Help, I have one computer a new Windows 7 sp1 enterprise install that is not displaying UAC elevated prompt. All the other computers on my network prompts standard and admin users for elevated credentials when running a program marked as elevated only or when selecting the runas administrator option. This is how I install programs within my network. For some reason on this computer both when logged in as a domain admin or when logged in as a standard user, the elevated prompt does not come up. If I select a program and choose run as administrator, the program tries to run and then fails due to lack of permission. This is true regardless of who I am logged in as. What could be causing this. And how do I fix it. I am ready to start over and re-install, but I want to be sure I don't come full circle and end up with this issue again. Please advise (it is very frustrating) Note: I have checked and it does not look like any unique GP are applied to the users or computer.Fred Zilz

Make sure computer is not in the default "Computers" container. If it is move it to appropriate OU.

The computer is not in the default Computers OU, but I am curious as to why you mention this. What about the default OU might impact what I am seeing for this computer. Fred Zilz

This line is what made me anwser with that direction. Note: I have checked and it does not look like any unique GP are applied to the users or computer. The default "Computers" is a conatiner not an OU. If you are using GPOs to manage your computers, they can not be in the "Computers" container. While the computer is in this location no GPO will be able to apply to it. GPOs can not be linked to "Computers" container. So if you are using GPOs to set UAC behaviour then while the computer is in "Computers" conatiner you will not be able to set it via GPO. However you should be able to set it manually.

Hi, Have you confirmed UAC function is enabled on the computer? If so, please check the related registry. You can refer to: UAC Group Policy Settings and Registry Key Settings http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx Meanwhile, to avoid any third party software confliction, please perform clean boot to check the result. Niki TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here Niki Han TechNet Community Support

Brano - I understand your logic now, Thank you. And yes the computer is in an OU and not in the default computers container. Niki - I will confirm status of UAC and Registry settings and report back. It is so strange. I install Win7 on similar harware on a regular basis. I can not figur out what is different. The only thing new on my network is SCCM 2012 (used SCCM 2007 up until last week). I guess it is possible, that I have some policy from System Center being applied, but I have not seen this behavior on any of the other computers that have the SCCM 2012 client and endpoing protection installed.Fred Zilz

Check this link out, you can even grab the settings from working machine export and then import on none working machine. http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx Registry key settings The registry keys are found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System. For information about each of the registry keys, see the associated Group Policy description. Registry Key Group Policy setting Registry settings FilterAdministratorToken User Account Control: Admin Approval Mode for the built-in Administrator account 0 (Default) = Disabled 1 = Enabled EnableUIADesktopToggle User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop 0 (Default) = Disabled 1 = Enabled ConsentPromptBehaviorAdmin User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode 0 = Elevate without prompting 1 = Prompt for credentials on the secure desktop 2 = Prompt for consent on the secure desktop 3 = Prompt for credentials 4 = Prompt for consent 5 (Default) = Prompt for consent for non-Windows binaries ConsentPromptBehaviorUser User Account Control: Behavior of the elevation prompt for standard users 0 = Automatically deny elevation requests 1 = Prompt for credentials on the secure desktop 3 (Default) = Prompt for credentials on the secure desktop EnableInstallerDetection User Account Control: Detect application installations and prompt for elevation 1 = Enabled (default for home) 0 = Disabled (default for enterprise) ValidateAdminCodeSignatures User Account Control: Only elevate executables that are signed and validated 0 (Default) = Disabled 1 = Enabled EnableSecureUIAPaths User Account Control: Only elevate UIAccess applications that are installed in secure locations 0 = Disabled 1 (Default) = Enabled EnableLUA User Account Control: Run all administrators in Admin Approval Mode 0 = Disabled 1 (Default) = Enabled PromptOnSecureDesktop User Account Control: Switch to the secure desktop when prompting for elevation 0 = Disabled 1 (Default) = Enabled EnableVirtualization User Account Control: Virtualize file and registry write failures to per-user locations 0 = Disabled 1 (Default) = Enabled

It turns out that the UAC was set to do not prompt - OFF. I am not sure how it was set to that. In fact a checked my next client install and it has it set at the default settings which is turned on. Very strange. Thank you for pointing me in the right direction on this. I was looking through GPreusults and looking for how securedesktop or the prompt for credentials could be blocked and not look at the obvious - is UAC on. Fred Zilz