Hi everyone, Just a quick question, to see if anyone has seen this before, or knows how to rectify this. I've recently started testing the Cisco AnyConnect VPN client and have set up certificate and RADIUS authentication for this. First off, the client checks the computer has a valid CA and computer certificate in it's local certificate store. It does. Then if all OK, it asks for domain credentials to validate against RADIUS (NPS). Everything is working absolutely fine, with windows 7 UAC turned off. If I turn UAC on, the certificate authentication fails. My guess, if that the local non-admin user running the application, or the application itself doesn't have the rights to check the machine certificate store. Is there something I can set in group policy, so that no matter what level UAC is turned on at, the application can check the certificate store on the local machine, or I can allow access to the cert store at all times, regardless of UAC? Many Thanks, Dean.

Hi, UAC makes the user token to be split. There is not any setting in Group Policy that can change this behavior. You may try to lauch Cisco Anyconnect client with administrative priviledge for a test, if it has no avail, the only resolution I think is to turn of UAC. Juke Chou TechNet Community Support

Hi, UAC makes the user token to be split. There is not any setting in Group Policy that can change this behavior. You may try to lauch Cisco Anyconnect client with administrative priviledge for a test, if it has no avail, the only resolution I think is to turn of UAC. Juke Chou TechNet Community Support