Find out what does change the settings for User Account Control all the time

0

The settings of the UAC get changed by some app/program/process. As a result I can't open Edge, calculator, Windows store or any other Metro style app. If I try to open it I get

xxx can't be opened with the Built-in Administrator account

One time I saw the notification that I have to restart my PC so that the changes of the UAC can take affect. So that was the point where some app/program/process made a change. I found the following (possible related) entries in the event log:

The computer 'Administrator (built-in)' preference item in the 'Administrator rename and guest account {C2FB86B3-A1FD-494C-CA29-X309579E9ZCE}' Group Policy object did not apply because it failed with error code '0x80070524 The specified account already exists'. This error was suppressed.

Another interesting log is this

The Group Policy settings for the user were processed successfully. New settings from 20 Group Policy objects were detected and applied.

At this time EnableLUA is disabled, but I can open all Metro style apps (Edge, calculator, ...). After a restart this isn't the case anymore. Now the setting EnableLUA is working as expected.

My workaround is to set the UAC to any level, click OK and restart. Then I can open my programs again. Now I want to find out the app/program/process which is responsible for changing the UAC settings.

Working settings:

FilterAdministratorToken: 1
EnableUIADesktopToggle: 0
ConsentPromptBehaviorAdmin: 5
ConsentPromptBehaviorUser: 3
EnableInstallerDetection: 0
ValidateAdminCodeSignatures: 0
EnableSecureUIAPaths: 1
EnableLUA: 1
PromptOnSecureDesktop: 1
EnableVirtualization: 1

Non working settings:

FilterAdministratorToken: 1
EnableUIADesktopToggle: 0
ConsentPromptBehaviorAdmin: 0
ConsentPromptBehaviorUser: 3
EnableInstallerDetection: 0
ValidateAdminCodeSignatures: 0
EnableSecureUIAPaths: 1
EnableLUA: 0
PromptOnSecureDesktop: 1
EnableVirtualization: 1

windows
windows-10
active-directory
uac
group-policy
asked on Super User Apr 8, 2016 by testing • edited May 3, 2016 by testing

1 Answer

1

The error messages of your eventlog point to a GPO which gets applied and sets your UAC level.

Check your GPO in Computer Configuration\Security Settings\Local Policies\Security Options check all the settings which are described in this link: https://technet.microsoft.com/en-us/library/dd835564%28v=ws.10%29.aspx

you can see the default option for each setting on the site, compare this to you GPO. I guess Behavior of the elevation prompt for standard users alias ConsentPromptBehaviorUser is set to "Automatically deny elevation requests" which would only make sense if you're not administrator on your machine.

or Run all administrators in Admin Approval Mode alias EnableLUA is disabled. this is most of the time the case when you can't open any windows app like calculator, because since windows 10, Microsoft wants you to have UAC enabled, to use these apps.

Edit: Since we found out that EnableLUA is disabled, we can say that's where your error occurs. Most of the time, the administrator disables UAC because he/she sees it as unnecessary, doesn't want to deploy it to Win7 and Win8.1, or doesn't really know what UAC does (so better disable it, right ;-)?). it's a must have for windows 10. So I would create a GPO which targets only windows 10 PCs with the following WMI Filter: select * from Win32_OperatingSystem where Version like "10.%" keep in mind that the whole GPO with this Filter only gets deployed to windows 10.

answered on Super User May 2, 2016 by SimonS • edited May 2, 2016 by SimonS

User contributions licensed under CC BY-SA 3.0