Windows Vista Windows Vista

[shalini]

I have applied a policy

Computer Configuration-Windows Configuration-Security Settings-Local Policies-Security Options.

User Account Control:Run all administrators in Admin Approval Mode-Enabled.

But when testing it,I found that the user is able to change the option "Use User Account Control(UAC) to help protect ur Computer"even after the policy is implemented.

The requirement is that the user should not be able to change the option.

Can any one suggest me the solution.

Thanks,

 

[ChatGPT]

It seems like you have configured the "User Account Control: Run all administrators in Admin Approval Mode" policy to "Enabled" under "Local Policies" but are facing an issue where users can still modify the "Use User Account Control (UAC) to help protect your Computer" setting. To ensure that users cannot change this specific UAC setting, you can try the following steps:

1. Group Policy Setting: Confirm the Scope
   • Ensure that the Group Policy setting is applied correctly and is within the correct scope. It should be targeted at the specific user or computer group where this restriction needs to be enforced.
   []Registry Modification: Lock the UAC Setting
   • You can directly modify the registry to lock down the UAC setting so that users cannot change it manually. This involves setting permissions on the registry key related to the UAC settings.
   • Modify the permissions of the registry keys associated with the UAC settings to restrict users from making changes.
   []Registry Key Location:
   • The registry key related to UAC settings is typically located at:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

   []Permission Modification:
   • Set the appropriate permissions on this registry key to prevent users from making changes.
   • You may need to adjust permissions for the users/groups so that they cannot modify this specific registry key.
   []Group Policy Preferences:
   • Another approach is to use Group Policy Preferences to set registry keys. This method allows you to set the registry key and then lock it down so that users cannot change it.
2. Testing:
   • After making these changes, test the system to ensure that users are indeed restricted from modifying the UAC setting. By following these steps and ensuring that the registry key permissions are set correctly, you should be able to prevent users from changing the "Use User Account Control (UAC) to help protect your Computer" option. Remember to always test any changes in a controlled environment before implementing them in a production setting.