Event banner

Windows Office Hours: February 15, 2024

Event Ended
Thursday, Feb 15, 2024, 08:00 AM PST
In-Person

Event details

Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date ef...
Char_Cheesman
Updated Feb 15, 2024
Web series
MEB2004's avatar
MEB2004
Brass Contributor
Feb 12, 2024
Is there a way to prevent admin users from changing the UAC setting, either through registry settings or Intune? We configure the "Administrator elevation prompt behavior" UAC setting through the Security Baseline. However, admin users can change or turn off UAC and this will stay until the devices syncs or is restarted. This leaves the device vulnerable for up to 8 hours. We changed this setting in the Security Baseline to "not configured" and created a configuration profile to set it. Most settings that get configured using a configuration profile are greyed out, but that is not the case for UAC.
joemclain's avatar
joemclain
Brass Contributor
Feb 15, 2024
This isn't a solution but it may be a partial workaround for you, Mike. Admin users are allowed to change UAC settings by design but if you use Intune, you can probably create a proactive remediation that checks to see if UAC is disabled and flips the switch.
  • MEB2004's avatar
    MEB2004
    Brass Contributor
    Feb 20, 2024
    Thanks joemclain. That is probably what we are going to do. We hope to implement EPM sometime this year, but it will take time.
Date and Time
Feb 15, 20248:00 AM - 9:00 AM PST