Capture

This app can’t open UAC turned off – UAC Settings (Group Policy)

I started testing several Windows 8 devices in my environment and normally for administrators I turn off User Account Control (UAC) to avoid the annoying prompts. However, Windows 8 requires UAC to be turned on in order for many of the Store apps to work. It was challenging to find the correct settings until I found this post by Ronnie Vernon. Here are the settings that control the different levels of UAC in Group Policy and what I selected for my environment.

User Account Control is found in Group Policy under
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies/Security Options -> User Account Control
Capture

 

 

 

 

**************************************************************************
I chose Level 2 (for the Admins) which prompts but doesn’t dim the desktop (allowing apps to function correctly) and Level 3 for the standard users.
Capture

 

 

 

 

 

 

**************************************************************************

LEVEL 1
Never notify me when:
Programs try to install software or make changes to my computer.
I make changes to Windows settings.

***

Admin Approval Mode for the Built-in Administrator account = Disabled
Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled
Behavior of the elevation prompt for administrators in Admin Approval Mode = Elevate without prompting
Behavior of the elevation prompt for standard users = Prompt for credentials
Detect application installations and prompt for elevation = Enabled
Only elevate executables that are signed and validated = Disabled
Only elevate UIAccess applications that are installed in secure locations = Enabled
Run all administrators in Admin Approval Mode = Disabled
Switch to the secure desktop when prompting for elevation = Disabled
Virtualize file and registry write failures to per-user locations = Enabled

———————————————

LEVEL 2
Notify me only when programs try to make changes to my computer (do not dim my desktop)
Don’t notify me when I make changes to Windows settings

***

Admin Approval Mode for the Built-in Administrator account = Disabled
Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled
Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent for non-Windows binaries
Behavior of the elevation prompt for standard users = Prompt for credentials
Detect application installations and prompt for elevation = Enabled
Only elevate executables that are signed and validated = Disabled
Only elevate UIAccess applications that are installed in secure locations = Enabled
Run all administrators in Admin Approval Mode = Enabled
Switch to the secure desktop when prompting for elevation = Disabled
Virtualize file and registry write failures to per-user locations = Enabled

——————————————-

LEVEL 3
Default – Notify me only when programs try to make changes to my computer.
Don’t notify me when I make changes to Windows Settings

***

Admin Approval Mode for the Built-in Administrator account = Disabled
Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled
Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent for non-Windows binaries
Behavior of the elevation prompt for standard users = Prompt for credentials
Detect application installations and prompt for elevation = Enabled
Only elevate executables that are signed and validated = Disabled
Only elevate UIAccess applications that are installed in secure locations = Enabled
Run all administrators in Admin Approval Mode = Enabled
Switch to the secure desktop when prompting for elevation = Enabled
Virtualize file and registry write failures to per-user locations = Enabled

————————————————

LEVEL 4
Always notify me when:
Programs try to install software or make changes to my computer
I make changes to Windows settings

***

Admin Approval Mode for the Built-in Administrator account = Disabled
Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled
Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent on the secure desktop
Behavior of the elevation prompt for standard users = Prompt for credentials
Detect application installations and prompt for elevation = Enabled
Only elevate executables that are signed and validated = Disabled
Only elevate UIAccess applications that are installed in secure locations = Enabled
Run all administrators in Admin Approval Mode = Enabled
Switch to the secure desktop when prompting for elevation = Enabled
Virtualize file and registry write failures to per-user locations = Enabled