Category: User Account Control

UAC settings when remote controlling Windows clients to prevent screen freezing

One very common problem that I encounter every now and then with customers and when doing Windows training is the fact that remote controlling computers causes a freeze in the remote session when UAC kicks in. By default, UAC prompts for elevation on something called the secure desktop, and that effectively blocks any remote input.

This problem can be fixed by changing the necessary UAC settings. Just as a note; Never ever turn off UAC!

Configure UAC to allow for remote support by setting the following GPO settings under Computer Configuration / Policies / Administrative Templates / Windows settings / Security settings / Local policies / Security Options node:

User Account Control: Switch to the secure desktop when prompting for elevation policy = Disabled
User Account Control: Allow UIAccess application to prompt for elevation without using the secure desktop policy = Enabled

HOW TO: Troubleshoot Windows Store Apps that are not working correctly in Windows 8

The new framework and infrastructure around apps in Windows 8 brings some new challenges to deal with. To start with you cannot turn off User Account Control if you want to use the modern apps in Windows 8, but there are more going on behind the scenes that are essential to the working of Windows Store Apps.

When a problem do occur Microsoft provide a nifty little troubleshooter tool for Windows Store Apps, download and run the tool from:

More UAC stuff making confusion in Windows 7

I get many questions about the confusing problem with mapped network connections not being available when running for instance cmd.exe as an administrator even though the account is the same one being used when the cmd.exe is run with standard rights and everything works splendid.

The cause of this is UAC and the fact that you have multiple security tokens and that the mapped network drives are linked to the standard user token and not the administrator token. The solution is to enable “Linked Connections”, see the KB article 937624 for more information on how to set this value.

Also read the case of some other mysterious problems or behaviors when UAC is en effect.

Turn off UAC in a domain using Group Policies

Some people for whatever reason want to turn off UAC for all or certain computers in a domain using Group Policies. This is done by setting the Computers Configuration > Windows Settings > Local Policies > Security Options > User Account Control: Run all administrators in Admin Approval Mode to disabled. As usual when turning off UAC a reboot is required for the changes to take effect.