GPO can be a tricky beast. Even when you think you've disabled by moving the slider in the GUI down to zero, turns out it still runs. Although it's not best practice by any means, it is possible to totally disable UAC through the application of a Group Policy Preference to the Computer Configuration. It's worth noting that you best have a rock solid need to do this since fuilly disabling UAC can leave you much more open to malicious mischief.
>Open GPO
>Create a new GPO or Edit an exisiting one
>Drill down to
Computer Configuration > Preferences > Windows Settings > Registry
>RC on the Registry and choose New > Registry Item
>Select the browse button next to the Key Path section (the small box with "...." in it)
>Drill down to the following locaiton:
HKLM\Software\Microsoft\Windows\Current Version\Policies\System
Select the EnableLUA key
Then set the Value Data to 0 (default setting is 1)
>OK the New Registry Properties dialogue box and then exit the Group Policy Editor
Your new/amended policy can then be linked to the OU containing the clients. If you only need to apply it to certain machines then you can add those machine names under the Security Filtering window by clicking on Add...
No comments:
Post a Comment