installing without an administrator's knowledge.
     
    When Admin Approval Mode is enabled, an administrator receives two separate access tokens, a full access token and a second access token, called the filtered access token. Applications, by default, will run with the filtered access token which has no access over core, protected areas of the computer.
     
    More reference: https://technet.microsoft.com/en-us/library/cc772207(WS.10).aspx
     
    Hope this helps.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Monday, September 21, 2015 4:32 AM
    Moderator