We have whitelisted the applications under low flexibility. When tried to install or uninstall any whitelisted application, UAC is prompted. Suggest any step to stop UAC prompt.
Question
How to block UAC prompt while installing or uninstalling an application?
I think a little more details is needed to give you a really good answer.
Installs and Uninstalls primarily requires Admin rights, if we provide a passive token a normal UAC will show for those application.
Then also note we have a Uninstall application type, that can allow you to create individual uninstall rules, it is not default in the QuickStart Policy.
A rule of thumb.
- Any application that can install without admin rights, can typically also uninstall without admin rights.
- If any application that is installed with Admin rights, they would also require Admin rights for the uninstall.
Without an uninstall app added and in the right group, it would typically hit “(Default) Any Application” and some (Default) Any Trusted and Signed UAC Prompts, as it kicks off a unistxxxx.exe from program files.
+1Hi Jens,
Thanks a lot for you prompt response. This would be a great help.
Actually, we have whitelisted all the applications under low flexibility, as our motto is to stop user from installing applications on their own and they should reach to service desk for installation. We have configured most of the steps during testing, we installed an application and UAC is prompting. Kindly suggest how to disable UAC prompt.
Hi Jens,
Thanks a lot for you prompt response. This would be a great help.
Actually, we have whitelisted all the applications under low flexibility, as our motto is to stop user from installing applications on their own and they should reach to service desk for installation. We have configured most of the steps during testing, we installed an application and UAC is prompting. Kindly suggest how to disable UAC prompt.
If you are seeing a native Windows UAC prompt, this would indicate that EPM is either not configured to intercept the elevation request, or it has assigned the application a Passive token where elevation is required. Can you confirm that you are seeing other EPM behavior work as expected on this endpoint?
It’s a little unclear whether the application you are describing has been added to an allowlist - if it has, can you confirm which application group it was added to and what rule action is configured for that group in the Low Flexibility workstyle?
Finally, do you see an audit event being generated by EPM for the application which causes the UAC prompt - if you do, can you confirm what action is being performed - is it running with a passive or is it elevated?
+1If you are seeing a native Windows UAC prompt, this would indicate that EPM is either not configured to intercept the elevation request, or it has assigned the application a Passive token where elevation is required. Can you confirm that you are seeing other EPM behavior work as expected on this endpoint?
Ans: Yes EPM is working as expected. When trying to install an application it is throwing a EPM message as application cannot be installed and reach to SD team.
It’s a little unclear whether the application you are describing has been added to an allowlist - if it has, can you confirm which application group it was added to and what rule action is configured for that group in the Low Flexibility workstyle?
Ans: Yes application is added to allowlist. It is added under Low Flexibility->Add Admin- Low Flexibility.
Finally, do you see an audit event being generated by EPM for the application which causes the UAC prompt - if you do, can you confirm what action is being performed - is it running with a passive or is it elevated?
Ans: Event Type- Processed
Event Action- Allowed or cancelled
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.