Disable Remote UAC for Local Admin/LAPS accounts

Jason Amick
  • Updated
Follow

Purpose

You want to use a Local Admin or LAPS account to manage deployments and/or scans in your environment.

Note* This is for remote management and does not change the UAC in GUI user-land. 

 

Resolution

This resolution assumes the following:

1. All Firewall policies are properly applied: Windows Firewall Ports and Exceptions

2. Recommended Antivirus Policies are properly applied: Recommended Antivirus/Antimalware Exclusions for PDQ Products

3. The Local Admin account or LAPS user credentials have been set and tested locally.

 

To disable Remote UAC, an entry will need to be made in the registry of the target computer:

Navigate to,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Create a DWORD value called LocalAccountTokenFilterPolicy and assign it a value of 1.

A reboot is recommended but not required, however, restarting the Server service is necessary.

 

See Also:
Under The Hood: How PDQ Deploy Installs Software To Remote Computers
Service Manager Access Denied

Related articles

Comments

0 comments

Article is closed for comments.