Hi On my 2008R2 servers, i want to keep UAC on. I've a .bat script launched by an account member of the Domain Administrators Group but i've the following result , for example: C:\>net user log /delete System error 5 has occurred. Access is denied. I've change the following security but same result : User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode : Elevate without prompting It's only successfull if i launch the script with the Administrator local account ... Thanks for your help

Hi, The local built-in administrator has the highest privilege and no UAC prompts up by design. Based on the current situation, I would like to suggest you check if the GPO is applied normally. Would you please send me more information for analyzing. For your convenience, I have created a workspace for you. You can upload the information files to the following link. (Please choose "Send Files to Microsoft") Workspace URL: https://sftasia.one.microsoft.com/choosetransfer.aspx?key=224fcee6-2330-4789-ae15-2360fe39f51d Password: @n_uHY_$yC Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken. Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser. Meanwhile, please note that files uploaded for more than 72 hours will be deleted automatically. Please ensure to notify me timely after you have uploaded the files. Thank you for your understanding. Collect GPMC log ============== 1. On domain controller, click Start -> Run, type GPMC.MSC, it will load the GPMC console. If the GPMC snap-in is not installed. 2. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper user in the wizard) 3. Right click the resulting group policy result and click the "Save Report…" => save report and upload it to the link I provided. Collect gpresult output ============== 1. Run the command gpresult /v >C:\gpresult.txt. 2. Upload the C:\gpresult.txt to the above link. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Thanks for your return. For your information, i've change the User Account Control setting locally, directly trough gpedit.msc (just for quick test). This new setting applied normally since when i launch regedit, for example, i've no prompt anymore with an account member of the Domain Administrators Group .. .but still the error with net user log /delete command

Hi Any ideas whith my las update ? Thx

Hi, Please do not use any Group Policy to control UAC, and then log onto the computer with the domain administrator account. Use this administrator to open Control Panel\User Accounts\User Accounts\Change User Account Control settings and disable it. After that, restart the computer and login with the domain administrator again to test the issue and determine if this behavior is related to UAC. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.