Where I work, our group policy disables UAC for the handful of users that don't know how to make certain applications work with UAC enabled. I don't need UAC to be disabled. Is there a way I can set permissions on keys in the registry or something so that I can enable UAC and keep it enabled even though the group policy is configured to disable it?
Thanks
Group policies are there so that users can't randomly change things themselves. The problem with UAC is that changes are only applied when you reboot your pc and then the Group Policy applies again disabling the UAC.
I would very strong advise against changing regkeys permissions but if you would especially because the UAC key is found under the system subkey of the local machine and would probably yield very undesirable results.
What you can do, if you are the sysadmin, is create a separate OU for computers that would like UAC to be enabled and copy all group policies over except the one disabling the UAC. Then you can configure the UAC as you like.
I highly recommend taking a look at the Microsoft Application Compatibility Toolkit (ACT). This tool is specifically designed to allow legacy or poorly-written applications which do not properly function under newer operating systems and their improved security model. You can create an ACT configuration for any application, and then deploy it via Group Policy,
In my environment, we use several legacy application which don't properly conform to the newer Windows security model, specifically UAC. ACT allows us to configure that application to bypass UAC prompts under certain circumstances.
