UAC Override Policy

By creating a User Access Control (UAC) Override Policy you can override UAC prompts for end-users. You can create custom messages that require users to submit a reason for requesting administrator rights, which replace UAC prompts for credentials.

Using the Default Policy

1. Under Computer Groups search for User Access Control (UAC) Override Policy (Sample).

   

   The UAC Override Policy is a read-only item, that allows standard user to provide a justification for elevation instead of seeing the UAC prompt.

   

2. To edit this policy, you need to make a copy and assign a different name, to do so click Duplicate.

3. Under Computer Groups Targeted you may change the targeted endpoints.

4. Under Conditions you edit the

   • Application Targets
   • Inclusion Filters
   • Exclusion Filters

5. Under Actions you can edit

   • the available actions for the policy like
     • the Justify Application Elevation Action
     • the Add Administrative Rights Action
     • the Suppress User Account Control Consent Dialog (Legacy) Action. Only used with Agent versions 10.4 and older.
   • if you want to Audit Policy Events (as a learning mode/monitoring feature)
   • you can add Child Actions.

6. Click Save Changes, if you created a copy and made edits.

7. Set the Inactive switch to Active.

By default the UAC Override Policy has a priority setting of 15.

Targeting MSI

1. Create a new elevation policy that targets the MSIElevateHost.exe application. Other filters can be added to target a secondary MSI file or command if desired, but it is not required.
2. Add the Add Administrator Rights action; as well as one of the message actions such as Justification or Approval.