Disable users from elevating certain applications?
Hello, I was wondering if it is possible to disable the possibility of UAC elevation for certain applications? For instance, some users in our environment will had admin rights. However we do not want them to be able to elevate certain applications, such as the registry or various control panel applets. I understand applications can be blocked using AppLocker but for the registry it would be nice if they could access it, just not with elevated privileges. I also understand that UAC can be disabled for applications, but we do not want the application to be launched automatically with elevated privileges. So basically, when they launch a certain application their is no prompt to elevate it, it just opens with standard privileges. Any help would be greatly appreciated. Thank you.
April 8th, 2010 9:13pm

I am not certain this will work for every case, but I tried it with Alcohol 120% (which requires elevated permissions to run). Right click on the application, chose properties, open the compatibility tab and de-select "run as administrator", this should prevent a program from attempting to run with elevated permissions. One downside to this is that it does not prevent a capable user from undoing such changes. If that is necessary, I suggest placing a password on the administrator account (if there is not one already) which would prevent them from opening the program as an administrator if they were inspired to change the setting. As mentioned before though, some programs like Alcohol 120% require elevated permissions to run, if the user was locked out of the administrator account, they would not be able to run these programs without entering the password. Hope this helps! Brandon
Free Windows Admin Tool Kit Click here and download it now
April 10th, 2010 3:02am

Thanks for responding. Your solution makes sense - however we're a large environment and would need to deploy this solution to many users, so manually changing the "run as administrator" option will not work for us. Basically these users will have an admin password, because they will be required to elevate certain applications. We just don't want them to be able to elevate all applications.
April 26th, 2010 6:09pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics