We've got an application (Avaya Phone Manager) which we can install fine when logged in as the domain administrator account (mycompany\administrator) but when a user who has local administration rights tries to do the same, the installation fails.So in diagnosing this, I created another domain account called mycompany\it.support and added it to the mycompany\domain admins group. I also added it to the builtin\administrators group just in case but suspect this isn't needed as company\domain admins is already a member of builtin\administrators.I technically now have two domain administrator accounts that I thought should have identical rights. But I don't think they are the same. I'm still unable to install Avaya Phone Manager when logged in using this new mycompany\it.support account.I then noticed that the UAC prompt occurs more with the mycompany\it.support account than it does with the mycompany\administrator account.For example, try to create a folder called "Temp" under C:\ProgramData\Microsoft\Windows\Start Menu. With the administrator account, it just creates. With the it.support account, the "Destination folder access denied" message pops up and one has to allow the operation.My guess is that the domain administrator account is special and always has full rights whereas even an account added to "domain admins" still has to trigger the UAC. Barking up the right tree?Associated, how do you know when the UAC is going to trigger? For example, look at the security on the C:\ProgramData\Microsoft\Windows\Start Menu and it infers that localpc\administrators has full access. As domain admins is a member of this group, that it.support account should have full access and it indeed does once one accepts the UAC.Cheers, Rob.

Hi Rob, I would like to share you the following useful article about User Account Control. What is User Account Control If you would like to install an application without the warning message, I suggest you add the user account to both Administrators group on the local machine and domain Administrators group. Thanks, Novak

Bear in mind that as-supplied, ONLY the local account called Administrator is free from UAC prompts. Other local accounts are not really Administrators (even if they say they are) if UAC is on. As for the problems you should contact the supplier about them, clearly the software cannot be run as a limited user. Otherwise, you would be better to turn off UAC rather than running as a Domain Admin, as the latter is a far bigger security risk than running as a local Administrator. (If the user is a Domain Admin they can remotely alter settings on any domain server)