locked
Performance/stability issues when reenabling UAC RRS feed

  • Question

  • We had a rather complex issue hit us yesterday.

    We have a large number of users that aren't particularly technologically "savvy" which meant way back in 2007 when we started rolling out a few Vista machines to some of our departments and branches we made the decision to disable UAC via Group Policy thoughout our domain as the constant prompting that Vista's implementation of UAC spawned was causing too many support calls - far more than dealing with the ramifications of slightly less secure systems.

    We didn't get around to revisiting UAC through Windows 7's launch until two days ago when we configured our first two Windows 8 machines.

    Upon connecting the machines to the domain we discovered that IE10 has the limitation that it will not run if UAC is turned off. We decided that perhaps now was the time to reenable UAC as we only have a small number of Vista machines left in the company and Windows 7's implementation is fart less cumbersome. So we disabled that particular GP setting.

    Whoa!!

    Yesterday turned into a nightmare. We were receiving countless complaints that web pages wouldn't display, users couldn't couldn't reach the Internet, some of our third party applications stopped communicating, overall unresponsiveness and some of our remaining Vista machined even refused to allow the user to log on. They'd get "Welcome" immediately turning into "Logging Off" ! Of course these issues didn't affect all our machines. It was seemingly random.

    Once UAC had been disabled/turned down to minimum on the particular computer, the issues disappeared. We obviously re-enabled our GP setting again yesterday afternoon. 

    The computers work perfectly well with UAC on before they are connected to our domain. 

    Any thoughts as to why enabling UAC should cause such mayhem and do we really have to go through the process of creating a separate OU for our Win8 machines so that we can exclude the UAC disabling policy? It'd be nice if we could enable UAC like is should be, but no way if it's going to cause the same issues as we saw throughout our enterprise yesterday.

    Friday, November 16, 2012 2:10 PM