Purpose
You want to use a Local Admin or LAPS account to manage deployments and/or scans in your environment.
Note* This is for remote management and does not change the UAC in GUI user-land.
Resolution
This resolution assumes the following:
1. All Firewall policies are properly applied: Windows Firewall Ports and Exceptions
2. Recommended Antivirus Policies are properly applied: Recommended Antivirus/Antimalware Exclusions for PDQ Products
3. The Local Admin account or LAPS user credentials have been set and tested locally.
To disable Remote UAC, an entry will need to be made in the registry of the target computer:
Navigate to,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Create a DWORD value called LocalAccountTokenFilterPolicy and assign it a value of 1.
A reboot is recommended but not required, however, restarting the Server service is necessary.
See Also:
Under The Hood: How PDQ Deploy Installs Software To Remote Computers
Service Manager Access Denied
Comments
0 comments
Article is closed for comments.