How to enable a user to bypass any UAC pop ups

Super Contributor

Hi all,


How do I enable a specific user to bypass UAC? When using intune (Cloud only)


Please help!



9 Replies
Hi, thanks for this but doesnt seem to work for me.

I have done:
Name: UAC Elevation Prompt For Standard Users.

Description: This policy setting controls the behavior of the elevation prompt for standard users.

OMA-URI: ./Vendor/MSFT/Policy/Config/ LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers

Data Type: Integer

Value: 1

I have set to a device group containing the device needed. Other than it saying succeeded I dont know how to check if its actually set correctly on the device.

Is there another way we can get user to bypass UAC ?
But what is the reason for it and is the user an admin of does the user want to start something that normally would prompt for elevation/UAC?
The user isn’t an admin but the user can become an admin if needed but which sort of admin can bypass UAC?

The app they are trying to use requires run as admin to open
Not sure what the best solution would be, but a shortcut to the program with the Run as administrator checkbox isn't enough? Are you going to make the user admin on it's machine for this?
For some reason this app only allows the person who has installed the app open it. As I installed manually as I was struggling deploying through intune.

Yes I was thinking thats best but not sure how to make the user admin as I user AAD only log ins. So is there away too make the user an admin for the device via the intune portal?
Global Admins and Device Administrators are put in the Administrators group automatically on every device, but you don't want to make that user admin using the Device Administrators group on every machine.

You can add a Azure AD user to the local admin group on one pc by using:

net localgroup administrators /add "AzureAD\UserUpn"

or by using this

Create a config for one or more users for a set of computers (or all devices), replace the two SID's with the ones that are already present in de local administrators group (Those are the SID's of the Global Admin and Device Administrator group)
best response confirmed by AB21805 (Super Contributor)

@Rudy_Ooms  @Harm_Veenstra  Thank you both!


I used the CSP:



<accessgroup desc = "">

<group action = ""/>

<add member = ""/>

<remove member = ""/>