Recently Browsing 0 members
No registered users viewing this page.
So trying to get Windows 8.1 and Windows 10 apps to work with UAC enabled via group policy. Did some digging around and the following policy settings sets my test client UAC settings to the 3rd level. So I know the policy is being applied but the damn camera app, and other apps, are not working. When trying to open I get the annoying prompt that UAC must be enabled in order for the app to load. I double checked UAC on the client and it is indeed set to level 3 but for some damn reason, the PC still sees it as disabled.
Any ideas on this? It is really fricking annoying. UAC is disabled for all Windows 7 machines (just what my work has done, don't really want to discuss this part) so I created a different OU in AD for testing enabling UAC. This is the only GPO that is in use for the test group.
Admin Approval Mode for the Built-in Administrator account = Disabled Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent for non-Windows binaries Behavior of the elevation prompt for standard users = Prompt for credentials Detect application installations and prompt for elevation = Enabled Only elevate executables that are signed and validated = Disabled Only elevate UIAccess applications that are installed in secure locations = Enabled Run all administrators in Admin Approval Mode = Enabled Switch to the secure desktop when prompting for elevation = Enabled Virtualize file and registry write failures to per-user locations = Enabled
I know that it's technically a bad practice to embed in the manifest file to require administrator rights but I'm not sure what else to do. I know you can make it to where a process within the program requires admin rights but that is not an option since the process would run every 15 min and the user would have to click accept each time (that would drive me nuts). I have to write to a various number of folders that the user has specified in various parts of their computer (program files, my documents, etc). Program files will not let me write to any of the folders without admin rights (which makes sense I guess). So currently I'm embedding in the program the manifest file to require admin rights. Am I stuck with this option? I have a backup program which backs up my client data, I have no way of knowing ahead of time which folders they will write to.